Authorization

From Clinfowiki
Revision as of 00:38, 21 November 2011 by Safa.fathiamini (Talk | contribs)

Jump to: navigation, search

Authorization is the process specifying access rights to resources. It defines who is authorized to do and see what. Along with authentication and audit, authorization is one of the three pillars of security in any given system. Authorization designed well will not prevent providers from their patient care activities.

Authorization Types

Authorization can be user based, role based, or context based.

  • User based In user based authorization, access rights are assigned to individuals based on who they are as an individual. For example: "Dr. Smith has the right to..."
  • Role based In role based authorization, rights are assigned to individuals based on their role in the organization. For example: "All doctors have the right to view..." . This form of access granting is usually more scalable than the user based type, because with addition of new users to the system, the set of rights can stay the same and only the new user is added to the list.
  • Context based In context based authorization, rights are assigned to individuals based on who they are and where they are or what they are doing. This form of authorization is the most secure among the three forms.