OrganizationCompartment
The organization compartment validator creates an artificial compartment by tagging resources with an extension.
Any resource can be tagged with an extension with the url https://fire-arrow.evoleen.com/fhir/Extensions/organization-compartment and the value set to a FHIR reference to the organization resource. As soon as this extension exists on a resource, the resource becomes part of the corresponding organization's organization compartment.
This validation strategy is helpful if multiple organizations store their data in the same database but use resources that don't have a clear association to an organization.
Role Inheritance
The setting legitimateInterestRoleInheritanceLevels in the configuration file controls if roles in an organization should be inherited to child organizations. This supports the following use cases:
- A hospital can be broken down into multiple independent units where general staff and admin staff at the parent unit can see all data, whereas staff located in a department of the hospital can only see data belonging to that specific department.
- SaaS solutions looking to provide admin support for their customers can create a virtual "root" organization. All customers looking for support can make themselves a member of this root organization, which will immediately allow admins of the root organization to see all customer data. Visibility can be turned on and off at will.
Role inheritance requires one additional network request per org level per validated request, so its impact on response time is considerable and should only be used when and where necessary.
{
"client_role": "Practitioner",
"entity_name": "Library",
"operation": "read",
"validator": "OrganizationCompartment",
}