📄️ Allowed
The Allowed validator grants access unconditionally. Every request that matches a rule using this validator is permitted, regardless of the relationship between the client and the target resource.
📄️ Forbidden
The Forbidden validator rejects every request unconditionally. Its primary purpose is to serve as the default-validator, ensuring that any operation without an explicit authorization rule is denied.
📄️ PatientCompartment
The PatientCompartment validator restricts access to resources that belong to the authenticated patient's FHIR Patient compartment. This is the most commonly used validator for patient-facing applications.
📄️ PractitionerCompartment
The PractitionerCompartment validator restricts access to resources that belong to the authenticated practitioner's FHIR Practitioner compartment.
📄️ RelatedPersonCompartment
The RelatedPersonCompartment validator restricts access to resources that belong to the authenticated related person's FHIR RelatedPerson compartment.
📄️ DeviceCompartment
The DeviceCompartment validator restricts access to resources that belong to the authenticated device's FHIR Device compartment.
📄️ LegitimateInterest
The LegitimateInterest validator implements organization-based access control. It grants access to FHIR resources based on the organizational relationships between the authenticated client and the data. This is the most powerful validator in Fire Arrow Server and is designed for real-world healthcare scenarios where access depends on organizational affiliation rather than direct resource ownership.
📄️ CareTeam
The CareTeam validator implements access control based on FHIR CareTeam membership. It grants access to patient data when the authenticated client is a member of a CareTeam that is responsible for that patient's care. This validator is designed for care coordination scenarios where access needs to cross organizational boundaries.