Versions Compared

Old Version 21

changes.mady.by.user Erik Nielsen

Saved on

compared with

New Version 22

changes.mady.by.user Erik Nielsen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The result is an expanded tree that lists available careteams and organizations, e.g. for a clinical user:

Contexts
Code Block
languagejs
GET https://saml.exttest.ehealth.sundhed.dk/auth/realms/ehealth/resource/ehealth-connect/contexts

...

Response
Code Block
languagejs

Response:
{
  "care_teams": [ 
    {
      "id": "https://fut.com/fhir/CareTeam/4",
      "name": "Careteam Nord"
      "affiliation": {
        "id": "https://fut.com/fhir/Organization/38",
        "name": "Region Midtjylland, Aarhus Universitetshospital, Lungesygdomme"
      },
      "roles": [
        "urn:dk:sundhed:ehealth:role:clinical_viewer"
      ]
    },
    {
      "id": "https://fut.com/fhir/CareTeam/6",
      "name": "Careteam Syd"
      "affiliation": {
        "id": "https://fut.com/fhir/Organization/1",
        "name": "Aarhus Kommune, Center Syd"
      },
      "roles": [
        "urn:dk:sundhed:ehealth:role:clinical_viewer",
        "urn:dk:sundhed:ehealth:role:citizen_enroller"
      ]
    } 
  ],
  "organizations": [
    {
      "id": "https://fut.com/fhir/Organization/1",
      "name": "Aarhus Kommune, Center Syd",
      "roles": [
        "urn:dk:sundhed:ehealth:role:questionnaire_editor"
      ]
    },
    {
      "id": "https://fut.com/fhir/Organization/2",
      "name": "Æbeltoft Kommune, Afdeling Vest",
      "roles": [
        "urn:dk:sundhed:ehealth:role:terminology_administrator",
        "urn:dk:sundhed:ehealth:role:questionnaire_editor"
      ]
    }
  ]
}

...

As of Keycloak version 1.8.40, a list of the top level roles for each available context are given in the “roles element“. Each top level role are expanded to a set of privileges. This mapping can be can be obtained by querying (HTTP GET with the current Access token) the AS at the path /auth/realms/{realm name}/resource/ehealth-connect/groups. The result is a map of top level roles to privileges. e. g.:

Groups
Code Block
languagejs
GET https://saml.exttest.ehealth.sundhed.dk/auth/realms/ehealth/resource/ehealth-connect/groups
{
    "urn:dk:sundhed:ehealth:role:questionnaire_editor": [
        "Questionnaire.update",
        "DocumentReference.write",
        "DocumentReference.*",
        "Questionnaire.patch",
        "DocumentReference.read",
        "DocumentReference.update",
        "DocumentReference.search",
        "Organization.read",
        ...
    ],
    "urn:dk:sundhed:ehealth:role:clinical_viewer": [
        "DeviceUseStatement.search",
        "Condition.search",
        "DeviceMetric.read",
        "DocumentReference.read",
        "DocumentReference.search",
        "RestrictionCategory$none",
        "$search-measurements",
        ...
    ],
    "urn:dk:sundhed:ehealth:role:terminology_administrator": [
        "CodeSystem.write",
        "Terminology Administrator",
        "ConceptMap.write",
        "ValueSet.write",
        "NamingSystem.write"
    ],
    "urn:dk:sundhed:ehealth:role:citizen_enroller": [
        "Condition.search",
        "CarePlan$update-care-teams",
        "DocumentReference.read",
        "Consent.create",
        "DocumentReference.search",
        "CareTeam.read",
        "Consent.update",
        "ServiceRequest.delete",
        "Consent.patch",
        "EpisodeOfCare.write",
        "Questionnaire.search",
        ...
    ],
    ...
}

...