Resource access

In order to view and edit information from ClaimCenter, a caller needs to be able to access one or more endpoints. This type of access is known as endpoint access. For example, if a caller has access to the GET /claims endpoint, that caller can view claims.

However, having access to a given endpoint does not mean a caller can view every resource that endpoint could return. In some cases, callers can access only certain instances of the relevant resource. For example, the GET /claims endpoint could be available to a policyholder, an adjuster, and a service vendor. But each of these users have access to a different set of claims:

  • The policyholder can see only the claims associated with the policies they hold.
  • The adjuster can see only the claims assigned to them.
  • The service vendor can see only the claims that have a service request assigned to them.

Also, having access to a given resource does not mean a caller can always view or edit every field on that resource. For example, suppose Ray Newton has filed a claim for an auto accident in which he hit another vehicle. Ray Newton can view all the information about his own vehicle. But, for the third-party vehicle, he can view only the vehicle make and model. He cannot edit the make and model and he cannot view any other information about the vehicle.

This type of access is known as resource access. Resource access determines which instances of a given resource are available to a given caller. Resource access is defined by a set of resource access strategies. This topic describes how resource access strategies are assigned to a caller, how they are executed for each call, and how to interpret the base configuration files so that you can understand how resource access is executed.

In ClaimCenter, resource access can also influence which fields are accessible on a given resource.

  • For some callers, for a given type of resource, the caller has access to the same fields on every accessible resource. This applies to services and service providers (vendors). For example, a service provider can access service requests, and a service provider has access to the same set of fields for every service request they can access.
  • For other types of callers, for a given type of resource, the fields that a caller can access varies based on the business relationship the caller has with the resource. This applies to claimants and producers. For example, a claimant, such as a policyholder, can typically access vehicle incidents on their claims. But, the fields a policyholder can access on a vehicle vary based on whether the vehicle is theirs or belongs to a third party.

This topic covers only the first approach to resource access, where a caller can see the same set of fields on every accessible resource. For information on the second approach, see Filtered access to third-party data.