Glossary
What is FHIR RBAC?
FHIR RBAC is role-based access control applied to FHIR resources, operations, and the relationships between them, rather than to abstract resource types alone.
In context
A patient role and a clinician role need different rules per resource type and per operation. A patient should be able to read their own Observation but not search across other patients. A clinician should be able to search Patient within their organisation but not create users. Generic RBAC (role to permission) is the starting point; healthcare RBAC adds compartment, organisation, CareTeam, and identity-conditional logic on top.
Production FHIR RBAC is typically expressed as rules that combine role, resource type, operation, and a validator that decides on a per-request basis. Search authorization is the place where post-hoc filtering breaks down: the safe pattern is to narrow the search at the database layer.
How Fire Arrow handles it
Fire Arrow rules combine role, resource type, and operation, and select an authorisation strategy: outright allow or deny, the standard FHIR compartments, an organisation-scoped 'legitimate interest' rule, or a care-team membership rule. Identity-conditional rules layer FHIRPath conditions on the caller, so a rule applies only to a subset of users in a role (for example, only practitioners marked as principal investigators).
