Docs
  • Welcome to the ipEHR docs
  • Concepts
    • Basics
      • What is EHR?
      • What is ipEHR?
      • ipEHR and the problems it solves
      • How ipEHR works
    • Components
      • Gateway
      • Datastore Node
      • Document Index
      • Users Directory
      • Access Management
      • Data publishing
    • Encryption
  • Guides
    • Install
      • Contracts deployment
      • Gateway
      • Stat
  • Reference
    • APIs
      • Gateway HTTP REST API
      • Stat HTTP REST API
    • Contracts
      • EhrIndexer
      • Users
      • AccessStore
      • DataStore
Powered by GitBook
On this page
  1. Concepts
  2. Components

Access Management

PreviousUsers DirectoryNextData publishing

Last updated 1 year ago

The is used to manage access rights to documents and groups.

enum AccessLevel { NoAccess, Owner, Admin, Read }
enum AccessKind { NoKind, Doc, DocGroup, UserGroup }

mapping(bytes32 => Access[]) accessStore;  // accessID -> Access[]

struct Access {
        AccessKind   kind;
        bytes32      idHash;
        bytes        idEncr;    // id encrypted by access key
        bytes        keyEncr;   // access key encrypted by user private key
        AccessLevel  level;
}

The keys of the access table can be of arbitrary form. But currently the keys are calculated as follows:

accessID = Keccak256(subjectIdHash + accessKind)

Thus an array of objects of the specified type belonging to the given subject can be grouped under this key. For each object the access level is indicated. Basic levels are owner, admin, read.

When adding or changing access rights to a subject, the smart contract checks the access rights level of the person making the request. For the request to succeed, the requestor's access level must be admin or owner.

AccessStore smart contract