Authorization and Access Control

This section covers Medplum's authorization tools. Medplum supports a rich set of primitives to provide fine-grained control over what data users can access and what operations they can perform.

The key concept is the AccessPolicy resource, which restricts read and write access to FHIR data on a per-resource-type or per-field basis. Every user or client application can be assigned an AccessPolicy that defines exactly which resources they can see and modify.

• Access Policies — Set up resource-level and field-level access control
• IP Address Rules — Restrict access based on the user's IP address
• SMART Scopes — Support for SMART-on-FHIR applications