Skip to main content


Medplum Projects are the primary mechanism of access control. Projects are isolated containers of FHIR resources that are administered separately, and which can have different settings.

Medplum Projects enable the following use cases:

  • Development vs. Production: A common requirement for development teams to have a separate Project , with non-protected data, for testing and debugging, before deploying workflow changes to production. A common Medplum usage pattern is to create a "development", "staging", and "production" Project.

  • Multi-tenancy: In B2B2C environments, a service provider may partner with multiple healthcare organizations to deliver care to patients. Projects can provide each of these partners their own isolated environments, that have their own patient data, log-in flows, and project administrators. Medplum uses a multi-tenant instance for our hosted offering.

Isolation Model

Medplum Projects create a hard boundary between FHIR resources, and resources within one project cannot reference resources in another.

Additionally, Projects each have their own user administration. A user can be a member of one, or multiple Projects, with different privileges in each. See our User Administration Guide for more information.

Projects can each be configured with own global settings and secrets (see Project Settings below).

Server Shared resources

For performance and convenience, the Medplum server provides some system level, read-only resources that are shared between projects. Examples include StructureDefinitions and ValueSets.

While they do cross the Project isolation boundary, most application developers will not have to interact these resources.

The SuperAdmin Project

The main exception to this isolation model is the "Super Admin" project. This is a special project that provides a global view over all the resources on the Medplum server. See our SuperAdmin Guide for more information.

The SuperAdmin has the following privileges:

  • Access to protected resources.
  • Ability to overwrite the id of a resource, which is normally server generated.
  • Ability to overwrite fields in the meta element of resources such as author, lastUpdated, etc.

Logging into the Super Admin project allows for potential dangerous operations and is only intended for server administrators

Checking If You Are In The SuperAdmin Project

To switch to the SuperAdmin project or check if you are already in it, you can use the profile selector.

project switcher

Creating a Project

Medplum App

Project Settings

You can find the full Project resource schema here

superAdminWhether this project is the super administrator project (see above).false
strictModeWhether this project uses strict FHIR validation, based on FHIR profiles. Strongly recommend setting this to true.true
checkReferencesOnWriteIf true, the the server will reject any create or write operations to a FHIR resource with invalid references.false
featuresA list of optional features that are enabled for the project. Allowed values are:
defaultPatientAccessPolicyThe default AccessPolicy applied to all Patient Users invited to this Project. This is required to enable open patient registration.

Project Secrets

Each Project can store a set of key/value pairs to store configuration values, such as API keys, needed by Bots.

See Bot Secrets for more information.

Cloning and Expunging Projects

Self-hosted users have two advanced project administration operations available to them:

  • $clone - Make a copy of an existing Project and all its resources.
  • $expunge - Perform a "hard delete" of Project and all its resources. This will remove all the related resource rows from the database.

For more information, refer to the Super Admin Project Management guide

See Also