...
As of Keycloak version 1.8.40, a list of the top level roles for each available context are given in the “roles element“. Each top level role are expanded to a set of privileges. This mapping can be can be obtained by querying (HTTP GET with the current Access token) the AS at the path /auth/realms/{realm name}/resource/ehealth-connect/groups. The result is a map of top level roles to privileges. e. g.:The example request and response shown below illustrates the concept and is not intended to be normative, complete or kept up-to-date.
Groups
| Code Block | ||
|---|---|---|
| ||
GET https://saml.exttest.ehealth.sundhed.dk/auth/realms/ehealth/resource/ehealth-connect/groups
{
"urn:dk:sundhed:ehealth:role:questionnaire_editor": [
"Questionnaire.update",
"DocumentReference.write",
"DocumentReference.*",
"Questionnaire.patch",
"DocumentReference.read",
"DocumentReference.update",
"DocumentReference.search",
"Organization.read",
...
],
"urn:dk:sundhed:ehealth:role:clinical_viewer": [
"DeviceUseStatement.search",
"Condition.search",
"DeviceMetric.read",
"DocumentReference.read",
"DocumentReference.search",
"RestrictionCategory$none",
"$search-measurements",
...
],
"urn:dk:sundhed:ehealth:role:terminology_administrator": [
"CodeSystem.write",
"Terminology Administrator",
"ConceptMap.write",
"ValueSet.write",
"NamingSystem.write"
],
"urn:dk:sundhed:ehealth:role:citizen_enroller": [
"Condition.search",
"CarePlan$update-care-teams",
"DocumentReference.read",
"Consent.create",
"DocumentReference.search",
"CareTeam.read",
"Consent.update",
"ServiceRequest.delete",
"Consent.patch",
"EpisodeOfCare.write",
"Questionnaire.search",
...
],
...
} |
...