Hospital Patient Record Portal
Secure access to patient records with dynamic, externalized authorization
Demo Features
Dynamic Authorization
Authorization rules are externalized in OPA policies, not hardcoded in the application.
ReBAC - Care Team
Clinicians can only access patients they are assigned to care for.
ABAC - Department Scope
Department staff can view non-sensitive patient summaries within their department.
Sensitive Records
VIP and psychiatry records require explicit assignment or elevated privileges.
Action-Level Control
Different roles have different permitted actions (view, add_note, discharge).
Break-Glass Access
Emergency access with mandatory justification and full audit trail.
Architecture
Spring Boot App
Policy Enforcement Point (PEP)
authz-spring-boot-starter
authz-spring-boot-starter
→
Open Policy Agent
Policy Decision Point (Rego Policies)
←
Big ACL
Policy Administration Point (PAP)