FHIR Cross-Version Extensions package for FHIR R4 from FHIR R5
0.0.1-snapshot-2 - informative
FHIR Cross-Version Extensions package for FHIR R4 from FHIR R5
0.0.1-snapshot-2 - informative
FHIR Cross-Version Extensions package for FHIR R4 from FHIR R5 - Version 0.0.1-snapshot-2. See the Directory of published versions
| Page standards status: Informative | Maturity Level: 0 |
<CodeSystem xmlns="http://hl7.org/fhir">
<id value="permission-rule-combining"/>
<text>
<status value="generated"/>
<div xmlns="http://www.w3.org/1999/xhtml">
<p>This code system
<code>http://hl7.org/fhir/permission-rule-combining</code> defines the following codes:
</p>
<table class="codes">
<tr>
<td style="white-space:nowrap">
<b>Code</b>
</td>
<td>
<b>Display</b>
</td>
<td>
<b>Definition</b>
</td>
</tr>
<tr>
<td style="white-space:nowrap">deny-overrides
<a name="permission-rule-combining-deny-overrides"> </a>
</td>
<td>Deny-overrides</td>
<td>The deny overrides combining algorithm is intended for those cases where a deny decision should have priority over a permit decision.</td>
</tr>
<tr>
<td style="white-space:nowrap">permit-overrides
<a name="permission-rule-combining-permit-overrides"> </a>
</td>
<td>Permit-overrides</td>
<td>The permit overrides combining algorithm is intended for those cases where a permit decision should have priority over a deny decision.</td>
</tr>
<tr>
<td style="white-space:nowrap">ordered-deny-overrides
<a name="permission-rule-combining-ordered-deny-overrides"> </a>
</td>
<td>Ordered-deny-overrides</td>
<td>The behavior of this algorithm is identical to that of the “Deny-overrides” rule-combining algorithm with one exception. The order in which the collection of rules is evaluated SHALL match the order as listed in the permission.</td>
</tr>
<tr>
<td style="white-space:nowrap">ordered-permit-overrides
<a name="permission-rule-combining-ordered-permit-overrides"> </a>
</td>
<td>Ordered-permit-overrides</td>
<td>The behavior of this algorithm is identical to that of the “Permit-overrides” rule-combining algorithm with one exception. The order in which the collection of rules is evaluated SHALL match the order as listed in the permission.</td>
</tr>
<tr>
<td style="white-space:nowrap">deny-unless-permit
<a name="permission-rule-combining-deny-unless-permit"> </a>
</td>
<td>Deny-unless-permit</td>
<td>The “Deny-unless-permit” combining algorithm is intended for those cases where a permit decision should have priority over a deny decision, and an “Indeterminate” or “NotApplicable” must never be the result. It is particularly useful at the top level in a policy structure to ensure that a PDP will always return a definite “Permit” or “Deny” result.</td>
</tr>
<tr>
<td style="white-space:nowrap">permit-unless-deny
<a name="permission-rule-combining-permit-unless-deny"> </a>
</td>
<td>Permit-unless-deny</td>
<td>The “Permit-unless-deny” combining algorithm is intended for those cases where a deny decision should have priority over a permit decision, and an “Indeterminate” or “NotApplicable” must never be the result. It is particularly useful at the top level in a policy structure to ensure that a PDP will always return a definite “Permit” or “Deny” result. This algorithm has the following behavior.</td>
</tr>
</table>
</div>
</text>
<extension
url="http://hl7.org/fhir/StructureDefinition/structuredefinition-standards-status">
<valueCode value="informative"/>
</extension>
<extension
url="http://hl7.org/fhir/StructureDefinition/structuredefinition-fmm">
<valueInteger value="0"/>
</extension>
<extension url="http://hl7.org/fhir/StructureDefinition/package-source">
<extension url="packageId">
<valueId value="hl7.fhir.uv.xver-r5.r4"/>
</extension>
<extension url="version">
<valueString value="0.0.1-snapshot-2"/>
</extension>
</extension>
<extension
url="http://hl7.org/fhir/StructureDefinition/structuredefinition-wg">
<valueCode value="sec"/>
</extension>
<url value="http://hl7.org/fhir/permission-rule-combining"/>
<version value="5.0.0"/>
<name value="PermissionRuleCombining"/>
<title value="Permission Rule Combining"/>
<status value="active"/>
<experimental value="false"/>
<date value="2022-08-05T09:01:24+10:00"/>
<publisher value="Security"/>
<contact>
<name value="Security"/>
<telecom>
<system value="url"/>
<value value="http://www.hl7.org/Special/committees/secure"/>
</telecom>
</contact>
<description
value="Codes identifying the rule combining. See XACML Combining algorithms http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-cos01-en.html"/>
<jurisdiction>
<coding>
<system value="http://unstats.un.org/unsd/methods/m49/m49.htm"/>
<code value="001"/>
<display value="World"/>
</coding>
</jurisdiction>
<caseSensitive value="true"/>
<content value="complete"/>
<concept>
<code value="deny-overrides"/>
<display value="Deny-overrides"/>
<definition
value="The deny overrides combining algorithm is intended for those cases where a deny decision should have priority over a permit decision."/>
</concept>
<concept>
<code value="permit-overrides"/>
<display value="Permit-overrides"/>
<definition
value="The permit overrides combining algorithm is intended for those cases where a permit decision should have priority over a deny decision."/>
</concept>
<concept>
<code value="ordered-deny-overrides"/>
<display value="Ordered-deny-overrides"/>
<definition
value="The behavior of this algorithm is identical to that of the “Deny-overrides” rule-combining algorithm with one exception. The order in which the collection of rules is evaluated SHALL match the order as listed in the permission."/>
</concept>
<concept>
<code value="ordered-permit-overrides"/>
<display value="Ordered-permit-overrides"/>
<definition
value="The behavior of this algorithm is identical to that of the “Permit-overrides” rule-combining algorithm with one exception. The order in which the collection of rules is evaluated SHALL match the order as listed in the permission."/>
</concept>
<concept>
<code value="deny-unless-permit"/>
<display value="Deny-unless-permit"/>
<definition
value="The “Deny-unless-permit” combining algorithm is intended for those cases where a permit decision should have priority over a deny decision, and an “Indeterminate” or “NotApplicable” must never be the result. It is particularly useful at the top level in a policy structure to ensure that a PDP will always return a definite “Permit” or “Deny” result."/>
</concept>
<concept>
<code value="permit-unless-deny"/>
<display value="Permit-unless-deny"/>
<definition
value="The “Permit-unless-deny” combining algorithm is intended for those cases where a deny decision should have priority over a permit decision, and an “Indeterminate” or “NotApplicable” must never be the result. It is particularly useful at the top level in a policy structure to ensure that a PDP will always return a definite “Permit” or “Deny” result. This algorithm has the following behavior."/>
</concept>
</CodeSystem>
IG © 2025+ FHIR Infrastructure. Package hl7.fhir.uv.xver-r5.r4#0.0.1-snapshot-2 based on FHIR 4.0.1. Generated 2025-09-13
Links: Table of Contents |
QA Report
| Version History |
|
History