Authorization and Access Control

This section covers Medplum's authorization tools. Medplum supports a rich set of primitives to provide fine grained control over what data users can access, and what operations the can perform.

The AccessPolicy resource can be used to restrict read and write access to FHIR data, either on a per-resource type or per-field basis. The access policy guide covers the basics of setting up AccessPolicies.

AccessPolicies can also be used to restrict access based on the user's IP address, which is described in the IP Address Rules guide.

Medplum also supports SMART scopes for SMART-on-FHIR applications.