Authorization
From Clinfowiki
Authorization is the process specifying access rights to resources. It defines who is authorized to do and see what. Along with authentication and accounting/audit, authorization is one of the three pillars of security in any given system (AAA Protocol). Authorization designed well will not prevent providers from their patient care activities.
Authorization Types
Authorization can be user based, role based, or context based.
- User based: In user based authorization, access rights are assigned to individuals based on who they are as an individual. For example: "Dr. Smith has the right to..."
- Role based: In role based authorization, rights are assigned to individuals based on their role in the organization. For example: "All doctors have the right to view..." . This form of access granting is usually more scalable than the user based type, because with addition of new users to the system, the set of rights can stay the same and only the new user is added to the list.
- Context based: In context based authorization, rights are assigned to individuals based on who they are and where they are or what they are doing. This form of authorization is the most secure among the three forms.
