Authorizations

An authorization is a specific permission requested from the life for a particular resource. It is used to determine an application’s access to a particular resource. It can be specific to the marble platform or customized to your application

  • Life demographics authorization

    • This is the first automatically created authorization when a new life is created. It follows this format: ~/lives/demographics.read
    • Demographics include name, date of birth, gender, address, phone, identifiers, and more
    • Note: You cannot request an authorization to write to the life’s demographics
  • Data authorizations

    • Data authorizations follow a specific format: ~/data/fhir/r4/{fhir resource}.{write or read}
    • ~/data/fhir/r4/Observations.read -> Read all life’s Observations
    • ~/data/fhir/r4/Observations.write -> Write to life’s Observations
    • ~/data/fhir/r4.read -> Read all life’s fhir data
    • ~/data/fhir/r4/Procedure/123.read -> Read procedure with id 123 from life’s fhir data
  • Retrievals authorizations

    • This type of authorization is automatically created every time your application creates a retrieval from a provider/network and has the following format: ~/retrievals/retrievalId
    • Once a retrieval completes, specific and automatically accepted data authorizations may be created
  • The authorization life cycle can only move forward. An authorization can have five states:

      1. Pending: an authorization not yet acted on by the life
      1. Accepted: an authorization accepted by the life
      1. Rejected: an authorization rejected by the life
      1. Revoked: a formerly accepted authorization, now revoked by the life; this authorization cannot be actioned further; your application must request another authorization to the same resource to access it
      1. Archived: an authorization your application may choose to delete if not required; this can only be accomplished when the authorization is still Pending; once an authorization is Archived, no more action can be taken on the authorization, either by your application or by the user; if you require access to the same resource, you must request another authorization