Skip to main content

Identity & Access — How it works

Overview

The identity-access engine holds the cross-organization identity facts that feed access decisions: who is allowed to see a person, the consent on record, explicit access grants, a patient's relationship to facilities, and health-card identity. It supplies the visibility/consent/grant inputs that the access-control engine combines with local roles/scopes to decide object-level access.

Data model & ownership

TablePurpose
person_visibility_scopeWho/what may see a person.
consent_registryRecorded consent.
person_access_grantExplicit access grants to a person's data.
patient_facility_relationshipA patient's link to facilities.
health_cardHealth-card identity.

Key rules & invariants

  • Reads of a person/patient are filtered by access scope server-side — visibility/consent/grants gate what a caller can retrieve.
  • These facts are inputs to the unified access decision; the access-control engine owns the decision itself.

API

See the API Reference. Endpoint groups under /api/v1/identity-access: visibility scopes, consent, access grants, patient–facility relationships, health cards, and visibility discovery.