...
Had the example instead looked like the example stated above, the user Lasse Dam would have been issued a more narrow JWT as nothing would have been set into context as the AS would be unable to choose between the whether the user should be in the context of the careteam with the role "monitoring responsible" or in the context of the organization with the role "clinical content definer".
The PriviledgeGroups provided in the OIO BPP must be unique in accordance with the following scheme:
The combination of CVR number (scope) sorIdentifer(regional)/orgUnit(municipal) and/or careteam must be unique. Failing to comply with this may result in errors. This scheme is to ensure that users cannot have multiple different privileges stated differently. Do note that it is possible to list multiple (valid) privileges in any given PrivilegeGroup.