Skip to main content

Simple role system

This chapter provides a role system that's suitable for an organization providing care for multiple patients (B2C business), for example a skin care app offering medical advice to patients.

The key criteria for this setup are that there is a single organization which manages all data and multiple entities access or provide data at a limited scope.

Role chart

The setup is characterized as following:

  • A single Organization resource represents the business itself as the single care provider.
  • Every patient user is represented by a Patient resource. Each patient's managingOrganization property points to the main Organization.
  • Every practitioner user is represented by a Practitioner resource. Every practitioner has at least one PractitionerRole at the main Organization.

Validation strategies

  • For patients, each patient-specific resource can be validated using the PatientCompartment validator or LegitimateInterest, enabling every patient to access their own data but nothing else in the database.
  • For practitioners, every resource can be validated using the LegitimateInterest validator, assuming that the resource is either tied to a Patient or to the Organization. Practitioners can see any resource in the database this way.