...
List operations on resources that are not part of the OU hierarchy (i.e. users, patients, etc) have a similar behavior. The following example details the flow for a listUsers operation, but this flow can be extrapolated to other resources.
Read/Update/Delete Operations
Read operations on resources that are not part of the OU hierarchy (i.e. users, patients, etc) have a similar behavior. The following example details the flow for a readUser operation, but this flow can be extrapolated to other resources.
Other permissions that also fall into this category are re_schedule_alerts, discharge_patient and final_discharge_patient.
Access Scope-free permissions
There are certain permissions that are not evaluated in any Access Scope. Examples of these permissions are: send_messages, read_alerts_only_from_associated_patients and read_alerts_from_entire_organization.
When these permissions need to be evaluated, the application just checks whether the permission is present or not in the User's role/s.