You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/healthcare-apis/azure-api-for-fhir-additional-settings.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -26,8 +26,8 @@ For more information on how to change the default settings, see [configure datab
26
26
27
27
The Azure API for FHIR will only allow authorized users to access the FHIR API. You can configure authorized users through two different mechanisms. The primary and recommended way to configure access control is using [Azure Role Based Access Control (RBAC)](https://docs.microsoft.com/azure/role-based-access-control/), which is accessible through the **Access control (IAM)** blade. Azure RBAC only works if you want to secure data plane access using the Azure Active Directory tenant associated with your subscription. If you wish to use a different tenant, the Azure API for FHIR offers a local FHIR data plane access control mechanism. The configuration options are not as rich when using the local RBAC mechanism. For details, choose one of the following options:
28
28
29
-
1.[Azure RBAC for FHIR data plane](configure-azure-rbac.md). This is the preferred option when you are using the Azure Active Directory tenant associated with your subscription.
30
-
1.[Local FHIR data plane access control](configure-local-rbac.md). Use this option only when you need to use an external Azure Active Directory tenant for data plane access control.
29
+
*[Azure RBAC for FHIR data plane](configure-azure-rbac.md). This is the preferred option when you are using the Azure Active Directory tenant associated with your subscription.
30
+
*[Local FHIR data plane access control](configure-local-rbac.md). Use this option only when you need to use an external Azure Active Directory tenant for data plane access control.
31
31
32
32
## Enable diagnostic logging
33
33
You may want to enable diagnostic logging as part of your setup to be able to monitor your service and have accurate reporting for compliance purposes. For details on how to set up diagnostic logging, see our [how-to-guide](enable-diagnostic-logging.md) on how to set up diagnostic logging, along with some sample queries.
Copy file name to clipboardExpand all lines: articles/healthcare-apis/configure-azure-rbac.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,5 +1,5 @@
1
1
---
2
-
title: Configure Azure Role Based Access Control (RBAC)
2
+
title: Configure Azure Role Based Access Control (RBAC) for Azure API for FHIR
3
3
description: This article describes how to configure Azure RBAC for the Azure API for FHIR data plane
4
4
author: hansenms
5
5
ms.service: healthcare-apis
@@ -32,18 +32,18 @@ In the **Role** selection, search for one of the built-in roles for the FHIR dat
32
32
33
33
You can choose between:
34
34
35
-
1. FHIR Data Reader: Can read (and search) FHIR data.
36
-
1. FHIR Data Writer: Can read, write, and soft delete FHIR data.
37
-
1. FHIR Data Exporter: Can read and export (`$export` operator) data.
38
-
1. FHIR Data Contributor: Can perform all data plane operations.
35
+
* FHIR Data Reader: Can read (and search) FHIR data.
36
+
* FHIR Data Writer: Can read, write, and soft delete FHIR data.
37
+
* FHIR Data Exporter: Can read and export (`$export` operator) data.
38
+
* FHIR Data Contributor: Can perform all data plane operations.
39
39
40
40
If these roles are not sufficient for your need, you can also [create custom roles](https://docs.microsoft.com/azure/role-based-access-control/tutorial-custom-role-powershell).
41
41
42
42
In the **Select** box, search for a user, service principal, or group that you wish to assign the role to.
43
43
44
44
## Caching behavior
45
45
46
-
The Azure API for FHIR will cache decisions for up to 5 minutes. If you grant a user access to the FHIR server by adding them to the list of allowed object ids, or you remove them from the list, you should expect it to take up to five minutes for changes in permissions to propagate.
46
+
The Azure API for FHIR will cache decisions for up to 5 minutes. If you grant a user access to the FHIR server by adding them to the list of allowed object IDs, or you remove them from the list, you should expect it to take up to five minutes for changes in permissions to propagate.
Copy file name to clipboardExpand all lines: articles/healthcare-apis/configure-local-rbac.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,5 +1,5 @@
1
1
---
2
-
title: Configure Local Role Based Access Control (RBAC)
2
+
title: Configure local Role Based Access Control (RBAC) for Azure API for FHIR
3
3
description: This article describes how to configure the Azure API for FHIR to use an external Azure AD tenant for data plane
4
4
author: hansenms
5
5
ms.service: healthcare-apis
@@ -8,7 +8,7 @@ ms.topic: reference
8
8
ms.date: 03/15/2020
9
9
ms.author: mihansen
10
10
---
11
-
# Configure Local RBAC for FHIR
11
+
# Configure local RBAC for FHIR
12
12
13
13
This article explains how to configure the Azure API for FHIR to use an external, secondary Azure Active Directory tenant for managing data plane access. Use this mode only if it is not possible for you to use the Azure Active Directory tenant associated with your subscription.
14
14
@@ -45,17 +45,17 @@ You can configure the Azure API for FHIR to use an external or secondary Azure A
45
45
46
46
In the authority box, enter a valid Azure Active Directory tenant. Once the tenant has been validated, the **Allowed object IDs** box should be activated and you can enter a list of identity object IDs. These IDs can be the identity object IDs of:
47
47
48
-
1. An Azure Active Directory user.
49
-
1. An Azure Active Directory service principal.
50
-
1. An Azure Active directory security group.
48
+
* An Azure Active Directory user.
49
+
* An Azure Active Directory service principal.
50
+
* An Azure Active directory security group.
51
51
52
52
You can read the article on how to [find identity object IDs](find-identity-object-ids.md) for more details.
53
53
54
54
After entering the required object IDs, click **Save** and wait for changes to be saved before trying to access the data plane using the assigned users, service principals, or groups.
55
55
56
56
## Caching behavior
57
57
58
-
The Azure API for FHIR will cache decisions for up to 5 minutes. If you grant a user access to the FHIR server by adding them to the list of allowed object ids, or you remove them from the list, you should expect it to take up to five minutes for changes in permissions to propagate.
58
+
The Azure API for FHIR will cache decisions for up to 5 minutes. If you grant a user access to the FHIR server by adding them to the list of allowed object IDs, or you remove them from the list, you should expect it to take up to five minutes for changes in permissions to propagate.
0 commit comments