-
Notifications
You must be signed in to change notification settings - Fork 1
/
healthcare.alfa
53 lines (42 loc) · 1.08 KB
/
healthcare.alfa
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
namespace axiomatics.demo{
import System
/*Access to MEDICAL RECORDS (ADAF) */
policy healthcare{
target clause table_name == "MEDICALRECORDS" and
action_id == "SELECT"
apply denyOverrides
/*Customers can view their own records */
rule members{
target clause user.role == "customer"
condition stringOneAndOnly(medicalrecord.patientId) == stringOneAndOnly(user.userId)
permit
on permit{
advice decision_reason {
reason = "Customers can view their own records"
}
}
}
/* Doctors can view their patients records */
rule Doctors{
target clause user.role == "doctor"
condition stringOneAndOnly(medicalrecord.assignedDoctor) == stringOneAndOnly(user.userId)
permit
on permit{
advice decision_reason {
reason = "Doctors can view their patients records"
}
}
}
/*Mask Social Security number */
rule mask_ssn{
target clause column_name == "SSN" and
user.role == "doctor"
deny
on deny{
advice decision_reason {
reason = "Mask Social Security number"
}
}
}
}
}