<status value="active"/><experimental value="false"/><date value="2022-08-05T10:01:24+11:00"/><publisher value="HL7 (FHIR Project)"/><contact><telecom><system value="url"/><value value="http://hl7.org/fhir"/></telecom><telecom><system value="email"/><value value="fhir@lists.hl7.org"/></telecom></contact><description value="Codes identifying the rule combining. See XACML Combining algorithms http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-cos01-en.html"/><jurisdiction><coding><system value="http://unstats.un.org/unsd/methods/m49/m49.htm"/><code value="001"/><display value="World"/></coding></jurisdiction><caseSensitive value="true"/><content value="complete"/><concept><code value="deny-overrides"/><display value="Deny-overrides"/><definition value="The deny overrides combining algorithm is intended for those cases where a deny decision should have priority over a permit decision."/></concept><concept><code value="permit-overrides"/><display value="Permit-overrides"/><definition value="The permit overrides combining algorithm is intended for those cases where a permit decision should have priority over a deny decision."/></concept><concept><code value="ordered-deny-overrides"/><display value="Ordered-deny-overrides"/><definition value="The behavior of this algorithm is identical to that of the “Deny-overrides” rule-combining algorithm with one exception. The order in which the collection of rules is evaluated SHALL match the order as listed in the permission."/></concept><concept><code value="ordered-permit-overrides"/><display value="Ordered-permit-overrides"/><definition value="The behavior of this algorithm is identical to that of the “Permit-overrides” rule-combining algorithm with one exception. The order in which the collection of rules is evaluated SHALL match the order as listed in the permission."/></concept><concept><code value="deny-unless-permit"/><display value="Deny-unless-permit"/><definition value="The “Deny-unless-permit” combining algorithm is intended for those cases where a permit decision should have priority over a deny decision, and an “Indeterminate” or “NotApplicable” must never be the result. It is particularly useful at the top level in a policy structure to ensure that a PDP will always return a definite “Permit” or “Deny” result."/></concept><concept><code value="permit-unless-deny"/><display value="Permit-unless-deny"/><definition value="The “Permit-unless-deny” combining algorithm is intended for those cases where a deny decision should have priority over a permit decision, and an “Indeterminate” or “NotApplicable” must never be the result. It is particularly useful at the top level in a policy structure to ensure that a PDP will always return a definite “Permit” or “Deny” result. This algorithm has the following behavior."/></concept></CodeSystem>

This code system http://hl7.org/fhir/permission-rule-combining defines the following codes:

Code	Display	Definition
deny-overrides	Deny-overrides	The deny overrides combining algorithm is intended for those cases where a deny decision should have priority over a permit decision.
permit-overrides	Permit-overrides	The permit overrides combining algorithm is intended for those cases where a permit decision should have priority over a deny decision.
ordered-deny-overrides	Ordered-deny-overrides	The behavior of this algorithm is identical to that of the “Deny-overrides” rule-combining algorithm with one exception. The order in which the collection of rules is evaluated SHALL match the order as listed in the permission.
ordered-permit-overrides	Ordered-permit-overrides	The behavior of this algorithm is identical to that of the “Permit-overrides” rule-combining algorithm with one exception. The order in which the collection of rules is evaluated SHALL match the order as listed in the permission.
deny-unless-permit	Deny-unless-permit	The “Deny-unless-permit” combining algorithm is intended for those cases where a permit decision should have priority over a deny decision, and an “Indeterminate” or “NotApplicable” must never be the result. It is particularly useful at the top level in a policy structure to ensure that a PDP will always return a definite “Permit” or “Deny” result.
permit-unless-deny	Permit-unless-deny	The “Permit-unless-deny” combining algorithm is intended for those cases where a deny decision should have priority over a permit decision, and an “Indeterminate” or “NotApplicable” must never be the result. It is particularly useful at the top level in a policy structure to ensure that a PDP will always return a definite “Permit” or “Deny” result. This algorithm has the following behavior.