Haste Health implements fine-grained access control using AccessPolicyV2 resources. These policies provide attribute-based access control (ABAC) beyond basic OAuth scopes, enabling complex authorization rules based on user identity, resource properties, and request context.
Haste Health provides a comprehensive authentication and authorization system built on industry standards including OAuth 2.0, OpenID Connect (OIDC), and SMART on FHIR. This ensures secure access to healthcare data while maintaining compliance with healthcare regulations.
Haste Health implements a layered authorization model that combines OAuth 2.0 scopes, role-based access control (RBAC), and attribute-based access control (ABAC) to provide flexible, fine-grained permissions for healthcare applications.
The Membership resource is a custom FHIR resource that connects Users to Projects and defines their access permissions. Memberships are the primary mechanism for project-level access control in Haste Health.
Haste Health implements a comprehensive scope system that combines OpenID Connect (OIDC) scopes with SMART on FHIR scopes to provide fine-grained access control for healthcare applications.