# Access Management

The [AccessStore smart contract](https://github.com/bsn-si/IPEHR-blockchain-indexes/blob/develop/contracts/AccessStore.sol) is used to manage access rights to documents and groups.

```remix-solidity
enum AccessLevel { NoAccess, Owner, Admin, Read }
enum AccessKind { NoKind, Doc, DocGroup, UserGroup }

mapping(bytes32 => Access[]) accessStore;  // accessID -> Access[]

struct Access {
        AccessKind   kind;
        bytes32      idHash;
        bytes        idEncr;    // id encrypted by access key
        bytes        keyEncr;   // access key encrypted by user private key
        AccessLevel  level;
}
```

The keys of the access table can be of arbitrary form. But currently the keys are calculated as follows:

```
accessID = Keccak256(subjectIdHash + accessKind)
```

Thus an array of objects of the specified type belonging to the given subject can be grouped under this key. For each object the access level is indicated. Basic levels are `owner`, `admin`, `read`.

When adding or changing access rights to a subject, the smart contract checks the access rights level of the person making the request. For the request to succeed, the requestor's access level must be `admin` or `owner`.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://ipehr.gitbook.io/docs/concepts/components/access-management.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.