AccessPolicy
Access Policy for user or user group that defines how entities can or cannot access resources.
- Schema
Elements
| Name | Required | Type | Description |
|---|---|---|---|
| name | string | DetailsA name associated with the AccessPolicy. | |
| basedOn | Reference<AccessPolicy>[] | DetailsOther access policies used to derive this access policy. | |
| compartment | Reference<> | DetailsOptional compartment for newly created resources. If this field is set, any resources created by a user with this access policy will automatically be included in the specified compartment. | |
| resource | AccessPolicyResource[] | DetailsAccess details for a resource type. | |
| resourceType | ✓ | string | DetailsThe resource type. |
| compartment | Reference<> | Details@deprecated Optional compartment restriction for the resource type. | |
| criteria | string | DetailsThe rules that the server should use to determine which resources to allow. The rules are search criteria (without the [base] part). Like Bundle.entry.request.url, it has no leading "/". | |
| readonly | boolean | DetailsOptional flag to indicate that the resource type is read-only. | |
| hiddenFields | string[] | DetailsOptional list of hidden fields. Hidden fields are not readable or writeable. | |
| readonlyFields | string[] | DetailsOptional list of read-only fields. Read-only fields are readable but not writeable. | |
| writeConstraint | Expression[] | DetailsInvariants that must be satisfied for the resource to be written. Can include %before and %after placeholders to refer to the resource before and after the updates are applied. | |
| ipAccessRule | AccessPolicyIpAccessRule[] | DetailsUse IP Access Rules to allowlist, block, and challenge traffic based on the visitor IP address. | |
| name | string | DetailsFriendly name that will make it easy for you to identify the IP Access Rule in the future. | |
| value | ✓ | string | DetailsAn IP Access rule will apply a certain action to incoming traffic based on the visitor IP address or IP range. |
| action | ✓ | code | DetailsAccess rule can perform one of the following actions: "allow" | "block". |
Search Parameters
| Name | Type | Description | Expression |
|---|---|---|---|
| name | string | The name of the access policy | AccessPolicy.name |
Inherited Elements
| Name | Required | Type | Description |
|---|---|---|---|
| id | string | Logical id of this artifact DetailsThe logical id of the resource, as used in the URL for the resource. Once assigned, this value never changes. | |
| meta | Meta | DetailsThe metadata about the resource. This is content that is maintained by the infrastructure. Changes to the content might not always be associated with version changes to the resource. | |
| implicitRules | uri | DetailsA reference to a set of rules that were followed when the resource was constructed, and which must be understood when processing the content. Often, this is a reference to an implementation guide that defines the special rules along with other profiles etc. | |
| language | code | DetailsThe base language in which the resource is written. | |
| text | Narrative | Text summary of the resource, for human interpretation DetailsA human-readable narrative that contains a summary of the resource and can be used to represent the content of the resource to a human. The narrative need not encode all the structured data, but is required to contain sufficient detail to make it "clinically safe" for a human to just read the narrative. Resource definitions may define what content should be represented in the narrative to ensure clinical safety. | |
| contained | Resource[] | Contained, inline Resources DetailsThese resources do not have an independent existence apart from the resource that contains them - they cannot be identified independently, and nor can they have their own independent transaction scope. | |
| extension | Extension[] | Additional content defined by implementations DetailsMay be used to represent additional information that is not part of the basic definition of the resource. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. | |
| modifierExtension | Extension[] | Extensions that cannot be ignored DetailsMay be used to represent additional information that is not part of the basic definition of the resource and that modifies the understanding of the element that contains it and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer is allowed to define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions. Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself). |