FHIRWeb Console is a testing tool that can be used by developers and administrators to view data in the CDR, create searches, and perform other FHIR operations (create, read, update, etc.) from a web-based console.
FHIRWeb Console is not intended as an end-user tool. It is not, for example, a GUI that could be used to present clinical FHIR data to clinicians for providing care. Instead it is intended as a tool for back-office staff to interact with data in the CDR.
FHIRWeb Console requires a FHIR Endpoint, and shares the same settings and backing database as the endpoint it is configured to use. However, FHIRWeb Console uses an internal hook to communicate with the endpoint, meaning that:
This is illustrated in the following diagram:
Users accessing the FHIRWeb Console are authenticated directly into the FHIRWeb Console. In other words, if an Inbound Security module is specified as a dependency, users will be presented with a login page when they access the console.
In order to be permitted to log into FHIRWeb console, a user must be granted the
ACCESS_FHIRWEB permission. However, this permission alone is not sufficient for a user to be able to use the console. When users log in, their regular user permissions will be applied to any FHIR requests they make. If the logged in user has access only to read one Patient's compartment then any requests that exceed this permission will be rejected exactly as though the user was making their request directly against the FHIR Endpoint.
At a minimum in order to be able to browse the console, the user needs to have the
FHIR_CAPABILITIES permission, which allows the user to access a list of available resources.
Additional capabilities can be enabled using appropriate permissions. For example, if the user has been granted the
FHIR_ALL_READ permission, they will be allowed to browse all data using the console but will not be permitted to perform write operations.
In a typical configuration, all access to data is secured and requires an authenticated user. However, it is desirable to allow unauthenticated access to data in some situations. For example, some scenarios where this would be useful might include:
If you wish to allow users to be able to access FHIRWeb Console without requiring authentication, there are two configuration settings required:
When creating a module of this type, there are only a few required configuration options:
Optionally, an Inbound Security module dependency can be specified in order for the FHIRWeb Console to be able to authenticate users and authorize them.
The console is accessed simply by pointing a browser at the selected port on the server. For example, if port
8001 was selected and the system is deployed to the server
test.acme.com, the following URL should be used:
The user will be presented with a login page. Once logged in, the home page of FHIRWeb Console appears as follows:
See the FHIRWeb Console Module Configuration for a complete list of available configuration options for this module.