Membership

The Membership resource is a custom FHIR resource that connects Users to Projects and defines their access permissions. Memberships are the primary mechanism for project-level access control in Haste Health.

Purpose

Memberships serve as the bridge between:

User resources (stored in System Project)
Project resources (resource containers within a tenant)
AccessPolicyV2 resources (fine-grained authorization rules)

When a user authenticates to a project, the system queries for their Membership resource to determine access rights and applicable policies.

Resource Structure

A Membership resource contains:

{
  "resourceType": "Membership",
  "user": {
    "reference": "User/kyjfry5bzzb76ciu090y8kv9zw"
  },
  "link": {
    "reference": "Patient/4w528i5jtrelzy-k-2vjn6fg43"
  }
}

Key Fields

link: Reference to the Clinical resource this membership represents
user: Reference to the User resource associated with this membership

User-to-Project Linking

Memberships establish the connection between Users and Projects:

User (System Project)
  ↓
Membership (User Project) 
  ↓
Project Access

Process:

User exists in System Project (tenant-wide identity)
Membership resource created in target Project
Membership.user references the User resource
User can now access resources in that Project

Without a Membership (unless a user is a super-admin or owner of a tenant), users cannot access any resources in a project, even if they have valid authentication credentials.

AccessPolicyV2 Association

Memberships can be linked to AccessPolicyV2 which determine what resources a user has access too within a project.

{
  "resourceType": "AccessPolicyV2",
  "name": "Admin",
  "engine": "full-access",
  "target": [
    {
      "link": {
        "reference": "Membership/qo4zgl99-eaw4wu17nub1zy79n"
      }
    }
  ]
}

Use Cases

Multi-project access: User has different roles across projects

Member in development project
Admin in staging project
No access to production project

Department isolation: Restrict users to specific projects

Cardiology staff only access cardiology-project
Oncology staff only access oncology-project

Fine-grained permissions: Combine roles with policies

Role: member (baseline permissions)
Policy: Only read Patient resources for assigned patients

Membership: Membership resource overview
User: User resource schema
Project: Project resource schema
AccessPolicyV2: Access policy resource schema
Multi-Tenant Architecture: Tenant and project structure

Purpose​

Resource Structure​

Key Fields​

User-to-Project Linking​

AccessPolicyV2 Association​

Use Cases​

Related Documentation​