Release 5 R6 Ballot (2nd Draft)

This page is part of the FHIR Specification (v5.0.0: R5 - STU v6.0.0-ballot2: Release 6 Ballot (2nd Draft) (see Ballot Notes ). This is the The current published version in it's permanent home (it will always be available at this URL). is 5.0.0 . For a full list of available versions, see the Directory of published versions

Example CodeSystem/permission-rule-combining (XML)

Security Work Group Maturity Level : N/A Standards Status : Informative

Raw XML ( canonical form + also see XML Format Specification )

Definition for Code SystemPermissionRuleCombining 

<?xml version="1.0" encoding="UTF-8"?>


  
  
    
    
  
  
    
    
      This code system 
         defines the following codes:
      
      
        
          
            
          
          
            
          
          
            
          
        
        
          deny-overrides
            
          
          

<CodeSystem xmlns="http://hl7.org/fhir">
  <id value="permission-rule-combining"/> 
  <meta> 
    <lastUpdated value="2024-08-12T19:52:12.437+11:00"/> 
    <profile value="http://hl7.org/fhir/StructureDefinition/shareablecodesystem"/> 
  </meta> 
  <text> 
    <status value="generated"/> 
    <div xmlns="http://www.w3.org/1999/xhtml">
      <p class="res-header-id">
        <b> Generated Narrative: CodeSystem permission-rule-combining</b> 
      </p> 
      <a name="permission-rule-combining"> </a> 
      <a name="hcpermission-rule-combining"> </a> 
      <a name="permission-rule-combining-en-AU"> </a> 
      <div style="display: inline-block; background-color: #d9e0e7; padding: 6px; margin: 4px; border:
       1px solid #8da1b4; border-radius: 5px; line-height: 60%">
        <p style="margin-bottom: 0px">Last updated: 2022-08-05T10:01:24.148+11:00</p>         <p style="margin-bottom: 0px">Profile:           <a href="shareablecodesystem.html">Shareable CodeSystem</a>         </p>       </div>       <p> This case-sensitive code system         <code> http://hl7.org/fhir/permission-rule-combining</code>  defines the following codes:      </p>       <table class="codes">        <tr>           <td style="white-space:nowrap">            <b> Code</b>           </td>           <td>             <b> Display</b>           </td>           <td>             <b> Definition</b>           </td>         </tr>         <tr>           <td style="white-space:nowrap">deny-overrides            <a name="permission-rule-combining-deny-overrides"> </a>           </td>           <td> Deny-overrides</td> 
          <td> The deny overrides combining algorithm is intended for those cases where a deny
             decision should have priority over a permit decision.
        
        
          permit-overrides
            
          
          

             decision should have priority over a permit decision.</td> 
        </tr>         <tr>           <td style="white-space:nowrap">permit-overrides            <a name="permission-rule-combining-permit-overrides"> </a>           </td>           <td> Permit-overrides</td> 
          <td> The permit overrides combining algorithm is intended for those cases where a permit
             decision should have priority over a deny decision.
        
        
          ordered-deny-overrides
            
          
          

             decision should have priority over a deny decision.</td> 
        </tr>         <tr>           <td style="white-space:nowrap">ordered-deny-overrides            <a name="permission-rule-combining-ordered-deny-overrides"> </a>           </td>           <td> Ordered-deny-overrides</td> 
          <td> The behavior of this algorithm is identical to that of the “Deny-overrides” rule-combining
             algorithm with one exception.  The order in which the collection of rules is evaluated
             SHALL match the order as listed in the permission.
        
        
          ordered-permit-overrides
            
          
          

             SHALL match the order as listed in the permission.</td> 
        </tr>         <tr>           <td style="white-space:nowrap">ordered-permit-overrides            <a name="permission-rule-combining-ordered-permit-overrides"> </a>           </td>           <td> Ordered-permit-overrides</td> 
          <td> The behavior of this algorithm is identical to that of the “Permit-overrides” rule-combining
             algorithm with one exception.  The order in which the collection of rules is evaluated
             SHALL match the order as listed in the permission.
        
        
          deny-unless-permit
            
          
          

             SHALL match the order as listed in the permission.</td> 
        </tr>         <tr>           <td style="white-space:nowrap">deny-unless-permit            <a name="permission-rule-combining-deny-unless-permit"> </a>           </td>           <td> Deny-unless-permit</td> 
          <td> The “Deny-unless-permit” combining algorithm is intended for those cases where
             a permit decision should have priority over a deny decision, and an “Indeterminate”
             or “NotApplicable” must never be the result. It is particularly useful at the top
             level in a policy structure to ensure that a PDP will always return a definite
             “Permit” or “Deny” result.
        
        
          permit-unless-deny
            
          
          

             “Permit” or “Deny” result.</td> 
        </tr>         <tr>           <td style="white-space:nowrap">permit-unless-deny            <a name="permission-rule-combining-permit-unless-deny"> </a>           </td>           <td> Permit-unless-deny</td> 
          <td> The “Permit-unless-deny” combining algorithm is intended for those cases where
             a deny decision should have priority over a permit decision, and an “Indeterminate”
             or “NotApplicable” must never be the result. It is particularly useful at the top
             level in a policy structure to ensure that a PDP will always return a definite
             “Permit” or “Deny” result. This algorithm has the following behavior.
        
      
    
  
  
    
  
  
    
  
  
    
  
  
  
    
    
  
  
  
  
  
  
  
  
  
    
      
      
    
    
      
      
    
  

             “Permit” or “Deny” result. This algorithm has the following behavior.</td> 
        </tr>       </table>     </div>   </text>   <extension url="http://hl7.org/fhir/StructureDefinition/structuredefinition-wg">    <valueCode value="sec"/>   </extension>   <extension url="http://hl7.org/fhir/StructureDefinition/structuredefinition-standards-status">    <valueCode value="trial-use"/>   </extension>   <extension url="http://hl7.org/fhir/StructureDefinition/structuredefinition-fmm">    <valueInteger value="0"/>   </extension>   <url value="http://hl7.org/fhir/permission-rule-combining"/>   <identifier>     <system value="urn:ietf:rfc:3986"/>     <value value="urn:oid:2.16.840.1.113883.4.642.4.2070"/>   </identifier>   <version value="6.0.0-ballot2"/>   <name value="PermissionRuleCombining"/>   <title value="Permission Rule Combining"/>   <status value="active"/>   <experimental value="false"/>   <date value="2022-08-05T10:01:24+11:00"/>   <publisher value="HL7 (FHIR Project)"/>   <contact>     <telecom>       <system value="url"/>       <value value="http://hl7.org/fhir"/>     </telecom>     <telecom>       <system value="email"/>       <value value="fhir@lists.hl7.org"/>     </telecom>   </contact> 
  <description value="Codes identifying the rule combining. See XACML Combining algorithms  http://docs.oasis-open.
  org/xacml/3.0/xacml-3.0-core-spec-cos01-en.html
  
    
      
      
      
    
  
  
  
  
    
    

  org/xacml/3.0/xacml-3.0-core-spec-cos01-en.html"/> 
  <jurisdiction>     <coding>       <system value="http://unstats.un.org/unsd/methods/m49/m49.htm"/>       <code value="001"/>       <display value="World"/>     </coding>   </jurisdiction>   <caseSensitive value="true"/>   <content value="complete"/>   <concept>     <code value="deny-overrides"/>     <display value="Deny-overrides"/> 
    <definition value="The deny overrides combining algorithm is intended for those cases where a deny
     decision should have priority over a permit decision.
  
  
    
    

     decision should have priority over a permit decision."/> 
  </concept>   <concept>     <code value="permit-overrides"/>     <display value="Permit-overrides"/> 
    <definition value="The permit overrides combining algorithm is intended for those cases where a permit
     decision should have priority over a deny decision.
  
  
    
    

     decision should have priority over a deny decision."/> 
  </concept>   <concept>     <code value="ordered-deny-overrides"/>     <display value="Ordered-deny-overrides"/> 
    <definition value="The behavior of this algorithm is identical to that of the “Deny-overrides” rule-combining
     algorithm with one exception.  The order in which the collection of rules is evaluated
     SHALL match the order as listed in the permission.
  
  
    
    

     SHALL match the order as listed in the permission."/> 
  </concept>   <concept>     <code value="ordered-permit-overrides"/>     <display value="Ordered-permit-overrides"/> 
    <definition value="The behavior of this algorithm is identical to that of the “Permit-overrides” rule-combining
     algorithm with one exception.  The order in which the collection of rules is evaluated
     SHALL match the order as listed in the permission.
  
  
    
    

     SHALL match the order as listed in the permission."/> 
  </concept>   <concept>     <code value="deny-unless-permit"/>     <display value="Deny-unless-permit"/> 
    <definition value="The “Deny-unless-permit” combining algorithm is intended for those cases where
     a permit decision should have priority over a deny decision, and an “Indeterminate”
     or “NotApplicable” must never be the result. It is particularly useful at the top
     level in a policy structure to ensure that a PDP will always return a definite
     “Permit” or “Deny” result.
  
  
    
    

     “Permit” or “Deny” result."/> 
  </concept>   <concept>     <code value="permit-unless-deny"/>     <display value="Permit-unless-deny"/> 
    <definition value="The “Permit-unless-deny” combining algorithm is intended for those cases where
     a deny decision should have priority over a permit decision, and an “Indeterminate”
     or “NotApplicable” must never be the result. It is particularly useful at the top
     level in a policy structure to ensure that a PDP will always return a definite
     “Permit” or “Deny” result. This algorithm has the following behavior.
  

     “Permit” or “Deny” result. This algorithm has the following behavior."/> 
  </concept> 


</

CodeSystem

>

Usage note: every effort has been made to ensure that the examples are correct and useful, but they are not a normative part of the specification.