Skip to main content

Access Control Overview

Access control lets you create a policy to control who can interact with a resource within the PHC. PHC uses Attribute Based Access Control (ABAC) to support both simple and complex access control needs.

A simple example of access control is a policy that allows the researcher Julie the permission to create a subject in the vaccine project. Under the ABAC model, the user is performing an action on a resource in an environment. The user, action, resource, and environment all have attributes or key/value pairs. An ABAC policy contains the attributes that define the privileges of the user.

PHC access control is cumulative. All the permissions granted are allowed. If two permissions grant different levels of access, the most permissive access takes effect.

There are some actions that all users in any group within a PHC account can perform via the API regardless of the ABAC policies in place. Note that these actions cannot be performed via the User Interface and no data associated with any subject is exposed by these actions:

  • Read all consents in all projects
  • Read all surveys in all projects
  • Read all insights layouts, subject viewer layouts, and subject search saved searches
  • List all projects including their name and description and other associated metadata

For detailed information on ABAC, see sections 1 and 2 of the NIST's Guide to Attribute Based Access Control.

Default ABAC Policies in Access Control

Each PHC account comes with a standard access control scheme in place. It includes the three basic policies shown below.

Policy NameGroupsPermissions
User AccessUsersRead Data
Subject AccessSubjectsCreate Data, Read Data, Update Data, and Delete Data restricted to the subject's own data.
Administrator AccessAdministratorThis policy includes all permissions except Layout and Read Masked Data.

An administrator can start with this default scheme and add additional policies and groups as their organization evolves. If an administrator needs additional permissions not already included in the Administrator Access policy, they have the permissions needed to add to the policy or create a new policy.

To see the default ABAC policies, click the logo at the top of any PHC page to go to the settings page, then click Account Info and Access Control.

In the Access Control page Policy Type column, the default ABAC policies and other policies created automatically by PHC are designated Standard. Custom policies are designated Advanced.

Default ABAC Groups in Access Control

Each default access control policy has a matching group. Adding a user to the group gives the user the permissions from the policy. Users in the Administrators group can update and delete existing groups and policies and create new ones.

Sample Policy

Access control allows you to create custom policies for the specific needs of your project. The example below shows a simple policy designed to allow subjects of a study to read their own data. It contains the three main components required to create a PHC access control policy. These components correspond to the ABAC model.

  • Permissions - Permissions are the set of actions allowed by the policy. The only action allowed in the sample policy is to Read Data. This permission is further limited by restricting the policy member's action to their own data.
  • Resource - Resource options pertain to the resource being accessed. In PHC, the resource can be defined by belonging to a specific dataset or by being a specific type of resource.
  • User - The user specifies which people are members of the policy. Group membership defines these members. In our example, a researcher created the group Gradibus Subjects and sent a PHC group invitation email to the research subjects. Project Example

ABAC Tables

The following tables provide information on PHC access control components.

Privileges and Permission

ABAC PrivilegePrivilege NameUI PathDescription
accessAdminAdminister AccessPermissions > Administration > AccessAllows a user to create, update, and delete groups and policies
accountAdminAdminister AccountPermissions > Administration > AccountAllows a user to update and delete the account, manage auth clients, and configure clinical trial matching.
apiKeyUserManage API KeysPermissions > Other > Manage API KeysAllows a user to create and revoke their API keys for account access
billingAdminAdminister BillingPermissions > Administration > BillingAllows a user to manage billing and usage
createDataCreate DataPermissions > Data Access > Create DataAllows a user to add new subject data and files
deleteDataDelete DataPermissions > Data Access > Delete DataAllows a user to delete subject data and files
developAppsDevelop AppsPermissions > Other > Develop AppsAllows a user to develop and release custom built apps
downloadFileDownload FilePermissions > Data Access > Download FileAllows a user to download file based data
engagementAdminAdminister Engagement FlowsPermissions > Administration > Engagement FlowsAllows a user to configure and add subjects to engagement flows
inviteUsersInvite UsersPermissions > Other > Invite UsersAllows a user to send email invitations to other users to join group
publishContentPublish ContentPermissions > Other > Publish ContentAllows a user to publish content to the PHC marketplace
layoutAdminAdminister LayoutsPermissions > Administration > LayoutAllows a user to create, update, and delete subject viewer layouts
projectAdminAdminister ProjectsPermissions > Administration > ProjectAllows a user to create, update, and delete projects; view, create, and edit gene sets
readDataView DataPermissions > Data Access > Read DataAllows a user to list files, view subject data, view gene sets, create gene sets, and edit gene sets they've created
readMaskedDataView Masked Data OnlyPermissions > Other > Read Masked DataAllows a user to list files, view subject data with identifying information masked, view gene sets, create gene sets, and edit gene sets they've created
ruleAdminAdminister RulesPermissions > Administration > RulesAllows a user to create, update, and delete rules
updateDataUpdate DataPermissions > Data Access > Update DataAllows a user to alter existing subject data and files

Resource Types

You can restrict the Data Access privileges (Create Data, View Data, Update Data and Delete Data) by resource types.

Resource TypeUI PathDescription
Insights (insights)Resource > Resource Type > InsightsAggregate data that is viewable on the Insights and Subject Search pages; many of the Subject Search filter options
PatientResource > Resource Type > PatientPatient demographics Subject Search filters (e.g. name, identifier) and Subject Viewer demographics details
ObservationResource > Resource Type > ObservationObservation data that is viewable on the Subjects page.
ConditionResource > Resource Type > ConditionCondition data that is viewable on the Subjects page.
ProcedureResource > Resource Type > ProcedureProcedure data that is viewable on the Subjects page.
CohortResource > Resource Type > CohortCohort data that is viewable on the Cohorts page or Subject Search
GeneSetResource > Resource Type > Gene SetGene set data that is viewable on the Knowledge, Subject Search and Omics Explorer pages
QuestionnaireResource > Resource Type > QuestionnaireSurveys configured on the Surveys page, consent terms configured on the Consents page, and FHIR Questionnaire resources
QuestionnaireResponseResource > Resource Type > Questionnaire ResponseSurvey responses completed by subjects and FHIR Questionnaire Response resources
ConsentResource > Resource Type > ConsentConsent agreement completed by a subject and general FHIR Consent resources
TerminologyResource > Resource Type > TerminologyOntology and terminology data used in Subject Search filters, Insights layouts and Subject Viewer layouts
jobNAGranting Create Data access to this resource type allows a user to run bulk actions in Subject Search such as assigning surveys
FHIR Resource TypesNAAll FHIR resource types supported by the PHC, including: Observation, Condition, Procedure, and others..
Data LakeResource > Resource Type > Data LakeResult files created by running data-lake queries