Allowed
The Allowed validator grants unconditional access to any authenticated client matching the rule's role.
Forbidden
The Forbidden validator denies all requests unconditionally. Recommended as the default-validator for deny-by-default security.
PatientCompartment
Restrict patient access to resources in their own FHIR Patient compartment. The default choice for patient-facing apps.
PractitionerCompartment
Restrict practitioner access to resources they are directly referenced in, such as encounters and reports they authored.
RelatedPersonCompartment
Grant caregivers and guardians access to patient data through the FHIR RelatedPerson compartment.
DeviceCompartment
Restrict authenticated devices to resources in their FHIR Device compartment, such as observations they produced.
LegitimateInterest
Organization-based access control using PractitionerRole and managingOrganization links, with role filtering and hierarchy inheritance.
CareTeam
Grant cross-organizational access based on FHIR CareTeam membership for multidisciplinary care coordination scenarios.