allowed

allowed Validator Documentation
Unrestricted Access for Public or Trusted Resources

Intent

The allowed validator grants unconditional access to a resource or operation, bypassing all authorization checks. Use this sparingly for public-facing data (e.g., read-only reference tables) or debugging scenarios.

⚠️ Security Note: Avoid using this validator for sensitive resources (e.g., Patient, Observation).

Key Features

No Role or Compartment Checks:
- Ignores client_role, compartment rules, and reference validations.
Token Validity Only:
- Requires a valid authentication token but no further permissions.
Unsupported Options:
- Cannot enforce required_role_system or required_role_code.

Example Configuration

Public Access to Observation Resources

{
  "client_role": "Patient",
  "entity_name": "Observation",
  "operation": "read",
  "validator": "allowed"
}

Effect: Any authenticated user with the Patient role can read all Observation resources in the system, regardless of compartment or ownership.

Use Case: Reference Data Exposure

A telehealth app uses this validator to:

Allow patients to read public CodeSystem resources (e.g., medication unit codes).
Enable practitioners to access a shared Library of clinical guidelines.

Configuration:

{
  "client_role": "Practitioner",
  "entity_name": "Library",
  "operation": "read",
  "validator": "allowed"
}

Intent​

Key Features​

Example Configuration​

Public Access to Observation Resources​

Use Case: Reference Data Exposure​

FHIR References​

Intent

Key Features

Example Configuration

Public Access to Observation Resources

Use Case: Reference Data Exposure

FHIR References