This guide shows how to provide access for a group of users with the same role (for example, doctor) to specific data. PureKit provides you with the functionality to encrypt data for a role, where each role has its own data encryption key that is shared between its participants.
To create a specific role use the
While creating a role, it is required to have at least one existing user that will be related to this role, otherwise, you can assign this role to an admin.
In this example,
doctorAdminUserId is the ID of the first user who this role will be assigned to.
To assign a specific role to a user use the
This function allows you to share access to the data shared with a specific role with every newly assigned role member.
pure.assignRole("Doctor", doctorAdminGrant, someDoctorUserId);
In this example,
doctorAdminGrant is the user Grant of the role admin. Learn more about Pure Grant in this article.
In case if the role is taken away from a user, they also lose access to the data shared for this role.
Encrypt data for specific role
Now when you need to encrypt some data for specific role(s), create a list of
roleName(s) of the roles you want to encrypt for. Then, pass the list to the
byte cipherText = pure.encrypt(userId1, dataId, Collections.emptySet(), Collections.singleton(roleName), Collections.emptyList(), text);
Decrypt data for specific role
To decrypt data encrypted for a specific role, use the
decrypt function. The user will be able to decrypt the data if they are assigned with the role that the data was encrypted for:
byte plainText = pure.decrypt(authResult.getGrant(), dataId, cipherText);