📄️ Authorization Concepts
Fire Arrow Server uses a rule-based authorization system. Each incoming request is evaluated against a set of rules that determine whether the operation is allowed and, for searches, which resources the client can see.
📄️ Validators
Validators are the core of Fire Arrow's authorization system. When a rule matches a request, the rule's validator decides whether access is actually granted. Each validator implements a different access control strategy.
📄️ Identity Filters
Identity filters add an extra condition to an authorization rule based on properties of the client's identity resource. They let you create rules that apply only to a subset of users within a role.
📄️ Property Filters
Property filters modify or remove specific properties from FHIR resources before they are returned to the client. They are applied after authorization succeeds, allowing you to grant access to a resource while redacting sensitive fields.
📄️ Authorization Debug Mode
When developing or troubleshooting authorization rules, it can be difficult to understand why a request is being denied. Fire Arrow Server includes a debug mode that provides detailed information about rule evaluation on failed requests.