REST Resource: projects.locations.securitySettings

Resource: SecuritySettings

Represents the settings related to security issues, such as data redaction and data retention. It may take hours for updates on the settings to propagate to all the related components and take effect.

JSON representation
{
  "name": string,
  "displayName": string,
  "redactionStrategy": enum (RedactionStrategy),
  "redactionScope": enum (RedactionScope),
  "inspectTemplate": string,
  "deidentifyTemplate": string,
  "purgeDataTypes": [
    enum (PurgeDataType)
  ],
  "insightsExportSettings": {
    object (InsightsExportSettings)
  },
  "retentionWindowDays": integer
}
Fields
name

string

Resource name of the settings. Required for the SecuritySettingsService.UpdateSecuritySettings method. SecuritySettingsService.CreateSecuritySettings populates the name automatically. Format: projects/<Project ID>/locations/<Location ID>/securitySettings/<Security Settings ID>.

displayName

string

Required. The human-readable name of the security settings, unique within the location.

redactionStrategy

enum (RedactionStrategy)

Strategy that defines how we do redaction.

redactionScope

enum (RedactionScope)

Defines the data for which Dialogflow applies redaction. Dialogflow does not redact data that it does not have access to – for example, Cloud logging.

inspectTemplate

string

DLP inspect template name. Use this template to define inspect base settings.

The DLP Inspect Templates Reader role is needed on the Dialogflow service identity service account (has the form service-PROJECT_NUMBER@gcp-sa-dialogflow.iam.gserviceaccount.com) for your agent's project.

If empty, we use the default DLP inspect config.

The template name will have one of the following formats: projects/<Project ID>/locations/<Location ID>/inspectTemplates/<Template ID> OR organizations/<Organization ID>/locations/<Location ID>/inspectTemplates/<Template ID>

Note: inspectTemplate must be located in the same region as the SecuritySettings.

deidentifyTemplate

string

DLP deidentify template name. Use this template to define de-identification configuration for the content.

The DLP De-identify Templates Reader role is needed on the Dialogflow service identity service account (has the form service-PROJECT_NUMBER@gcp-sa-dialogflow.iam.gserviceaccount.com) for your agent's project.

If empty, Dialogflow replaces sensitive info with [redacted] text.

The template name will have one of the following formats: projects/<Project ID>/locations/<Location ID>/deidentifyTemplates/<Template ID> OR organizations/<Organization ID>/locations/<Location ID>/deidentifyTemplates/<Template ID>

Note: deidentifyTemplate must be located in the same region as the SecuritySettings.

purgeDataTypes[]

enum (PurgeDataType)

List of types of data to remove when retention settings triggers purge.

insightsExportSettings

object (InsightsExportSettings)

Controls conversation exporting settings to Insights after conversation is completed.

If retentionStrategy is set to REMOVE_AFTER_CONVERSATION, Insights export is disabled no matter what you configure here.

retentionWindowDays

integer

Retains data in interaction logging for the specified number of days. This does not apply to Cloud logging, which is owned by the user - not Dialogflow. User must Set a value lower than Dialogflow's default 30d TTL. Setting a value higher than that has no effect. A missing value or setting to 0 also means we use Dialogflow's default TTL. Note: Interaction logging is a limited access feature. Talk to your Google representative to check availability for you.

RedactionStrategy

Defines how we redact data.

Enums
REDACTION_STRATEGY_UNSPECIFIED Do not redact.
REDACT_WITH_SERVICE Call redaction service to clean up the data to be persisted.

RedactionScope

Defines what types of data to redact.

Enums
REDACTION_SCOPE_UNSPECIFIED Don't redact any kind of data.
REDACT_DISK_STORAGE On data to be written to disk or similar devices that are capable of holding data even if power is disconnected. This includes data that are temporarily saved on disk.

PurgeDataType

Type of data we purge after retention settings triggers purge.

Enums
PURGE_DATA_TYPE_UNSPECIFIED Unspecified. Do not use.
DIALOGFLOW_HISTORY Dialogflow history. This does not include Cloud logging, which is owned by the user - not Dialogflow.

InsightsExportSettings

Settings for exporting conversations to Insights.

JSON representation
{
  "enableInsightsExport": boolean
}
Fields
enableInsightsExport

boolean

If enabled, we will automatically exports conversations to Insights and Insights runs its analyzers.

Methods

create

Create security settings in the specified location.

delete

Deletes the specified SecuritySettings.

get

Retrieves the specified SecuritySettings.

list

Returns the list of all security settings in the specified location.

patch

Updates the specified SecuritySettings.