Console
    Contact Us Start free

    Package google.cloud.healthcare.v1beta1.consent

    Index

    ConsentService

    A service for managing user consents.

    ActivateConsent

    rpc ActivateConsent( ActivateConsentRequest ) returns ( Consent )

    Activates the latest revision of the specified Consent by committing a new revision with state updated to ACTIVE . If the latest revision of the specified Consent is in the ACTIVE state, no new revision is committed. A FAILED_PRECONDITION error occurs if the latest revision of the specified consent is in the REJECTED or REVOKED state.

    Authorization scopes

    Requires one of the following OAuth scopes:

    • https://www.googleapis.com/auth/cloud-healthcare
    • https://www.googleapis.com/auth/cloud-platform

    For more information, see the Authentication Overview .

    ArchiveUserDataMapping

    rpc ArchiveUserDataMapping( ArchiveUserDataMappingRequest ) returns ( ArchiveUserDataMappingResponse )

    Archives the specified User data mapping .

    Authorization scopes

    Requires one of the following OAuth scopes:

    • https://www.googleapis.com/auth/cloud-healthcare
    • https://www.googleapis.com/auth/cloud-platform

    For more information, see the Authentication Overview .

    CheckDataAccess

    rpc CheckDataAccess( CheckDataAccessRequest ) returns ( CheckDataAccessResponse )

    Checks if a particular data_id of a User data mapping in the specified consent store is consented for the specified use.

    Authorization scopes

    Requires one of the following OAuth scopes:

    • https://www.googleapis.com/auth/cloud-healthcare
    • https://www.googleapis.com/auth/cloud-platform

    For more information, see the Authentication Overview .

    CreateAttributeDefinition

    rpc CreateAttributeDefinition( CreateAttributeDefinitionRequest ) returns ( AttributeDefinition )

    Creates a new Attribute definition in the parent consent store .

    Authorization scopes

    Requires one of the following OAuth scopes:

    • https://www.googleapis.com/auth/cloud-healthcare
    • https://www.googleapis.com/auth/cloud-platform

    For more information, see the Authentication Overview .

    CreateConsent

    rpc CreateConsent( CreateConsentRequest ) returns ( Consent )

    Creates a new Consent in the parent consent store .

    Authorization scopes

    Requires one of the following OAuth scopes:

    • https://www.googleapis.com/auth/cloud-healthcare
    • https://www.googleapis.com/auth/cloud-platform

    For more information, see the Authentication Overview .

    CreateConsentArtifact

    rpc CreateConsentArtifact( CreateConsentArtifactRequest ) returns ( ConsentArtifact )

    Creates a new Consent artifact in the parent consent store .

    Authorization scopes

    Requires one of the following OAuth scopes:

    • https://www.googleapis.com/auth/cloud-healthcare
    • https://www.googleapis.com/auth/cloud-platform

    For more information, see the Authentication Overview .

    CreateConsentStore

    rpc CreateConsentStore( CreateConsentStoreRequest ) returns ( ConsentStore )

    Creates a new consent store in the parent dataset. Attempting to create a consent store with the same ID as an existing store fails with an ALREADY_EXISTS error.

    Authorization scopes

    Requires one of the following OAuth scopes:

    • https://www.googleapis.com/auth/cloud-healthcare
    • https://www.googleapis.com/auth/cloud-platform

    For more information, see the Authentication Overview .

    CreateUserDataMapping

    rpc CreateUserDataMapping( CreateUserDataMappingRequest ) returns ( UserDataMapping )

    Creates a new User data mapping in the parent consent store .

    Authorization scopes

    Requires one of the following OAuth scopes:

    • https://www.googleapis.com/auth/cloud-healthcare
    • https://www.googleapis.com/auth/cloud-platform

    For more information, see the Authentication Overview .

    DeleteAttributeDefinition

    rpc DeleteAttributeDefinition( DeleteAttributeDefinitionRequest ) returns ( Empty )

    Deletes the specified Attribute definition . Fails if the Attribute definition is referenced by any User data mapping , or the latest revision of any Consent .

    Authorization scopes

    Requires one of the following OAuth scopes:

    • https://www.googleapis.com/auth/cloud-healthcare
    • https://www.googleapis.com/auth/cloud-platform

    For more information, see the Authentication Overview .

    DeleteConsent

    rpc DeleteConsent( DeleteConsentRequest ) returns ( Empty )

    Deletes the Consent and its revisions. To keep a record of the Consent but mark it inactive, see [RevokeConsent]. To delete a revision of a Consent, see [DeleteConsentRevision]. This operation does not delete the related Consent artifact.

    Authorization scopes

    Requires one of the following OAuth scopes:

    • https://www.googleapis.com/auth/cloud-healthcare
    • https://www.googleapis.com/auth/cloud-platform

    For more information, see the Authentication Overview .

    DeleteConsentArtifact

    rpc DeleteConsentArtifact( DeleteConsentArtifactRequest ) returns ( Empty )

    Deletes the specified Consent artifact . Fails if the artifact is referenced by the latest revision of any Consent .

    Authorization scopes

    Requires one of the following OAuth scopes:

    • https://www.googleapis.com/auth/cloud-healthcare
    • https://www.googleapis.com/auth/cloud-platform

    For more information, see the Authentication Overview .

    DeleteConsentRevision

    rpc DeleteConsentRevision( DeleteConsentRevisionRequest ) returns ( Empty )

    Deletes the specified revision of a Consent . An INVALID_ARGUMENT error occurs if the specified revision is the latest revision.

    Authorization scopes

    Requires one of the following OAuth scopes:

    • https://www.googleapis.com/auth/cloud-healthcare
    • https://www.googleapis.com/auth/cloud-platform

    For more information, see the Authentication Overview .

    DeleteConsentStore

    rpc DeleteConsentStore( DeleteConsentStoreRequest ) returns ( Empty )

    Deletes the specified consent store and removes all the consent store's data.

    Authorization scopes

    Requires one of the following OAuth scopes:

    • https://www.googleapis.com/auth/cloud-healthcare
    • https://www.googleapis.com/auth/cloud-platform

    For more information, see the Authentication Overview .

    DeleteUserDataMapping

    rpc DeleteUserDataMapping( DeleteUserDataMappingRequest ) returns ( Empty )

    Deletes the specified User data mapping .

    Authorization scopes

    Requires one of the following OAuth scopes:

    • https://www.googleapis.com/auth/cloud-healthcare
    • https://www.googleapis.com/auth/cloud-platform

    For more information, see the Authentication Overview .

    EvaluateUserConsents

    rpc EvaluateUserConsents( EvaluateUserConsentsRequest ) returns ( EvaluateUserConsentsResponse )

    Evaluates the user's Consents for all matching User data mappings .

    Note: User data mappings are indexed asynchronously, which can cause a slight delay between the time mappings are created or updated and when they are included in EvaluateUserConsents results.

    Authorization scopes

    Requires one of the following OAuth scopes:

    • https://www.googleapis.com/auth/cloud-healthcare
    • https://www.googleapis.com/auth/cloud-platform

    For more information, see the Authentication Overview .

    GetAttributeDefinition

    rpc GetAttributeDefinition( GetAttributeDefinitionRequest ) returns ( AttributeDefinition )

    Gets the specified Attribute definition .

    Authorization scopes

    Requires one of the following OAuth scopes:

    • https://www.googleapis.com/auth/cloud-healthcare
    • https://www.googleapis.com/auth/cloud-platform

    For more information, see the Authentication Overview .

    GetConsent

    rpc GetConsent( GetConsentRequest ) returns ( Consent )

    Gets the specified revision of a Consent , or the latest revision if revision_id is not specified in the resource name.

    Authorization scopes

    Requires one of the following OAuth scopes:

    • https://www.googleapis.com/auth/cloud-healthcare
    • https://www.googleapis.com/auth/cloud-platform

    For more information, see the Authentication Overview .

    GetConsentArtifact

    rpc GetConsentArtifact( GetConsentArtifactRequest ) returns ( ConsentArtifact )

    Gets the specified Consent artifact .

    Authorization scopes

    Requires one of the following OAuth scopes:

    • https://www.googleapis.com/auth/cloud-healthcare
    • https://www.googleapis.com/auth/cloud-platform

    For more information, see the Authentication Overview .

    GetConsentStore

    rpc GetConsentStore( GetConsentStoreRequest ) returns ( ConsentStore )

    Gets the specified consent store .

    Authorization scopes

    Requires one of the following OAuth scopes:

    • https://www.googleapis.com/auth/cloud-healthcare
    • https://www.googleapis.com/auth/cloud-platform

    For more information, see the Authentication Overview .

    GetUserDataMapping

    rpc GetUserDataMapping( GetUserDataMappingRequest ) returns ( UserDataMapping )

    Gets the specified User data mapping .

    Authorization scopes

    Requires one of the following OAuth scopes:

    • https://www.googleapis.com/auth/cloud-healthcare
    • https://www.googleapis.com/auth/cloud-platform

    For more information, see the Authentication Overview .

    ListAttributeDefinitions

    rpc ListAttributeDefinitions( ListAttributeDefinitionsRequest ) returns ( ListAttributeDefinitionsResponse )

    Lists the Attribute definitions in the specified consent store .

    Authorization scopes

    Requires one of the following OAuth scopes:

    • https://www.googleapis.com/auth/cloud-healthcare
    • https://www.googleapis.com/auth/cloud-platform

    For more information, see the Authentication Overview .

    ListConsentArtifacts

    rpc ListConsentArtifacts( ListConsentArtifactsRequest ) returns ( ListConsentArtifactsResponse )

    Lists the Consent artifacts in the specified consent store .

    Authorization scopes

    Requires one of the following OAuth scopes:

    • https://www.googleapis.com/auth/cloud-healthcare
    • https://www.googleapis.com/auth/cloud-platform

    For more information, see the Authentication Overview .

    ListConsentRevisions

    rpc ListConsentRevisions( ListConsentRevisionsRequest ) returns ( ListConsentRevisionsResponse )

    Lists the revisions of the specified Consent in reverse chronological order.

    Authorization scopes

    Requires one of the following OAuth scopes:

    • https://www.googleapis.com/auth/cloud-healthcare
    • https://www.googleapis.com/auth/cloud-platform

    For more information, see the Authentication Overview .

    ListConsentStores

    rpc ListConsentStores( ListConsentStoresRequest ) returns ( ListConsentStoresResponse )

    Lists the consent stores in the specified dataset.

    Authorization scopes

    Requires one of the following OAuth scopes:

    • https://www.googleapis.com/auth/cloud-healthcare
    • https://www.googleapis.com/auth/cloud-platform

    For more information, see the Authentication Overview .

    ListConsents

    rpc ListConsents( ListConsentsRequest ) returns ( ListConsentsResponse )

    Lists the Consent in the given consent store , returning each Consent's latest revision.

    Authorization scopes

    Requires one of the following OAuth scopes:

    • https://www.googleapis.com/auth/cloud-healthcare
    • https://www.googleapis.com/auth/cloud-platform

    For more information, see the Authentication Overview .

    ListUserDataMappings

    rpc ListUserDataMappings( ListUserDataMappingsRequest ) returns ( ListUserDataMappingsResponse )

    Lists the User data mappings in the specified consent store .

    Authorization scopes

    Requires one of the following OAuth scopes:

    • https://www.googleapis.com/auth/cloud-healthcare
    • https://www.googleapis.com/auth/cloud-platform

    For more information, see the Authentication Overview .

    QueryAccessibleData

    rpc QueryAccessibleData( QueryAccessibleDataRequest ) returns ( Operation )

    Queries all data_ids that are consented for a specified use in the given consent store and writes them to a specified destination.

    The returned Operation includes a progress counter for the number of User data mappings processed.

    If the request is successful, a detailed response is returned of type QueryAccessibleDataResponse , contained in the [response][google.longrunning.Operation.result.response] field when the operation finishes. The metadata field type is OperationMetadata .

    Errors are logged to Cloud Logging (see Viewing error logs in Cloud Logging ). For example, the following sample log entry shows a failed to evaluate consent policy error that occurred during a QueryAccessibleData call to consent store projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id} .

     jsonPayload: {
  @type:
  "type.googleapis.com/google.cloud.healthcare.logging.QueryAccessibleDataLogEntry"
  error: {
    code:  9
    message:  "failed to evaluate consent policy"
  }
  resourceName:
  "projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id}"
}
logName:
"projects/{project_id}/logs/healthcare.googleapis.com%2Fquery_accessible_data"
operation: {
  id:
  "projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/operations/{operation_id}"
  producer:  "healthcare.googleapis.com/QueryAccessibleData"
}
receiveTimestamp:  "TIMESTAMP"
resource: {
  labels: {
    consent_store_id:  "{consent_store_id}"
    dataset_id:  "{dataset_id}"
    location:  "{location_id}"
    project_id:  "{project_id}"
  }
  type:  "healthcare_consent_store"
}
severity:  "ERROR"
timestamp:  "TIMESTAMP"
    Authorization scopes

    Requires one of the following OAuth scopes:

    • https://www.googleapis.com/auth/cloud-healthcare
    • https://www.googleapis.com/auth/cloud-platform

    For more information, see the Authentication Overview .

    RejectConsent

    rpc RejectConsent( RejectConsentRequest ) returns ( Consent )

    Rejects the latest revision of the specified Consent by committing a new revision with state updated to REJECTED . If the latest revision of the specified Consent is in the REJECTED state, no new revision is committed. A FAILED_PRECONDITION error occurs if the latest revision of the specified Consent is in the ACTIVE or REVOKED state.

    Authorization scopes

    Requires one of the following OAuth scopes:

    • https://www.googleapis.com/auth/cloud-healthcare
    • https://www.googleapis.com/auth/cloud-platform

    For more information, see the Authentication Overview .

    RevokeConsent

    rpc RevokeConsent( RevokeConsentRequest ) returns ( Consent )

    Revokes the latest revision of the specified Consent by committing a new revision with state updated to REVOKED . If the latest revision of the specified Consent is in the REVOKED state, no new revision is committed. A FAILED_PRECONDITION error occurs if the latest revision of the given consent is in DRAFT or REJECTED state.

    Authorization scopes

    Requires one of the following OAuth scopes:

    • https://www.googleapis.com/auth/cloud-healthcare
    • https://www.googleapis.com/auth/cloud-platform

    For more information, see the Authentication Overview .

    UpdateAttributeDefinition

    rpc UpdateAttributeDefinition( UpdateAttributeDefinitionRequest ) returns ( AttributeDefinition )

    Updates the specified Attribute definition .

    Authorization scopes

    Requires one of the following OAuth scopes:

    • https://www.googleapis.com/auth/cloud-healthcare
    • https://www.googleapis.com/auth/cloud-platform

    For more information, see the Authentication Overview .

    UpdateConsent

    rpc UpdateConsent( UpdateConsentRequest ) returns ( Consent )

    Updates the latest revision of the specified Consent by committing a new revision with the changes. A FAILED_PRECONDITION error occurs if the latest revision of the specified Consent is in the REJECTED or REVOKED state.

    Authorization scopes

    Requires one of the following OAuth scopes:

    • https://www.googleapis.com/auth/cloud-healthcare
    • https://www.googleapis.com/auth/cloud-platform

    For more information, see the Authentication Overview .

    UpdateConsentStore

    rpc UpdateConsentStore( UpdateConsentStoreRequest ) returns ( ConsentStore )

    Updates the specified consent store .

    Authorization scopes

    Requires one of the following OAuth scopes:

    • https://www.googleapis.com/auth/cloud-healthcare
    • https://www.googleapis.com/auth/cloud-platform

    For more information, see the Authentication Overview .

    UpdateUserDataMapping

    rpc UpdateUserDataMapping( UpdateUserDataMappingRequest ) returns ( UserDataMapping )

    Updates the specified User data mapping .

    Authorization scopes

    Requires one of the following OAuth scopes:

    • https://www.googleapis.com/auth/cloud-healthcare
    • https://www.googleapis.com/auth/cloud-platform

    For more information, see the Authentication Overview .

    ActivateConsentRequest

    Activates the latest revision of the specified Consent by committing a new revision with state updated to ACTIVE . If the latest revision of the given Consent is in the ACTIVE state, no new revision is committed. A FAILED_PRECONDITION error occurs if the latest revision of the given consent is in the REJECTED or REVOKED state.

    Fields
    name

    string

    Required. The resource name of the Consent to activate, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id} . An INVALID_ARGUMENT error occurs if revision_id is specified in the name.

    Authorization requires the following IAM permission on the specified resource name :

    • healthcare.consents.activate
    consent_artifact

    string

    Required. The resource name of the Consent artifact that contains documentation of the user's consent, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consentArtifacts/{consent_artifact_id} . If the draft Consent had a Consent artifact, this Consent artifact overwrites it.

    Authorization requires the following IAM permission on the specified resource consentArtifact :

    • healthcare.consentArtifacts.get
    Union field expiration . Optional. Allows setting expiration time for Consents. Expired consents are ignored in access determination methods such as [CheckDataAccess]. This value overrides the expiration duration configured for the consent store. expiration can be only one of the following:
    expire_time

    Timestamp

    Timestamp in UTC of when this Consent is considered expired.

    ttl

    Duration

    The time to live for this Consent from when it is marked as active.

    ArchiveUserDataMappingRequest

    Archives the specified User data mapping .

    Fields
    name

    string

    Required. The resource name of the User data mapping to archive.

    Authorization requires the following IAM permission on the specified resource name :

    • healthcare.userDataMappings.archive

    ArchiveUserDataMappingResponse

    This type has no fields.

    Archives the specified User data mapping .

    Attribute

    An attribute value for a Consent or User data mapping. Each Attribute must have a corresponding AttributeDefinition in the consent store that defines the default and allowed values.

    Fields
    attribute_definition_id

    string

    Indicates the name of an attribute defined in the consent store.
    values[]

    string

    The value of the attribute. Must be an acceptable value as defined in the consent store. For example, if the consent store defines "data type" with acceptable values "questionnaire" and "step-count", when the attribute name is data type, this field must contain one of those values.

    AttributeDefinition

    A client-defined consent attribute.

    Fields
    name

    string

    Identifier. Resource name of the Attribute definition, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/attributeDefinitions/{attribute_definition_id} . Cannot be changed after creation.
    description

    string

    Optional. A description of the attribute.
    category

    Category

    Required. The category of the attribute. The value of this field cannot be changed after creation.
    allowed_values[]

    string

    Required. Possible values for the attribute. The number of allowed values must not exceed 500. An empty list is invalid. The list can only be expanded after creation.
    consent_default_values[]

    string

    Optional. Default values of the attribute in Consents. If no default values are specified, it defaults to an empty value.
    data_mapping_default_value

    string

    Optional. Default value of the attribute in User data mappings. If no default value is specified, it defaults to an empty value. This field is only applicable to attributes of the category RESOURCE .

    Category

    The category of the attribute.

    Enums
    CATEGORY_UNSPECIFIED No category specified. This option is invalid.
    RESOURCE Specify this category when this attribute describes the properties of resources. For example, data anonymity or data type.
    REQUEST Specify this category when this attribute describes the properties of requests. For example, requester's role or requester's organization.

    CheckDataAccessRequest

    Checks if a particular data_id of a User data mapping in the given consent store is consented for a given use.

    Fields
    consent_store

    string

    Required. Name of the consent store where the requested data_id is stored, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id} .

    Authorization requires the following IAM permission on the specified resource consentStore :

    • healthcare.consentStores.checkDataAccess
    data_id

    string

    Required. The unique identifier of the resource to check access for. This identifier must correspond to a User data mapping in the given consent store.

    request_attributes

    map<string, string>

    The values of request attributes associated with this access request.

    response_view

    ResponseView

    Optional. The view for CheckDataAccessResponse . If unspecified, defaults to BASIC and returns consented as TRUE or FALSE .

    consent_list

    ConsentList

    Optional. Specific Consents to evaluate the access request against. These Consents must have the same user_id as the evaluated User data mapping, must exist in the current consent_store , and have a state of either ACTIVE or DRAFT . A maximum of 100 Consents can be provided here. If no selection is specified, the access request is evaluated against all ACTIVE unexpired Consents with the same user_id as the evaluated User data mapping.

    ResponseView

    The supported views for CheckDataAccessResponse .

    Enums
    RESPONSE_VIEW_UNSPECIFIED No response view specified. The API will default to the BASIC view.
    BASIC Only the consented field is populated in CheckDataAccessResponse .
    FULL All fields within CheckDataAccessResponse are populated. When set to FULL , all ACTIVE Consents are evaluated even if a matching policy is found during evaluation.

    CheckDataAccessResponse

    Checks if a particular data_id of a User data mapping in the given consent store is consented for a given use.

    Fields
    consented

    bool

    Whether the requested resource is consented for the given use.
    consent_details

    map<string, ConsentEvaluation >

    The resource names of all evaluated Consents mapped to their evaluation.

    Represents a user's consent.

    Fields
    name

    string

    Identifier. Resource name of the Consent, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id} . Cannot be changed after creation.

    revision_id

    string

    Output only. The revision ID of the Consent. The format is an 8-character hexadecimal string. Refer to a specific revision of a Consent by appending @{revision_id} to the Consent's resource name.

    revision_create_time

    Timestamp

    Output only. The timestamp that the revision was created.

    user_id

    string

    Required. User's UUID provided by the client.

    policies[]

    Policy

    Optional. Represents a user's consent in terms of the resources that can be accessed and under what conditions.

    consent_artifact

    string

    Required. The resource name of the Consent artifact that contains proof of the end user's consent, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consentArtifacts/{consent_artifact_id} .

    state

    State

    Required. Indicates the current state of this Consent.

    metadata

    map<string, string>

    Optional. User-supplied key-value pairs used to organize Consent resources.

    Metadata keys must:

    • be between 1 and 63 characters long
    • have a UTF-8 encoding of maximum 128 bytes
    • begin with a letter
    • consist of up to 63 characters including lowercase letters, numeric characters, underscores, and dashes

    Metadata values must be: - be between 1 and 63 characters long - have a UTF-8 encoding of maximum 128 bytes - consist of up to 63 characters including lowercase letters, numeric characters, underscores, and dashes

    No more than 64 metadata entries can be associated with a given consent.

    Union field expiration . Optional. Allows setting expiration time for Consents. Expired Consents are ignored in access determination methods such as [CheckDataAccess]. This value replaces any default expiration duration configured for the Consent store. expiration can be only one of the following:
    expire_time

    Timestamp

    Timestamp in UTC of when this Consent is considered expired.

    ttl

    Duration

    Input only. The time to live for this Consent from when it is created.

    State

    The state of the Consent resource.

    Enums
    STATE_UNSPECIFIED No state specified. Treated as ACTIVE only at the time of resource creation.
    ACTIVE The Consent is active and is considered when evaluating a user's consent on resources.
    ARCHIVED The archived state is currently not being used.
    REVOKED A revoked Consent is not considered when evaluating a user's consent on resources.
    DRAFT A draft Consent is not considered when evaluating a user's consent on resources unless explicitly specified.
    REJECTED When a draft Consent is rejected by a user, it is set to a rejected state. A rejected Consent is not considered when evaluating a user's consent on resources.

    ConsentArtifact

    Documentation of a user's consent.

    Fields
    name

    string

    Identifier. Resource name of the Consent artifact, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consentArtifacts/{consent_artifact_id} . Cannot be changed after creation.
    user_id

    string

    Required. User's UUID provided by the client.
    user_signature

    Signature

    Optional. User's signature.
    guardian_signature

    Signature

    Optional. A signature from a guardian.
    witness_signature

    Signature

    Optional. A signature from a witness.
    consent_content_screenshots[]

    Image

    Optional. Screenshots, PDFs, or other binary information documenting the user's consent.
    consent_content_version

    string

    Optional. An string indicating the version of the consent information shown to the user.
    metadata

    map<string, string>

    Optional. Metadata associated with the Consent artifact. For example, the consent locale or user agent version.

    ConsentEvaluation

    The detailed evaluation of a particular Consent .

    Fields
    evaluation_result

    EvaluationResult

    The evaluation result.

    EvaluationResult

    Indicates the evaluation result of a particular Consent .

    Enums
    EVALUATION_RESULT_UNSPECIFIED No evaluation result specified. This option is invalid.
    NOT_APPLICABLE The Consent is not applicable to the requested access determination. For example, the Consent does not apply to the user for which the access determination is requested, or it has a state of REVOKED , or it has expired.
    NO_MATCHING_POLICY The Consent does not have a policy that matches the resource_attributes of the evaluated resource.
    NO_SATISFIED_POLICY The Consent has at least one policy that matches the resource_attributes of the evaluated resource, but no authorization_rule was satisfied.
    HAS_SATISFIED_POLICY The Consent has at least one policy that matches the resource_attributes of the evaluated resource, and at least one authorization_rule was satisfied.

    ConsentList

    List of resource names of Consent resources.

    Fields
    consents[]

    string

    The resource names of the Consents to evaluate against, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id} .

    ConsentStore

    Represents a consent store.

    Fields
    name

    string

    Resource name of the consent store, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id} . Cannot be changed after creation.
    labels

    map<string, string>

    Optional. User-supplied key-value pairs used to organize consent stores.

    Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}][\p{Ll}\p{Lo}\p{N}_-]{0,62}.

    Label values must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}\p{N}_-]{0,63}.

    No more than 64 labels can be associated with a given store. For more information: https://cloud.google.com/healthcare/docs/how-tos/labeling-resources

    CreateAttributeDefinitionRequest

    Creates a new Attribute definition .

    Fields
    parent

    string

    Required. The name of the consent store that this Attribute definition belongs to.

    Authorization requires the following IAM permission on the specified resource parent :

    • healthcare.attributeDefinitions.create
    attribute_definition_id

    string

    Required. The ID of the Attribute definition to create. The string must match the following regex: [_a-zA-Z][_a-zA-Z0-9]{0,255} and must not be a reserved keyword within the Common Expression Language as listed on https://github.com/google/cel-spec/blob/master/doc/langdef.md .

    attribute_definition

    AttributeDefinition

    Required. Attribute definition to create.

    CreateConsentArtifactRequest

    Creates a new Consent artifact . Cannot be updated after creation.

    Fields
    parent

    string

    Required. The name of the consent store this Consent artifact belongs to.

    Authorization requires the following IAM permission on the specified resource parent :

    • healthcare.consentArtifacts.create
    consent_artifact

    ConsentArtifact

    Required. Consent artifact to create.

    CreateConsentRequest

    Creates a new Consent .

    Fields
    parent

    string

    Required. Name of the consent store.

    Authorization requires the following IAM permission on the specified resource parent :

    • healthcare.consents.create
    consent

    Consent

    Required. Consent to create.

    CreateConsentStoreRequest

    Creates a new consent store .

    Fields
    parent

    string

    Required. The name of the dataset this consent store belongs to.

    Authorization requires the following IAM permission on the specified resource parent :

    • healthcare.consentStores.create
    consent_store_id

    string

    Required. The ID of the consent store to create. The string must match the following regex: [\p{L}\p{N}_\-\.]{1,256} . Cannot be changed after creation.

    consent_store

    ConsentStore

    Required. Configuration info for this consent store.

    CreateUserDataMappingRequest

    Creates a new User data mapping .

    Fields
    parent

    string

    Required. Name of the consent store.

    Authorization requires the following IAM permission on the specified resource parent :

    • healthcare.userDataMappings.create
    user_data_mapping

    UserDataMapping

    Required. User data mapping to create.

    DeleteAttributeDefinitionRequest

    Deletes the specified Attribute definition .

    Fields
    name

    string

    Required. The resource name of the Attribute definition to delete. To preserve referential integrity, Attribute definitions referenced by a User data mapping or the latest revision of a Consent cannot be deleted.

    Authorization requires the following IAM permission on the specified resource name :

    • healthcare.attributeDefinitions.delete

    DeleteConsentArtifactRequest

    Deletes the specified Consent artifact .

    Fields
    name

    string

    Required. The resource name of the Consent artifact to delete. To preserve referential integrity, Consent artifacts referenced by the latest revision of a Consent cannot be deleted.

    Authorization requires the following IAM permission on the specified resource name :

    • healthcare.consentArtifacts.delete

    DeleteConsentRequest

    Deletes the Consent and its revisions. To keep a record of the Consent but mark it inactive, see [RevokeConsent]. To delete a revision of a Consent, see [DeleteConsentRevision]. This operation does not delete the related Consent artifact.

    Fields
    name

    string

    Required. The resource name of the Consent to delete, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id} . An INVALID_ARGUMENT error occurs if revision_id is specified in the name.

    Authorization requires the following IAM permission on the specified resource name :

    • healthcare.consents.delete

    DeleteConsentRevisionRequest

    Deletes the specified revision of a Consent . An INVALID_ARGUMENT error occurs if the specified revision is the latest revision.

    Fields
    name

    string

    Required. The resource name of the Consent revision to delete, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id}@{revision_id} . An INVALID_ARGUMENT error occurs if revision_id is not specified in the name.

    Authorization requires the following IAM permission on the specified resource name :

    • healthcare.consents.delete

    DeleteConsentStoreRequest

    Deletes the specified consent store .

    Fields
    name

    string

    Required. The resource name of the consent store to delete.

    Authorization requires the following IAM permission on the specified resource name :

    • healthcare.consentStores.delete

    DeleteUserDataMappingRequest

    Deletes the specified User data mapping .

    Fields
    name

    string

    Required. The resource name of the User data mapping to delete.

    Authorization requires the following IAM permission on the specified resource name :

    • healthcare.userDataMappings.delete

    EvaluateUserConsentsRequest

    Evaluate a user's Consents for all matching User data mappings .

    Note: User data mappings are indexed asynchronously, causing slight delays between the time mappings are created or updated and when they are included in EvaluateUserConsents results.

    Fields
    consent_store

    string

    Required. Name of the consent store to retrieve User data mappings from.

    Authorization requires the following IAM permission on the specified resource consentStore :

    • healthcare.consentStores.evaluateUserConsents
    user_id

    string

    Required. User ID to evaluate consents for.

    resource_attributes

    map<string, string>

    Optional. The values of resource attributes associated with the resources being requested. If no values are specified, then all resources are queried.

    request_attributes

    map<string, string>

    Required. The values of request attributes associated with this access request.

    response_view

    ResponseView

    Optional. The view for EvaluateUserConsentsResponse . If unspecified, defaults to BASIC and returns consented as TRUE or FALSE .

    page_size

    int32

    Optional. Limit on the number of User data mappings to return in a single response. If not specified, 100 is used. May not be larger than 1000.

    page_token

    string

    Optional. Token to retrieve the next page of results, or empty to get the first page.

    consent_list

    ConsentList

    Optional. Specific Consents to evaluate the access request against. These Consents must have the same user_id as the User data mappings being evalauted, must exist in the current consent_store , and must have a state of either ACTIVE or DRAFT . A maximum of 100 Consents can be provided here. If unspecified, all ACTIVE unexpired Consents in the current consent_store will be evaluated.

    ResponseView

    The supported views for EvaluateUserConsentsResponse .

    Enums
    RESPONSE_VIEW_UNSPECIFIED No response view specified. The API will default to the BASIC view.
    BASIC Only the data_id and consented fields are populated in the response.
    FULL All fields within the response are populated. When set to FULL , all ACTIVE Consents are evaluated even if a matching policy is found during evaluation.

    EvaluateUserConsentsResponse

    Fields
    results[]

    Result

    The consent evaluation result for each data_id .
    next_page_token

    string

    Token to retrieve the next page of results, or empty if there are no more results in the list. This token is valid for 72 hours after it is created.

    Result

    The consent evaluation result for a single data_id .

    Fields
    data_id

    string

    The unique identifier of the evaluated resource.
    consented

    bool

    Whether the resource is consented for the given use.
    consent_details

    map<string, ConsentEvaluation >

    The resource names of all evaluated Consents mapped to their evaluation.

    GcsDestination

    The Cloud Storage location for export.

    Fields
    uri_prefix

    string

    URI for a Cloud Storage directory where the server writes result files, in the format gs://{bucket-id}/{path/to/destination/dir} . If there is no trailing slash, the service appends one when composing the object path. The user is responsible for creating the Cloud Storage bucket and directory referenced in uri_prefix .

    GetAttributeDefinitionRequest

    Gets an Attribute definition .

    Fields
    name

    string

    Required. The resource name of the Attribute definition to get.

    Authorization requires the following IAM permission on the specified resource name :

    • healthcare.attributeDefinitions.get

    GetConsentArtifactRequest

    Gets a Consent artifact .

    Fields
    name

    string

    Required. The resource name of the Consent artifact to retrieve.

    Authorization requires the following IAM permission on the specified resource name :

    • healthcare.consentArtifacts.get

    GetConsentRequest

    Gets the specified revision of a Consent , or the latest revision if revision_id is not specified in the resource name.

    Fields
    name

    string

    Required. The resource name of the Consent to retrieve, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id} .

    In order to retrieve a previous revision of the Consent, also provide the revision ID: projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id}@{revision_id}

    Authorization requires the following IAM permission on the specified resource name :

    • healthcare.consents.get

    GetConsentStoreRequest

    Gets a consent store .

    Fields
    name

    string

    Required. The resource name of the consent store to get.

    Authorization requires the following IAM permission on the specified resource name :

    • healthcare.consentStores.get

    GetUserDataMappingRequest

    Gets the User data mapping .

    Fields
    name

    string

    Required. The resource name of the User data mapping to retrieve.

    Authorization requires the following IAM permission on the specified resource name :

    • healthcare.userDataMappings.get

    Image

    Raw bytes representing consent artifact content.

    Fields

    Union field data .

    data can be only one of the following:

    raw_bytes

    bytes

    Consent artifact content represented as a stream of bytes. This field is populated when returned in GetConsentArtifact response, but not included in CreateConsentArtifact and ListConsentArtifact response.

    gcs_uri

    string

    Input only. Points to a Cloud Storage URI containing the consent artifact content. The URI must be in the following format: gs://{bucket_id}/{object_id} . The Cloud Healthcare API service account must have the roles/storage.objectViewer Cloud IAM role for this Cloud Storage location. The consent artifact content at this URI is copied to a Cloud Storage location managed by the Cloud Healthcare API. Responses to fetching requests return the consent artifact content in raw_bytes.

    ListAttributeDefinitionsRequest

    Lists the Attribute definitions in the given consent store .

    Fields
    parent

    string

    Required. Name of the consent store to retrieve Attribute definitions from.

    Authorization requires the following IAM permission on the specified resource parent :

    • healthcare.attributeDefinitions.list
    page_size

    int32

    Optional. Limit on the number of Attribute definitions to return in a single response. If not specified, 100 is used. May not be larger than 1000.

    page_token

    string

    Optional. Token to retrieve the next page of results or empty to get the first page.

    filter

    string

    Optional. Restricts the attributes returned to those matching a filter. The following syntax is available:

    • A string field value can be written as text inside quotation marks, for example "query text" . The only valid relational operation for text fields is equality ( = ), where text is searched within the field, rather than having the field be equal to the text. For example, "Comment = great" returns messages with great in the comment field.
    • A number field value can be written as an integer, a decimal, or an exponential. The valid relational operators for number fields are the equality operator ( = ), along with the less than/greater than operators ( < , <= , > , >= ). Note that there is no inequality ( != ) operator. You can prepend the NOT operator to an expression to negate it.
    • A date field value must be written in yyyy-mm-dd form. Fields with date and time use the RFC3339 time format. Leading zeros are required for one-digit months and days. The valid relational operators for date fields are the equality operator ( = ) , along with the less than/greater than operators ( < , <= , > , >= ). Note that there is no inequality ( != ) operator. You can prepend the NOT operator to an expression to negate it.
    • Multiple field query expressions can be combined in one query by adding AND or OR operators between the expressions. If a boolean operator appears within a quoted string, it is not treated as special, it's just another part of the character string to be matched. You can prepend the NOT operator to an expression to negate it.

    The only field available for filtering is category .

    For example, filter=category=\"REQUEST\" .

    ListAttributeDefinitionsResponse

    Fields
    attribute_definitions[]

    AttributeDefinition

    The returned Attribute definitions. The maximum number of attributes returned is determined by the value of page_size in the ListAttributeDefinitionsRequest.
    next_page_token

    string

    Token to retrieve the next page of results, or empty if there are no more results in the list.

    ListConsentArtifactsRequest

    Lists the Consent artifacts in the given consent store .

    Fields
    parent

    string

    Required. Name of the consent store to retrieve consent artifacts from.

    Authorization requires the following IAM permission on the specified resource parent :

    • healthcare.consentArtifacts.list
    page_size

    int32

    Optional. Limit on the number of consent artifacts to return in a single response. If not specified, 100 is used. May not be larger than 1000.

    page_token

    string

    Optional. The next_page_token value returned from the previous List request, if any.

    filter

    string

    Optional. Restricts the artifacts returned to those matching a filter. The following syntax is available:

    • A string field value can be written as text inside quotation marks, for example "query text" . The only valid relational operation for text fields is equality ( = ), where text is searched within the field, rather than having the field be equal to the text. For example, "Comment = great" returns messages with great in the comment field.
    • A number field value can be written as an integer, a decimal, or an exponential. The valid relational operators for number fields are the equality operator ( = ), along with the less than/greater than operators ( < , <= , > , >= ). Note that there is no inequality ( != ) operator. You can prepend the NOT operator to an expression to negate it.
    • A date field value must be written in yyyy-mm-dd form. Fields with date and time use the RFC3339 time format. Leading zeros are required for one-digit months and days. The valid relational operators for date fields are the equality operator ( = ) , along with the less than/greater than operators ( < , <= , > , >= ). Note that there is no inequality ( != ) operator. You can prepend the NOT operator to an expression to negate it.
    • Multiple field query expressions can be combined in one query by adding AND or OR operators between the expressions. If a boolean operator appears within a quoted string, it is not treated as special, it's just another part of the character string to be matched. You can prepend the NOT operator to an expression to negate it.

    The fields available for filtering are:

    • user_id. For example, filter=user_id=\"user123\" .
    • consent_content_version
    • metadata. For example, filter=Metadata(\"testkey\")=\"value\" or filter=HasMetadata(\"testkey\") .

    ListConsentArtifactsResponse

    Fields
    consent_artifacts[]

    ConsentArtifact

    The returned Consent artifacts. The maximum number of artifacts returned is determined by the value of page_size in the ListConsentArtifactsRequest.
    next_page_token

    string

    Token to retrieve the next page of results, or empty if there are no more results in the list.

    ListConsentRevisionsRequest

    Lists the revisions of the given Consent in reverse chronological order.

    Fields
    name

    string

    Required. The resource name of the Consent to retrieve revisions for.

    Authorization requires the following IAM permission on the specified resource name :

    • healthcare.consents.get
    page_size

    int32

    Optional. Limit on the number of revisions to return in a single response. If not specified, 100 is used. May not be larger than 1000.

    page_token

    string

    Optional. Token to retrieve the next page of results or empty if there are no more results in the list.

    filter

    string

    Optional. Restricts the revisions returned to those matching a filter. The following syntax is available:

    • A string field value can be written as text inside quotation marks, for example "query text" . The only valid relational operation for text fields is equality ( = ), where text is searched within the field, rather than having the field be equal to the text. For example, "Comment = great" returns messages with great in the comment field.
    • A number field value can be written as an integer, a decimal, or an exponential. The valid relational operators for number fields are the equality operator ( = ), along with the less than/greater than operators ( < , <= , > , >= ). Note that there is no inequality ( != ) operator. You can prepend the NOT operator to an expression to negate it.
    • A date field value must be written in yyyy-mm-dd form. Fields with date and time use the RFC3339 time format. Leading zeros are required for one-digit months and days. The valid relational operators for date fields are the equality operator ( = ) , along with the less than/greater than operators ( < , <= , > , >= ). Note that there is no inequality ( != ) operator. You can prepend the NOT operator to an expression to negate it.
    • Multiple field query expressions can be combined in one query by adding AND or OR operators between the expressions. If a boolean operator appears within a quoted string, it is not treated as special, it's just another part of the character string to be matched. You can prepend the NOT operator to an expression to negate it.

    Fields/functions available for filtering are:

    • user_id. For example, filter='user_id="user123"' .
    • consent_artifact
    • state
    • revision_create_time
    • metadata. For example, filter=Metadata(\"testkey\")=\"value\" or filter=HasMetadata(\"testkey\") .

    ListConsentRevisionsResponse

    Fields
    consents[]

    Consent

    The returned Consent revisions. The maximum number of revisions returned is determined by the value of page_size in the ListConsentRevisionsRequest.
    next_page_token

    string

    Token to retrieve the next page of results, or empty if there are no more results in the list.

    ListConsentStoresRequest

    Lists the consent stores in the given dataset.

    Fields
    parent

    string

    Required. Name of the dataset.

    Authorization requires the following IAM permission on the specified resource parent :

    • healthcare.consentStores.list
    page_size

    int32

    Optional. Limit on the number of consent stores to return in a single response. If not specified, 100 is used. May not be larger than 1000.

    page_token

    string

    Optional. Token to retrieve the next page of results, or empty to get the first page.

    filter

    string

    Optional. Restricts the stores returned to those matching a filter. The following syntax is available:

    • A string field value can be written as text inside quotation marks, for example "query text" . The only valid relational operation for text fields is equality ( = ), where text is searched within the field, rather than having the field be equal to the text. For example, "Comment = great" returns messages with great in the comment field.
    • A number field value can be written as an integer, a decimal, or an exponential. The valid relational operators for number fields are the equality operator ( = ), along with the less than/greater than operators ( < , <= , > , >= ). Note that there is no inequality ( != ) operator. You can prepend the NOT operator to an expression to negate it.
    • A date field value must be written in yyyy-mm-dd form. Fields with date and time use the RFC3339 time format. Leading zeros are required for one-digit months and days. The valid relational operators for date fields are the equality operator ( = ) , along with the less than/greater than operators ( < , <= , > , >= ). Note that there is no inequality ( != ) operator. You can prepend the NOT operator to an expression to negate it.
    • Multiple field query expressions can be combined in one query by adding AND or OR operators between the expressions. If a boolean operator appears within a quoted string, it is not treated as special, it's just another part of the character string to be matched. You can prepend the NOT operator to an expression to negate it.

    Only filtering on labels is supported. For example, filter=labels.key=value .

    ListConsentStoresResponse

    Fields
    consent_stores[]

    ConsentStore

    The returned consent stores. The maximum number of stores returned is determined by the value of page_size in the ListConsentStoresRequest.
    next_page_token

    string

    Token to retrieve the next page of results, or empty if there are no more results in the list.

    ListConsentsRequest

    Lists all the Consents in the given consent store , returning each Consent's latest revision.

    Fields
    parent

    string

    Required. Name of the consent store to retrieve Consents from.

    Authorization requires the following IAM permission on the specified resource parent :

    • healthcare.consents.list
    page_size

    int32

    Optional. Limit on the number of Consents to return in a single response. If not specified, 100 is used. May not be larger than 1000.

    page_token

    string

    Optional. The next_page_token value returned from the previous List request, if any.

    filter

    string

    Optional. Restricts the consents returned to those matching a filter. The following syntax is available:

    • A string field value can be written as text inside quotation marks, for example "query text" . The only valid relational operation for text fields is equality ( = ), where text is searched within the field, rather than having the field be equal to the text. For example, "Comment = great" returns messages with great in the comment field.
    • A number field value can be written as an integer, a decimal, or an exponential. The valid relational operators for number fields are the equality operator ( = ), along with the less than/greater than operators ( < , <= , > , >= ). Note that there is no inequality ( != ) operator. You can prepend the NOT operator to an expression to negate it.
    • A date field value must be written in yyyy-mm-dd form. Fields with date and time use the RFC3339 time format. Leading zeros are required for one-digit months and days. The valid relational operators for date fields are the equality operator ( = ) , along with the less than/greater than operators ( < , <= , > , >= ). Note that there is no inequality ( != ) operator. You can prepend the NOT operator to an expression to negate it.
    • Multiple field query expressions can be combined in one query by adding AND or OR operators between the expressions. If a boolean operator appears within a quoted string, it is not treated as special, it's just another part of the character string to be matched. You can prepend the NOT operator to an expression to negate it.

    The fields available for filtering are:

    • user_id. For example, filter='user_id="user123"' .
    • consent_artifact
    • state
    • revision_create_time
    • metadata. For example, filter=Metadata(\"testkey\")=\"value\" or filter=HasMetadata(\"testkey\") .

    ListConsentsResponse

    Fields
    consents[]

    Consent

    The returned Consents. The maximum number of Consents returned is determined by the value of page_size in the ListConsentsRequest.
    next_page_token

    string

    Token to retrieve the next page of results, or empty if there are no more results in the list.

    ListUserDataMappingsRequest

    Lists the User data mappings in the given consent store .

    Fields
    parent

    string

    Required. Name of the consent store to retrieve User data mappings from.

    Authorization requires the following IAM permission on the specified resource parent :

    • healthcare.userDataMappings.list
    page_size

    int32

    Optional. Limit on the number of User data mappings to return in a single response. If not specified, 100 is used. May not be larger than 1000.

    page_token

    string

    Optional. Token to retrieve the next page of results, or empty to get the first page.

    filter

    string

    Optional. Restricts the user data mappings returned to those matching a filter. The following syntax is available:

    • A string field value can be written as text inside quotation marks, for example "query text" . The only valid relational operation for text fields is equality ( = ), where text is searched within the field, rather than having the field be equal to the text. For example, "Comment = great" returns messages with great in the comment field.
    • A number field value can be written as an integer, a decimal, or an exponential. The valid relational operators for number fields are the equality operator ( = ), along with the less than/greater than operators ( < , <= , > , >= ). Note that there is no inequality ( != ) operator. You can prepend the NOT operator to an expression to negate it.
    • A date field value must be written in yyyy-mm-dd form. Fields with date and time use the RFC3339 time format. Leading zeros are required for one-digit months and days. The valid relational operators for date fields are the equality operator ( = ) , along with the less than/greater than operators ( < , <= , > , >= ). Note that there is no inequality ( != ) operator. You can prepend the NOT operator to an expression to negate it.
    • Multiple field query expressions can be combined in one query by adding AND or OR operators between the expressions. If a boolean operator appears within a quoted string, it is not treated as special, it's just another part of the character string to be matched. You can prepend the NOT operator to an expression to negate it.

    The fields available for filtering are:

    • data_id
    • user_id. For example, filter=user_id=\"user123\" .
    • archived
    • archive_time

    ListUserDataMappingsResponse

    Fields
    user_data_mappings[]

    UserDataMapping

    The returned User data mappings. The maximum number of User data mappings returned is determined by the value of page_size in the ListUserDataMappingsRequest.
    next_page_token

    string

    Token to retrieve the next page of results, or empty if there are no more results in the list.

    Policy

    Represents a user's consent in terms of the resources that can be accessed and under what conditions.

    Fields
    resource_attributes[]

    Attribute

    The resources that this policy applies to. A resource is a match if it matches all the attributes listed here. If empty, this policy applies to all User data mappings for the given user.
    authorization_rule

    Expr

    Required. The request conditions to meet to grant access. In addition to any supported comparison operators, authorization rules may have IN operator as well as at most 10 logical operators that are limited to AND ( && ), OR ( || ).

    QueryAccessibleDataRequest

    Queries all data_ids that are consented for a given use in the given consent store and writes them to a specified destination.

    The returned Operation includes a progress counter for the number of User data mappings processed.

    Errors are logged to Cloud Logging (see Viewing error logs in Cloud Logging and [QueryAccessibleData] for a sample log entry).

    Fields
    consent_store

    string

    Required. Name of the consent store to retrieve User data mappings from.

    Authorization requires the following IAM permission on the specified resource consentStore :

    • healthcare.consentStores.queryAccessibleData
    resource_attributes

    map<string, string>

    Optional. The values of resource attributes associated with the type of resources being requested. If no values are specified, then all resource types are included in the output.

    request_attributes

    map<string, string>

    The values of request attributes associated with this access request.

    Union field destination . Required. The output destination of the result file. destination can be only one of the following:
    gcs_destination

    GcsDestination

    The Cloud Storage destination. The Cloud Healthcare API service account must have the roles/storage.objectAdmin Cloud IAM role for this Cloud Storage location.

    The object name is in the following format:

    query-accessible-data-result-{operation_id}.txt

    where each line contains a single data_id.

    QueryAccessibleDataResponse

    Response for successful QueryAccessibleData operations. This structure is included in the response upon operation completion.

    Fields
    gcs_uris[]

    string

    List of files, each of which contains a list of data_id(s) that are consented for a specified use in the request.

    RejectConsentRequest

    Rejects the latest revision of the specified Consent by committing a new revision with state updated to REJECTED . If the latest revision of the given Consent is in the REJECTED state, no new revision is committed.

    Fields
    name

    string

    Required. The resource name of the Consent to reject, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id} . An INVALID_ARGUMENT error occurs if revision_id is specified in the name.

    Authorization requires the following IAM permission on the specified resource name :

    • healthcare.consents.reject
    consent_artifact

    string

    Optional. The resource name of the Consent artifact that contains documentation of the user's rejection of the draft Consent, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consentArtifacts/{consent_artifact_id} . If the draft Consent had a Consent artifact, this Consent artifact overwrites it.

    Authorization requires the following IAM permission on the specified resource consentArtifact :

    • healthcare.consentArtifacts.get

    RevokeConsentRequest

    Revokes the latest revision of the specified Consent by committing a new revision with state updated to REVOKED . If the latest revision of the given Consent is in the REVOKED state, no new revision is committed.

    Fields
    name

    string

    Required. The resource name of the Consent to revoke, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id} . An INVALID_ARGUMENT error occurs if revision_id is specified in the name.

    Authorization requires the following IAM permission on the specified resource name :

    • healthcare.consents.revoke
    consent_artifact

    string

    Optional. The resource name of the Consent artifact that contains proof of the user's revocation of the Consent, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consentArtifacts/{consent_artifact_id} .

    Authorization requires the following IAM permission on the specified resource consentArtifact :

    • healthcare.consentArtifacts.get

    Signature

    User signature.

    Fields
    user_id

    string

    Required. User's UUID provided by the client.
    image

    Image

    Optional. An image of the user's signature.
    metadata

    map<string, string>

    Optional. Metadata associated with the user's signature. For example, the user's name or the user's title.
    signature_time

    Timestamp

    Optional. Timestamp of the signature.

    UpdateAttributeDefinitionRequest

    Updates the Attribute definition .

    Fields
    attribute_definition

    AttributeDefinition

    Required. The Attribute definition resource that updates the resource on the server. Only the fields listed in update_mask are applied.

    Authorization requires the following IAM permission on the specified resource attributeDefinition :

    • healthcare.attributeDefinitions.update
    update_mask

    FieldMask

    Required. The update mask that applies to the resource. For the FieldMask definition, see https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask . Only the description , allowed_values , consent_default_values and data_mapping_default_value fields can be updated. The updated allowed_values must contain all values from the previous allowed_values .

    UpdateConsentRequest

    Updates the latest revision of the specified Consent by committing a new revision with the changes. A FAILED_PRECONDITION error occurs if the latest revision of the given consent is in the REJECTED or REVOKED state.

    Fields
    consent

    Consent

    Required. The Consent resource that updates the resource on the server. Only the fields listed in update_mask are applied. An INVALID_ARGUMENT error occurs if revision_id is specified as part of the Consent's name .

    Authorization requires the following IAM permission on the specified resource consent :

    • healthcare.consents.update
    update_mask

    FieldMask

    Required. The update mask to apply to the resource. For the FieldMask definition, see https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask . Only the user_id , policies , consent_artifact , and metadata fields can be updated.

    UpdateConsentStoreRequest

    Updates the consent store .

    Fields
    consent_store

    ConsentStore

    Required. The consent store resource that updates the resource on the server. Only the fields listed in update_mask are applied.

    Authorization requires the following IAM permission on the specified resource consentStore :

    • healthcare.consentStores.update
    update_mask

    FieldMask

    Required. The update mask that applies to the resource. For the FieldMask definition, see https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask . Only the labels , default_consent_ttl , and enable_consent_create_on_update fields are allowed to be updated.

    UpdateUserDataMappingRequest

    Updates the User data mapping .

    Fields
    user_data_mapping

    UserDataMapping

    Required. The User data mapping resource that updates the resource on the server. Only the fields listed in update_mask are applied.

    Authorization requires the following IAM permission on the specified resource userDataMapping :

    • healthcare.userDataMappings.update
    update_mask

    FieldMask

    Required. The update mask that applies to the resource. For the FieldMask definition, see https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask . Only the data_id , user_id and resource_attributes fields can be updated.

    UserDataMapping

    Maps a resource to the associated user and Attributes .

    Fields
    name

    string

    Resource name of the User data mapping, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/userDataMappings/{user_data_mapping_id} .
    data_id

    string

    Required. A unique identifier for the mapped resource.
    user_id

    string

    Required. User's UUID provided by the client.
    resource_attributes[]

    Attribute

    Attributes of the resource. Only explicitly set attributes are displayed here. Attribute definitions with defaults set implicitly apply to these [User data mappings] [google.cloud.healthcare.v1beta1.consent.UserDataMappings]. Attributes listed here must be single valued, that is, exactly one value is specified for the field "values" in each Attribute .
    archived

    bool

    Output only. Indicates whether this mapping is archived.
    archive_time

    Timestamp

    Output only. Indicates the time when this mapping was archived.
    Create a Mobile Website
    View Site in Mobile | Classic
    Share by: