Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
In this article, you learn how to use Azure role-based access control (RBAC) to assign permissions to the FHIR and DICOM service instances in Azure Health Data Services.
Azure RBAC is an authorization system built on Azure Resource Manager that provides fine-grained access management of Azure resources. By using Azure RBAC, you can manage who has access to Azure resources, what they can do with those resources, and what areas they have access to.
You can manage role assignments in the Azure portal for the FHIR® service and DICOM® service.
RBAC roles for the FHIR and DICOM services
Azure Health Data Services provides built-in roles for the FHIR and DICOM services. These roles provide granular access control to the data plane of each service.
The built-in roles for the FHIR service include:
- FHIR Data Reader: Can read and search FHIR data.
- FHIR Data Writer: Can read, write, and soft delete FHIR data.
- FHIR Data Exporter: Can read and export data by using the $export operator.
- FHIR Data Contributor: Can perform all data plane operations.
- FHIR Data Converter: Can use the converter to perform data conversion.
- FHIR SMART User: Can read and write FHIR data according to the SMART IG V1.0.0 specifications.
The built-in roles for the DICOM service include:
- DICOM Data Owner: Full access to DICOM data.
- DICOM Data Reader: Can read and search DICOM data.
Assign roles for the FHIR and DICOM services
Assign roles to users, service principals, or groups to grant them access to the FHIR and DICOM services.
For the DICOM service, an application also must have the appropriate API permissions to access the DICOM service. For more information, see Register a client application in Microsoft Entra ID for the Azure Health Data Services.
Go to your FHIR or DICOM service in the Azure portal.
Select Access control (IAM).
Select + Add > Add role assignment.
Enter DICOM or FHIR in the search box, select one of the built-in roles for the service, and then select Next.
On the Members tab, for Assign access to, select User, group, or service principal.
Select + Select members to search for a user, service principal, or group that you want to assign the role to. After you make your selection, select Select.
Select Review + assign to take you to the Review and assign tab. Review your selections, and then select Review and assign to finish the role assignment.
To view your role assignments, select the Role assignments tab from the Access control (IAM) menu option.
From this tab, you can select any role assignment to view more details about the assignment. You can also delete a role assignment from this tab by selecting the role assignment, and then selecting Delete.
Note
If you can't access the FHIR or DICOM service in your application or other tools, you might need to wait a few more minutes for the role assignment to finish propagating in the system.