RuleBuilder for Get requests nested inside the Bundle batch operation

Neeraj Kumar

unread,

Apr 9, 2025, 2:30:03 AMApr 9

to HAPI FHIR

Hi,

I am using the Hapi-Fhir 7.4.3 version and am facing an issue related to RuleBuilder. The Get requests nested inside the Bundle batch operation are throwing the error below: "HAPI-0334: Access denied by default policy (no applicable rules)."

If I hit the nested Get request directly, then it works fine. Not sure how to fix this issue.

Written RuleBuilder:

patientRuleBuilder
    .allow().transaction().withAnyOperation().andApplyNormalRules().andThen()
    .allow().read().allResources().inCompartment("Patient", new IdType("Patient", patientId).andThen()
    .allow().write().allResources().inCompartment("Patient", new IdType("Patient", patientId).andThen();

Working API Call:

Request Type: GET

Request URL:

http://localhost:8080/apis/fhir/R4/tenantId/Observation?_sort=-date&subject:Patient.patient-custom-identifier-phone=MOB_8080808080

Response: 200 OK

{
    "resourceType": "Bundle",
    "id": "520194c3-31c8-4944-b139-3ff68d11fb58",
    "meta": {
        "lastUpdated": "2025-04-09T11:43:42.170+05:30"
    },
    "type": "searchset",
    "total": 1,
    "entry": [
        {
            "fullUrl": "http://localhost:8080/apis/fhir/R4/tenantId/Observation/12345",
            "resource": {
                "resourceType": "Observation",
                 ........
            },
            "search": {
                "mode": "match"
            }
        }
    ]
}

Failed API Call:

Request Type: POST

Request URL:

http://localhost:8080/apis/fhir/R4/tenantId

Request Body:

{
    "resourceType": "Bundle",
    "type": "batch",
    "entry": [
        {
            "request": {
                "method": "GET",
                "url": "/Observation?_sort=-date&subject:Patient.patient-custom-identifier-phone=MOB_8080808080"
            }
        }
    ]
}
Response: 200 OK
{
    "resourceType": "Bundle",
    "id": "e9861ccf-cf52-4921-ba18-6ca16cae73d7",
    "type": "batch-response",
    "link": [
        {
            "relation": "self",
            "url": "http://localhost:8080/apis/fhir/R4/tenantId"
        }
    ],
    "entry": [
        {
            "response": {
                "status": "403 Forbidden",
                "outcome": {
                    "resourceType": "OperationOutcome",
                    "text": {
                        "status": "generated",
                        "div": "<div xmlns=\"http://www.w3.org/1999/xhtml\"><h1>Operation Outcome</h1><table border=\"0\"><tr><td style=\"font-weight: bold;\">ERROR</td><td>[]</td><td>HAPI-0334: Access denied by default policy (no applicable rules)</td></tr></table></div>"
                    },
                    "issue": [
                        {
                            "severity": "error",
                            "code": "exception",
                            "diagnostics": "HAPI-0334: Access denied by default policy (no applicable rules)"
                        }
                    ]
                }
            }
        }
    ]
}

Any help would be appreciated. Thanks

James Agnew

unread,

Apr 9, 2025, 8:12:57 AMApr 9

to Neeraj Kumar, HAPI FHIR

Do you see the same behaviour on the current release (8.0.0)?

Cheers,

James

--
You received this message because you are subscribed to the Google Groups "HAPI FHIR" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hapi-fhir+...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/hapi-fhir/0bf25d41-09e5-4d40-a478-3d8c791d59ecn%40googlegroups.com.

Neeraj Kumar

unread,

Apr 10, 2025, 12:16:42 AMApr 10

to HAPI FHIR

Hi James,

I have not tested with the current release (8.0.0). I'll try the new version once.

Thanks

Reply all

Reply to author

Forward