Part of Authoring FHIR terminology resources
Securing a FHIR resource for a community
Before you start
When you upload a FHIR resource to the Terminology Server it is available to everyone to read. If you want to limit who can read and update a resource, you can limit access to the resource by assigning rights to a community. Only users who have an author role can make these changes.
How to apply FHIR security labels for a community to a resource.
1. Start Snapper and login.
2. Open an existing FHIR resource or create a new one.
3. Click on the additional Metadata tab.
4. Click on the + Security button to add security label. 
5. . When you click or tab into the security label field, a drop-down list will appear with a list of all available community/permission labels. Scroll the page if you can't see all list items.
6. In this example we have created a CodeSystem we want members of a community the Wonderland Community to be able to find and view, but not be able to update.
The FHIR security label associated with this community in the authorisation server is called wonderland.
From the screenshot above, you can see that we can choose from wonderland.read and wonderland.write. Since we only want the community members to read this resource, we select wonderland.read. Do not change the value in security system.
You can do this to grant read access to a community that the author is not a member of, allowing the author to extend access to another community to review and use the resource. If you want to grant authoring rights to a resource for a community, you would assign both read and write labels. Multiple communities can concurrently have the same level of access to a resource.
7. The CodeSystem's security labels are only stored locally right now.
You should always assign the write security label to at least one community. So one will have rights to edit the resource in the future.
You should always assign the read security label to every community that you assign the write security label to. Otherwise the resource can't be found and viewed in order to edit it. Note that Snapper will automatically add the corresponding read label when a write label is added, however it can be removed if only write is required for an edge case scenario.
The next step is to upload the new or updated CodeSystem so the security labels come into effect.
8. Click on the Upload to FHIR server tab and then click Upload CodeSystem.
9. Users who have group membership of The Happy Community consumers community are able to search for, and download a local copy of this resource.
If the author of the resource does not have group membership of Wonderland consumers community, they will lose access to this resource on the server when the security labels are applied. The resource will not appear in any searches they do, and if they remove the resource from their local computer, they will not be able to get it back unless they are assigned rights to the community. You can read the resource community permission strategies for more information.
Last edited: 17 March 2021 3:08 pm