Index
DlpService(interface)Action(message)Action.Deidentify(message)Action.JobNotificationEmails(message)Action.PublishFindingsToCloudDataCatalog(message)Action.PublishSummaryToCscc(message)Action.PublishToPubSub(message)Action.PublishToStackdriver(message)Action.SaveFindings(message)ActionDetails(message)ActivateJobTriggerRequest(message)AnalyzeDataSourceRiskDetails(message)AnalyzeDataSourceRiskDetails.CategoricalStatsResult(message)AnalyzeDataSourceRiskDetails.CategoricalStatsResult.CategoricalStatsHistogramBucket(message)AnalyzeDataSourceRiskDetails.DeltaPresenceEstimationResult(message)AnalyzeDataSourceRiskDetails.DeltaPresenceEstimationResult.DeltaPresenceEstimationHistogramBucket(message)AnalyzeDataSourceRiskDetails.DeltaPresenceEstimationResult.DeltaPresenceEstimationQuasiIdValues(message)AnalyzeDataSourceRiskDetails.KAnonymityResult(message)AnalyzeDataSourceRiskDetails.KAnonymityResult.KAnonymityEquivalenceClass(message)AnalyzeDataSourceRiskDetails.KAnonymityResult.KAnonymityHistogramBucket(message)AnalyzeDataSourceRiskDetails.KMapEstimationResult(message)AnalyzeDataSourceRiskDetails.KMapEstimationResult.KMapEstimationHistogramBucket(message)AnalyzeDataSourceRiskDetails.KMapEstimationResult.KMapEstimationQuasiIdValues(message)AnalyzeDataSourceRiskDetails.LDiversityResult(message)AnalyzeDataSourceRiskDetails.LDiversityResult.LDiversityEquivalenceClass(message)AnalyzeDataSourceRiskDetails.LDiversityResult.LDiversityHistogramBucket(message)AnalyzeDataSourceRiskDetails.NumericalStatsResult(message)AnalyzeDataSourceRiskDetails.RequestedRiskAnalysisOptions(message)BigQueryField(message)BigQueryKey(message)BigQueryOptions(message)BigQueryOptions.SampleMethod(enum)BigQueryTable(message)BoundingBox(message)BucketingConfig(message)BucketingConfig.Bucket(message)ByteContentItem(message)ByteContentItem.BytesType(enum)CancelDlpJobRequest(message)CharacterMaskConfig(message)CharsToIgnore(message)CharsToIgnore.CommonCharsToIgnore(enum)CloudStorageFileSet(message)CloudStorageOptions(message)CloudStorageOptions.FileSet(message)CloudStorageOptions.SampleMethod(enum)CloudStoragePath(message)CloudStorageRegexFileSet(message)Color(message)ColumnDataProfile(message)ColumnDataProfile.ColumnDataType(enum)ColumnDataProfile.ColumnPolicyState(enum)ColumnDataProfile.State(enum)Container(message)ContentItem(message)ContentLocation(message)ContentOption(enum)CreateDeidentifyTemplateRequest(message)CreateDlpJobRequest(message)CreateInspectTemplateRequest(message)CreateJobTriggerRequest(message)CreateStoredInfoTypeRequest(message)CryptoDeterministicConfig(message)CryptoHashConfig(message)CryptoKey(message)CryptoReplaceFfxFpeConfig(message)CryptoReplaceFfxFpeConfig.FfxCommonNativeAlphabet(enum)CustomInfoType(message)CustomInfoType.DetectionRule(message)CustomInfoType.DetectionRule.HotwordRule(message)CustomInfoType.DetectionRule.LikelihoodAdjustment(message)CustomInfoType.DetectionRule.Proximity(message)CustomInfoType.Dictionary(message)CustomInfoType.Dictionary.WordList(message)CustomInfoType.ExclusionType(enum)CustomInfoType.Regex(message)CustomInfoType.SurrogateType(message)DataProfileAction(message)DataProfileAction.EventType(enum)DataProfileAction.Export(message)DataProfileAction.PubSubNotification(message)DataProfileAction.PubSubNotification.DetailLevel(enum)DataProfileBigQueryRowSchema(message)DataProfileConfigSnapshot(message)DataProfileJobConfig(message)DataProfileLocation(message)DataProfilePubSubCondition(message)DataProfilePubSubCondition.ProfileScoreBucket(enum)DataProfilePubSubCondition.PubSubCondition(message)DataProfilePubSubCondition.PubSubExpressions(message)DataProfilePubSubCondition.PubSubExpressions.PubSubLogicalOperator(enum)DataProfilePubSubMessage(message)DataRiskLevel(message)DataRiskLevel.DataRiskLevelScore(enum)DatastoreKey(message)DatastoreOptions(message)DateShiftConfig(message)DateTime(message)DateTime.TimeZone(message)DeidentifyConfig(message)DeidentifyContentRequest(message)DeidentifyContentResponse(message)DeidentifyDataSourceDetails(message)DeidentifyDataSourceDetails.RequestedDeidentifyOptions(message)DeidentifyDataSourceStats(message)DeidentifyTemplate(message)DeleteDeidentifyTemplateRequest(message)DeleteDlpJobRequest(message)DeleteInspectTemplateRequest(message)DeleteJobTriggerRequest(message)DeleteStoredInfoTypeRequest(message)DlpJob(message)DlpJob.JobState(enum)DlpJobType(enum)DocumentLocation(message)EncryptionStatus(enum)EntityId(message)Error(message)ExcludeByHotword(message)ExcludeInfoTypes(message)ExclusionRule(message)FieldId(message)FieldTransformation(message)FileType(enum)Finding(message)FinishDlpJobRequest(message)FixedSizeBucketingConfig(message)GetDeidentifyTemplateRequest(message)GetDlpJobRequest(message)GetInspectTemplateRequest(message)GetJobTriggerRequest(message)GetStoredInfoTypeRequest(message)HybridContentItem(message)HybridFindingDetails(message)HybridInspectDlpJobRequest(message)HybridInspectJobTriggerRequest(message)HybridInspectResponse(message)HybridInspectStatistics(message)HybridOptions(message)ImageLocation(message)ImageTransformations(message)ImageTransformations.ImageTransformation(message)ImageTransformations.ImageTransformation.AllInfoTypes(message)ImageTransformations.ImageTransformation.AllText(message)ImageTransformations.ImageTransformation.SelectedInfoTypes(message)InfoType(message)InfoTypeCategory(message)InfoTypeCategory.IndustryCategory(enum)InfoTypeCategory.LocationCategory(enum)InfoTypeCategory.TypeCategory(enum)InfoTypeDescription(message)InfoTypeStats(message)InfoTypeSummary(message)InfoTypeSupportedBy(enum)InfoTypeTransformations(message)InfoTypeTransformations.InfoTypeTransformation(message)InspectConfig(message)InspectConfig.FindingLimits(message)InspectConfig.FindingLimits.InfoTypeLimit(message)InspectContentRequest(message)InspectContentResponse(message)InspectDataSourceDetails(message)InspectDataSourceDetails.RequestedOptions(message)InspectDataSourceDetails.Result(message)InspectJobConfig(message)InspectResult(message)InspectTemplate(message)InspectionRule(message)InspectionRuleSet(message)JobTrigger(message)JobTrigger.Status(enum)JobTrigger.Trigger(message)Key(message)Key.PathElement(message)KindExpression(message)KmsWrappedCryptoKey(message)LargeCustomDictionaryConfig(message)LargeCustomDictionaryStats(message)Likelihood(enum)ListDeidentifyTemplatesRequest(message)ListDeidentifyTemplatesResponse(message)ListDlpJobsRequest(message)ListDlpJobsResponse(message)ListInfoTypesRequest(message)ListInfoTypesResponse(message)ListInspectTemplatesRequest(message)ListInspectTemplatesResponse(message)ListJobTriggersRequest(message)ListJobTriggersResponse(message)ListStoredInfoTypesRequest(message)ListStoredInfoTypesResponse(message)Location(message)Manual(message)MatchingType(enum)MetadataLocation(message)MetadataType(enum)NullPercentageLevel(enum)OtherInfoTypeSummary(message)OutputStorageConfig(message)OutputStorageConfig.OutputSchema(enum)PartitionId(message)PrimitiveTransformation(message)PrivacyMetric(message)PrivacyMetric.CategoricalStatsConfig(message)PrivacyMetric.DeltaPresenceEstimationConfig(message)PrivacyMetric.KAnonymityConfig(message)PrivacyMetric.KMapEstimationConfig(message)PrivacyMetric.KMapEstimationConfig.AuxiliaryTable(message)PrivacyMetric.KMapEstimationConfig.AuxiliaryTable.QuasiIdField(message)PrivacyMetric.KMapEstimationConfig.TaggedField(message)PrivacyMetric.LDiversityConfig(message)PrivacyMetric.NumericalStatsConfig(message)ProfileStatus(message)QuasiId(message)QuoteInfo(message)Range(message)RecordCondition(message)RecordCondition.Condition(message)RecordCondition.Conditions(message)RecordCondition.Expressions(message)RecordCondition.Expressions.LogicalOperator(enum)RecordKey(message)RecordLocation(message)RecordSuppression(message)RecordTransformation(message)RecordTransformations(message)RedactConfig(message)RedactImageRequest(message)RedactImageRequest.ImageRedactionConfig(message)RedactImageResponse(message)ReidentifyContentRequest(message)ReidentifyContentResponse(message)RelationalOperator(enum)ReplaceDictionaryConfig(message)ReplaceValueConfig(message)ReplaceWithInfoTypeConfig(message)ResourceVisibility(enum)RiskAnalysisJobConfig(message)Schedule(message)SensitivityScore(message)SensitivityScore.SensitivityScoreLevel(enum)StatisticalTable(message)StatisticalTable.QuasiIdentifierField(message)StorageConfig(message)StorageConfig.TimespanConfig(message)StorageMetadataLabel(message)StoredInfoType(message)StoredInfoTypeConfig(message)StoredInfoTypeState(enum)StoredInfoTypeStats(message)StoredInfoTypeVersion(message)StoredType(message)Table(message)Table.Row(message)TableDataProfile(message)TableDataProfile.State(enum)TableLocation(message)TableOptions(message)TimePartConfig(message)TimePartConfig.TimePart(enum)TransformationConfig(message)TransformationContainerType(enum)TransformationDescription(message)TransformationDetails(message)TransformationDetailsStorageConfig(message)TransformationErrorHandling(message)TransformationErrorHandling.LeaveUntransformed(message)TransformationErrorHandling.ThrowError(message)TransformationLocation(message)TransformationOverview(message)TransformationResultStatus(message)TransformationResultStatusType(enum)TransformationSummary(message)TransformationSummary.SummaryResult(message)TransformationSummary.TransformationResultCode(enum)TransformationType(enum)TransientCryptoKey(message)UniquenessScoreLevel(enum)UnwrappedCryptoKey(message)UpdateDeidentifyTemplateRequest(message)UpdateInspectTemplateRequest(message)UpdateJobTriggerRequest(message)UpdateStoredInfoTypeRequest(message)Value(message)ValueFrequency(message)VersionDescription(message)
DlpService
The Cloud Data Loss Prevention (DLP) API is a service that allows clients to detect the presence of Personally Identifiable Information (PII) and other privacy-sensitive data in user-supplied, unstructured data streams, like text blocks or images. The service also includes methods for sensitive data redaction and scheduling of data scans on Google Cloud Platform based data sets.
To learn more about concepts and find how-to guides see https://cloud.google.com/dlp/docs/.
| ActivateJobTrigger |
|---|
|
Activate a job trigger. Causes the immediate execute of a trigger instead of waiting on the trigger event to occur.
|
| CancelDlpJob |
|---|
|
Starts asynchronous cancellation on a long-running DlpJob. The server makes a best effort to cancel the DlpJob, but success is not guaranteed. See https://cloud.google.com/dlp/docs/inspecting-storage and https://cloud.google.com/dlp/docs/compute-risk-analysis to learn more.
|
| CreateDeidentifyTemplate |
|---|
|
Creates a DeidentifyTemplate for reusing frequently used configuration for de-identifying content, images, and storage. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more.
|
| CreateDlpJob |
|---|
|
Creates a new job to inspect storage or calculate risk metrics. See https://cloud.google.com/dlp/docs/inspecting-storage and https://cloud.google.com/dlp/docs/compute-risk-analysis to learn more. When no InfoTypes or CustomInfoTypes are specified in inspect jobs, the system will automatically choose what detectors to run. By default this may be all types, but may change over time as detectors are updated.
|
| CreateInspectTemplate |
|---|
|
Creates an InspectTemplate for reusing frequently used configuration for inspecting content, images, and storage. See https://cloud.google.com/dlp/docs/creating-templates to learn more.
|
| CreateJobTrigger |
|---|
|
Creates a job trigger to run DLP actions such as scanning storage for sensitive information on a set schedule. See https://cloud.google.com/dlp/docs/creating-job-triggers to learn more.
|
| CreateStoredInfoType |
|---|
|
Creates a pre-built stored infoType to be used for inspection. See https://cloud.google.com/dlp/docs/creating-stored-infotypes to learn more.
|
| DeidentifyContent |
|---|
|
De-identifies potentially sensitive info from a ContentItem. This method has limits on input size and output size. See https://cloud.google.com/dlp/docs/deidentify-sensitive-data to learn more. When no InfoTypes or CustomInfoTypes are specified in this request, the system will automatically choose what detectors to run. By default this may be all types, but may change over time as detectors are updated.
|
| DeleteDeidentifyTemplate |
|---|
|
Deletes a DeidentifyTemplate. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more.
|
| DeleteDlpJob |
|---|
|
Deletes a long-running DlpJob. This method indicates that the client is no longer interested in the DlpJob result. The job will be canceled if possible. See https://cloud.google.com/dlp/docs/inspecting-storage and https://cloud.google.com/dlp/docs/compute-risk-analysis to learn more.
|
| DeleteInspectTemplate |
|---|
|
Deletes an InspectTemplate. See https://cloud.google.com/dlp/docs/creating-templates to learn more.
|
| DeleteJobTrigger |
|---|
|
Deletes a job trigger. See https://cloud.google.com/dlp/docs/creating-job-triggers to learn more.
|
| DeleteStoredInfoType |
|---|
|
Deletes a stored infoType. See https://cloud.google.com/dlp/docs/creating-stored-infotypes to learn more.
|
| FinishDlpJob |
|---|
|
Finish a running hybrid DlpJob. Triggers the finalization steps and running of any enabled actions that have not yet run.
|
| GetDeidentifyTemplate |
|---|
|
Gets a DeidentifyTemplate. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more.
|
| GetDlpJob |
|---|
|
Gets the latest state of a long-running DlpJob. See https://cloud.google.com/dlp/docs/inspecting-storage and https://cloud.google.com/dlp/docs/compute-risk-analysis to learn more.
|
| GetInspectTemplate |
|---|
|
Gets an InspectTemplate. See https://cloud.google.com/dlp/docs/creating-templates to learn more.
|
| GetJobTrigger |
|---|
|
Gets a job trigger. See https://cloud.google.com/dlp/docs/creating-job-triggers to learn more.
|
| GetStoredInfoType |
|---|
|
Gets a stored infoType. See https://cloud.google.com/dlp/docs/creating-stored-infotypes to learn more.
|
| HybridInspectDlpJob |
|---|
|
Inspect hybrid content and store findings to a job. To review the findings, inspect the job. Inspection will occur asynchronously.
|
| HybridInspectJobTrigger |
|---|
|
Inspect hybrid content and store findings to a trigger. The inspection will be processed asynchronously. To review the findings monitor the jobs within the trigger.
|
| InspectContent |
|---|
|
Finds potentially sensitive info in content. This method has limits on input size, processing time, and output size. When no InfoTypes or CustomInfoTypes are specified in this request, the system will automatically choose what detectors to run. By default this may be all types, but may change over time as detectors are updated. For how to guides, see https://cloud.google.com/dlp/docs/inspecting-images and https://cloud.google.com/dlp/docs/inspecting-text,
|
| ListDeidentifyTemplates |
|---|
|
Lists DeidentifyTemplates. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more.
|
| ListDlpJobs |
|---|
|
Lists DlpJobs that match the specified filter in the request. See https://cloud.google.com/dlp/docs/inspecting-storage and https://cloud.google.com/dlp/docs/compute-risk-analysis to learn more.
|
| ListInfoTypes |
|---|
|
Returns a list of the sensitive information types that DLP API supports. See https://cloud.google.com/dlp/docs/infotypes-reference to learn more.
|
| ListInspectTemplates |
|---|
|
Lists InspectTemplates. See https://cloud.google.com/dlp/docs/creating-templates to learn more.
|
| ListJobTriggers |
|---|
|
Lists job triggers. See https://cloud.google.com/dlp/docs/creating-job-triggers to learn more.
|
| ListStoredInfoTypes |
|---|
|
Lists stored infoTypes. See https://cloud.google.com/dlp/docs/creating-stored-infotypes to learn more.
|
| RedactImage |
|---|
|
Redacts potentially sensitive info from an image. This method has limits on input size, processing time, and output size. See https://cloud.google.com/dlp/docs/redacting-sensitive-data-images to learn more. When no InfoTypes or CustomInfoTypes are specified in this request, the system will automatically choose what detectors to run. By default this may be all types, but may change over time as detectors are updated.
|
| ReidentifyContent |
|---|
|
Re-identifies content that has been de-identified. See https://cloud.google.com/dlp/docs/pseudonymization#re-identification_in_free_text_code_example to learn more.
|
| UpdateDeidentifyTemplate |
|---|
|
Updates the DeidentifyTemplate. See https://cloud.google.com/dlp/docs/creating-templates-deid to learn more.
|
| UpdateInspectTemplate |
|---|
|
Updates the InspectTemplate. See https://cloud.google.com/dlp/docs/creating-templates to learn more.
|
| UpdateJobTrigger |
|---|
|
Updates a job trigger. See https://cloud.google.com/dlp/docs/creating-job-triggers to learn more.
|
| UpdateStoredInfoType |
|---|
|
Updates the stored infoType by creating a new version. The existing version will continue to be used until the new version is ready. See https://cloud.google.com/dlp/docs/creating-stored-infotypes to learn more.
|
Action
A task to execute on the completion of a job. See https://cloud.google.com/dlp/docs/concepts-actions to learn more.
| Fields | |
|---|---|
Union field
|
|
save_findings |
Save resulting findings in a provided location. |
pub_sub |
Publish a notification to a Pub/Sub topic. |
publish_summary_to_cscc |
Publish summary to Cloud Security Command Center (Alpha). |
publish_findings_to_cloud_data_catalog |
Publish findings to Cloud Datahub. |
deidentify |
Create a de-identified copy of the input data. |
job_notification_emails |
Sends an email when the job completes. The email goes to IAM project owners and technical Essential Contacts. |
publish_to_stackdriver |
Enable Stackdriver metric dlp.googleapis.com/finding_count. |
Deidentify
Create a de-identified copy of the requested table or files.
A TransformationDetail will be created for each transformation.
If any rows in BigQuery are skipped during de-identification (transformation errors or row size exceeds BigQuery insert API limits) they are placed in the failure output table. If the original row exceeds the BigQuery insert API limit it will be truncated when written to the failure output table. The failure output table can be set in the action.deidentify.output.big_query_output.deidentified_failure_output_table field, if no table is set, a table will be automatically created in the same project and dataset as the original table.
Compatible with: Inspect
| Fields | |
|---|---|
transformation_config |
User specified deidentify templates and configs for structured, unstructured, and image files. |
transformation_details_storage_config |
Config for storing transformation details. This is separate from the de-identified content, and contains metadata about the successful transformations and/or failures that occurred while de-identifying. This needs to be set in order for users to access information about the status of each transformation (see |
file_types_to_transform[] |
List of user-specified file type groups to transform. If specified, only the files with these filetypes will be transformed. If empty, all supported files will be transformed. Supported types may be automatically added over time. If a file type is set in this field that isn't supported by the Deidentify action then the job will fail and will not be successfully created/started. Currently the only filetypes supported are: IMAGES, TEXT_FILES, CSV, TSV. |
Union field
|
|
cloud_storage_output |
Required. User settable Cloud Storage bucket and folders to store de-identified files. This field must be set for cloud storage deidentification. The output Cloud Storage bucket must be different from the input bucket. De-identified files will overwrite files in the output path. Form of: gs://bucket/folder/ or gs://bucket |
JobNotificationEmails
This type has no fields.
Sends an email when the job completes. The email goes to IAM project owners and technical Essential Contacts.
PublishFindingsToCloudDataCatalog
This type has no fields.
Publish findings of a DlpJob to Data Catalog. In Data Catalog, tag templates are applied to the resource that Cloud DLP scanned. Data Catalog tag templates are stored in the same project and region where the BigQuery table exists. For Cloud DLP to create and apply the tag template, the Cloud DLP service agent must have the roles/datacatalog.tagTemplateOwner permission on the project. The tag template contains fields summarizing the results of the DlpJob. Any field values previously written by another DlpJob are deleted. InfoType naming patterns are strictly enforced when using this feature.
Findings are persisted in Data Catalog storage and are governed by service-specific policies for Data Catalog. For more information, see Service Specific Terms.
Only a single instance of this action can be specified. This action is allowed only if all resources being scanned are BigQuery tables. Compatible with: Inspect
PublishSummaryToCscc
This type has no fields.
Publish the result summary of a DlpJob to Security Command Center. This action is available for only projects that belong to an organization. This action publishes the count of finding instances and their infoTypes. The summary of findings are persisted in Security Command Center and are governed by service-specific policies for Security Command Center. Only a single instance of this action can be specified. Compatible with: Inspect
PublishToPubSub
Publish a message into a given Pub/Sub topic when DlpJob has completed. The message contains a single field, DlpJobName, which is equal to the finished job's DlpJob.name. Compatible with: Inspect, Risk
| Fields | |
|---|---|
topic |
Cloud Pub/Sub topic to send notifications to. The topic must have given publishing access rights to the DLP API service account executing the long running DlpJob sending the notifications. Format is projects/{project}/topics/{topic}. |
PublishToStackdriver
This type has no fields.
Enable Stackdriver metric dlp.googleapis.com/finding_count. This will publish a metric to stack driver on each infotype requested and how many findings were found for it. CustomDetectors will be bucketed as 'Custom' under the Stackdriver label 'info_type'.
SaveFindings
If set, the detailed findings will be persisted to the specified OutputStorageConfig. Only a single instance of this action can be specified. Compatible with: Inspect, Risk
| Fields | |
|---|---|
output_config |
Location to store findings outside of DLP. |
ActionDetails
The results of an Action.
| Fields | |
|---|---|
Union field details. Summary of what occurred in the actions. details can be only one of the following: |
|
deidentify_details |
Outcome of a de-identification action. |
ActivateJobTriggerRequest
Request message for ActivateJobTrigger.
| Fields | |
|---|---|
name |
Required. Resource name of the trigger to activate, for example Authorization requires one or more of the following IAM permissions on the specified resource
|
AnalyzeDataSourceRiskDetails
Result of a risk analysis operation request.
| Fields | |
|---|---|
requested_privacy_metric |
Privacy metric to compute. |
requested_source_table |
Input dataset to compute metrics over. |
requested_options |
The configuration used for this job. |
Union field result. Values associated with this metric. result can be only one of the following: |
|
numerical_stats_result |
Numerical stats result |
categorical_stats_result |
Categorical stats result |
k_anonymity_result |
K-anonymity result |
l_diversity_result |
L-divesity result |
k_map_estimation_result |
K-map result |
delta_presence_estimation_result |
Delta-presence result |
CategoricalStatsResult
Result of the categorical stats computation.
| Fields | |
|---|---|
value_frequency_histogram_buckets[] |
Histogram of value frequencies in the column. |
CategoricalStatsHistogramBucket
Histogram of value frequencies in the column.
| Fields | |
|---|---|
value_frequency_lower_bound |
Lower bound on the value frequency of the values in this bucket. |
value_frequency_upper_bound |
Upper bound on the value frequency of the values in this bucket. |
bucket_size |
Total number of values in this bucket. |
bucket_values[] |
Sample of value frequencies in this bucket. The total number of values returned per bucket is capped at 20. |
bucket_value_count |
Total number of distinct values in this bucket. |
DeltaPresenceEstimationResult
Result of the δ-presence computation. Note that these results are an estimation, not exact values.
| Fields | |
|---|---|
delta_presence_estimation_histogram[] |
The intervals [min_probability, max_probability) do not overlap. If a value doesn't correspond to any such interval, the associated frequency is zero. For example, the following records: {min_probability: 0, max_probability: 0.1, frequency: 17} {min_probability: 0.2, max_probability: 0.3, frequency: 42} {min_probability: 0.3, max_probability: 0.4, frequency: 99} mean that there are no record with an estimated probability in [0.1, 0.2) nor larger or equal to 0.4. |
DeltaPresenceEstimationHistogramBucket
A DeltaPresenceEstimationHistogramBucket message with the following values: min_probability: 0.1 max_probability: 0.2 frequency: 42 means that there are 42 records for which δ is in [0.1, 0.2). An important particular case is when min_probability = max_probability = 1: then, every individual who shares this quasi-identifier combination is in the dataset.
| Fields | |
|---|---|
min_probability |
Between 0 and 1. |
max_probability |
Always greater than or equal to min_probability. |
bucket_size |
Number of records within these probability bounds. |
bucket_values[] |
Sample of quasi-identifier tuple values in this bucket. The total number of classes returned per bucket is capped at 20. |
bucket_value_count |
Total number of distinct quasi-identifier tuple values in this bucket. |
DeltaPresenceEstimationQuasiIdValues
A tuple of values for the quasi-identifier columns.
| Fields | |
|---|---|
quasi_ids_values[] |
The quasi-identifier values. |
estimated_probability |
The estimated probability that a given individual sharing these quasi-identifier values is in the dataset. This value, typically called δ, is the ratio between the number of records in the dataset with these quasi-identifier values, and the total number of individuals (inside and outside the dataset) with these quasi-identifier values. For example, if there are 15 individuals in the dataset who share the same quasi-identifier values, and an estimated 100 people in the entire population with these values, then δ is 0.15. |
KAnonymityResult
Result of the k-anonymity computation.
| Fields | |
|---|---|
equivalence_class_histogram_buckets[] |
Histogram of k-anonymity equivalence classes. |
KAnonymityEquivalenceClass
The set of columns' values that share the same ldiversity value
| Fields | |
|---|---|
quasi_ids_values[] |
Set of values defining the equivalence class. One value per quasi-identifier column in the original KAnonymity metric message. The order is always the same as the original request. |
equivalence_class_size |
Size of the equivalence class, for example number of rows with the above set of values. |
KAnonymityHistogramBucket
Histogram of k-anonymity equivalence classes.
| Fields | |
|---|---|
equivalence_class_size_lower_bound |
Lower bound on the size of the equivalence classes in this bucket. |
equivalence_class_size_upper_bound |
Upper bound on the size of the equivalence classes in this bucket. |
bucket_size |
Total number of equivalence classes in this bucket. |
bucket_values[] |
Sample of equivalence classes in this bucket. The total number of classes returned per bucket is capped at 20. |
bucket_value_count |
Total number of distinct equivalence classes in this bucket. |
KMapEstimationResult
Result of the reidentifiability analysis. Note that these results are an estimation, not exact values.
| Fields | |
|---|---|
k_map_estimation_histogram[] |
The intervals [min_anonymity, max_anonymity] do not overlap. If a value doesn't correspond to any such interval, the associated frequency is zero. For example, the following records: {min_anonymity: 1, max_anonymity: 1, frequency: 17} {min_anonymity: 2, max_anonymity: 3, frequency: 42} {min_anonymity: 5, max_anonymity: 10, frequency: 99} mean that there are no record with an estimated anonymity of 4, 5, or larger than 10. |
KMapEstimationHistogramBucket
A KMapEstimationHistogramBucket message with the following values: min_anonymity: 3 max_anonymity: 5 frequency: 42 means that there are 42 records whose quasi-identifier values correspond to 3, 4 or 5 people in the overlying population. An important particular case is when min_anonymity = max_anonymity = 1: the frequency field then corresponds to the number of uniquely identifiable records.
| Fields | |
|---|---|
min_anonymity |
Always positive. |
max_anonymity |
Always greater than or equal to min_anonymity. |
bucket_size |
Number of records within these anonymity bounds. |
bucket_values[] |
Sample of quasi-identifier tuple values in this bucket. The total number of classes returned per bucket is capped at 20. |
bucket_value_count |
Total number of distinct quasi-identifier tuple values in this bucket. |
KMapEstimationQuasiIdValues
A tuple of values for the quasi-identifier columns.
| Fields | |
|---|---|
quasi_ids_values[] |
The quasi-identifier values. |
estimated_anonymity |
The estimated anonymity for these quasi-identifier values. |
LDiversityResult
Result of the l-diversity computation.
| Fields | |
|---|---|
sensitive_value_frequency_histogram_buckets[] |
Histogram of l-diversity equivalence class sensitive value frequencies. |
LDiversityEquivalenceClass
The set of columns' values that share the same ldiversity value.
| Fields | |
|---|---|
quasi_ids_values[] |
Quasi-identifier values defining the k-anonymity equivalence class. The order is always the same as the original request. |
equivalence_class_size |
Size of the k-anonymity equivalence class. |
num_distinct_sensitive_values |
Number of distinct sensitive values in this equivalence class. |
top_sensitive_values[] |
Estimated frequencies of top sensitive values. |
LDiversityHistogramBucket
Histogram of l-diversity equivalence class sensitive value frequencies.
| Fields | |
|---|---|
sensitive_value_frequency_lower_bound |
Lower bound on the sensitive value frequencies of the equivalence classes in this bucket. |
sensitive_value_frequency_upper_bound |
Upper bound on the sensitive value frequencies of the equivalence classes in this bucket. |
bucket_size |
Total number of equivalence classes in this bucket. |
bucket_values[] |
Sample of equivalence classes in this bucket. The total number of classes returned per bucket is capped at 20. |
bucket_value_count |
Total number of distinct equivalence classes in this bucket. |
NumericalStatsResult
Result of the numerical stats computation.
| Fields | |
|---|---|
min_value |
Minimum value appearing in the column. |
max_value |
Maximum value appearing in the column. |
quantile_values[] |
List of 99 values that partition the set of field values into 100 equal sized buckets. |
RequestedRiskAnalysisOptions
Risk analysis options.
| Fields | |
|---|---|
job_config |
The job config for the risk job. |
BigQueryField
Message defining a field of a BigQuery table.
| Fields | |
|---|---|
table |
Source table of the field. |
field |
Designated field in the BigQuery table. |
BigQueryKey
Row key for identifying a record in BigQuery table.
| Fields | |
|---|---|
table_reference |
Complete BigQuery table reference. |
row_number |
Row number inferred at the time the table was scanned. This value is nondeterministic, cannot be queried, and may be null for inspection jobs. To locate findings within a table, specify |
BigQueryOptions
Options defining BigQuery table and row identifiers.
| Fields | |
|---|---|
table_reference |
Complete BigQuery table reference. |
identifying_fields[] |
Table fields that may uniquely identify a row within the table. When |
rows_limit |
Max number of rows to scan. If the table has more rows than this value, the rest of the rows are omitted. If not set, or if set to 0, all rows will be scanned. Only one of rows_limit and rows_limit_percent can be specified. Cannot be used in conjunction with TimespanConfig. |
rows_limit_percent |
Max percentage of rows to scan. The rest are omitted. The number of rows scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and 100 means no limit. Defaults to 0. Only one of rows_limit and rows_limit_percent can be specified. Cannot be used in conjunction with TimespanConfig. |
sample_method |
|
excluded_fields[] |
References to fields excluded from scanning. This allows you to skip inspection of entire columns which you know have no findings. |
included_fields[] |
Limit scanning only to these fields. |
SampleMethod
How to sample rows if not all rows are scanned. Meaningful only when used in conjunction with either rows_limit or rows_limit_percent. If not specified, rows are scanned in the order BigQuery reads them.
| Enums | |
|---|---|
SAMPLE_METHOD_UNSPECIFIED |
|
TOP |
Scan groups of rows in the order BigQuery provides (default). Multiple groups of rows may be scanned in parallel, so results may not appear in the same order the rows are read. |
RANDOM_START |
Randomly pick groups of rows to scan. |
BigQueryTable
Message defining the location of a BigQuery table. A table is uniquely identified by its project_id, dataset_id, and table_name. Within a query a table is often referenced with a string in the format of: <project_id>:<dataset_id>.<table_id> or <project_id>.<dataset_id>.<table_id>.
| Fields | |
|---|---|
project_id |
The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. |
dataset_id |
Dataset ID of the table. |
table_id |
Name of the table. |
BoundingBox
Bounding box encompassing detected text within an image.
| Fields | |
|---|---|
top |
Top coordinate of the bounding box. (0,0) is upper left. |
left |
Left coordinate of the bounding box. (0,0) is upper left. |
width |
Width of the bounding box in pixels. |
height |
Height of the bounding box in pixels. |
BucketingConfig
Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH This can be used on data of type: number, long, string, timestamp. If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.
| Fields | |
|---|---|
buckets[] |
Set of buckets. Ranges must be non-overlapping. |
Bucket
Bucket is represented as a range, along with replacement values.
| Fields | |
|---|---|
min |
Lower bound of the range, inclusive. Type should be the same as max if used. |
max |
Upper bound of the range, exclusive; type must match min. |
replacement_value |
Required. Replacement value for this bucket. |
ByteContentItem
Container for bytes to inspect or redact.
| Fields | |
|---|---|
type |
The type of data stored in the bytes string. Default will be TEXT_UTF8. |
data |
Content data to inspect or redact. |
BytesType
The type of data being sent for inspection. To learn more, see Supported file types.
| Enums | |
|---|---|
BYTES_TYPE_UNSPECIFIED |
Unused |
IMAGE |
Any image type. |
IMAGE_JPEG |
jpeg |
IMAGE_BMP |
bmp |
IMAGE_PNG |
png |
IMAGE_SVG |
svg |
TEXT_UTF8 |
plain text |
WORD_DOCUMENT |
docx, docm, dotx, dotm |
PDF |
|
POWERPOINT_DOCUMENT |
pptx, pptm, potx, potm, pot |
EXCEL_DOCUMENT |
xlsx, xlsm, xltx, xltm |
AVRO |
avro |
CSV |
csv |
TSV |
tsv |
CancelDlpJobRequest
The request message for canceling a DLP job.
| Fields | |
|---|---|
name |
Required. The name of the DlpJob resource to be cancelled. Authorization requires the following IAM permission on the specified resource
|
CharacterMaskConfig
Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3.
| Fields | |
|---|---|
masking_character |
Character to use to mask the sensitive values—for example, |
number_to_mask |
Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally. If
The resulting de-identified string is |
reverse_order |
Mask characters in reverse order. For example, if |
characters_to_ignore[] |
When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is |
CharsToIgnore
Characters to skip when doing deidentification of a value. These will be left alone and skipped.
| Fields | |
|---|---|
Union field
|
|
characters_to_skip |
Characters to not transform when masking. |
common_characters_to_ignore |
Common characters to not transform when masking. Useful to avoid removing punctuation. |
CommonCharsToIgnore
Convenience enum for indicating common characters to not transform.
| Enums | |
|---|---|
COMMON_CHARS_TO_IGNORE_UNSPECIFIED |
Unused. |
NUMERIC |
0-9 |
ALPHA_UPPER_CASE |
A-Z |
ALPHA_LOWER_CASE |
a-z |
PUNCTUATION |
US Punctuation, one of !"#$%&'()*+,-./:;<=>?@[]^_`{|}~ |
WHITESPACE |
Whitespace character, one of [ \t\n\x0B\f\r] |
CloudStorageFileSet
Message representing a set of files in Cloud Storage.
| Fields | |
|---|---|
url |
The url, in the format |
CloudStorageOptions
Options defining a file or a set of files within a Cloud Storage bucket.
| Fields | |
|---|---|
file_set |
The set of one or more files to scan. |
bytes_limit_per_file |
Max number of bytes to scan from a file. If a scanned file's size is bigger than this value then the rest of the bytes are omitted. Only one of |
bytes_limit_per_file_percent |
Max percentage of bytes to scan from a file. The rest are omitted. The number of bytes scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and 100 means no limit. Defaults to 0. Only one of bytes_limit_per_file and bytes_limit_per_file_percent can be specified. This field can't be set if de-identification is requested. For certain file types, setting this field has no effect. For more information, see Limits on bytes scanned per file. |
file_types[] |
List of file type groups to include in the scan. If empty, all files are scanned and available data format processors are applied. In addition, the binary content of the selected files is always scanned as well. Images are scanned only as binary if the specified region does not support image inspection and no file_types were specified. Image inspection is restricted to 'global', 'us', 'asia', and 'europe'. |
sample_method |
|
files_limit_percent |
Limits the number of files to scan to this percentage of the input FileSet. Number of files scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and 100 means no limit. Defaults to 0. |
FileSet
Set of files to scan.
| Fields | |
|---|---|
url |
The Cloud Storage url of the file(s) to scan, in the format If the url ends in a trailing slash, the bucket or directory represented by the url will be scanned non-recursively (content in sub-directories will not be scanned). This means that Exactly one of |
regex_file_set |
The regex-filtered set of files to scan. Exactly one of |
SampleMethod
How to sample bytes if not all bytes are scanned. Meaningful only when used in conjunction with bytes_limit_per_file. If not specified, scanning would start from the top.
| Enums | |
|---|---|
SAMPLE_METHOD_UNSPECIFIED |
|
TOP |
Scan from the top (default). |
RANDOM_START |
For each file larger than bytes_limit_per_file, randomly pick the offset to start scanning. The scanned bytes are contiguous. |
CloudStoragePath
Message representing a single file or path in Cloud Storage.
| Fields | |
|---|---|
path |
A url representing a file or path (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt |
CloudStorageRegexFileSet
Message representing a set of files in a Cloud Storage bucket. Regular expressions are used to allow fine-grained control over which files in the bucket to include.
Included files are those that match at least one item in include_regex and do not match any items in exclude_regex. Note that a file that matches items from both lists will not be included. For a match to occur, the entire file path (i.e., everything in the url after the bucket name) must match the regular expression.
For example, given the input {bucket_name: "mybucket", include_regex:
["directory1/.*"], exclude_regex:
["directory1/excluded.*"]}:
gs://mybucket/directory1/myfilewill be includedgs://mybucket/directory1/directory2/myfilewill be included (.*matches across/)gs://mybucket/directory0/directory1/myfilewill not be included (the full path doesn't match any items ininclude_regex)gs://mybucket/directory1/excludedfilewill not be included (the path matches an item inexclude_regex)
If include_regex is left empty, it will match all files by default (this is equivalent to setting include_regex: [".*"]).
Some other common use cases:
{bucket_name: "mybucket", exclude_regex: [".*\.pdf"]}will include all files inmybucketexcept for .pdf files{bucket_name: "mybucket", include_regex: ["directory/[^/]+"]}will include all files directly undergs://mybucket/directory/, without matching across/
| Fields | |
|---|---|
bucket_name |
The name of a Cloud Storage bucket. Required. |
include_regex[] |
A list of regular expressions matching file paths to include. All files in the bucket that match at least one of these regular expressions will be included in the set of files, except for those that also match an item in Regular expressions use RE2 syntax; a guide can be found under the google/re2 repository on GitHub. |
exclude_regex[] |
A list of regular expressions matching file paths to exclude. All files in the bucket that match at least one of these regular expressions will be excluded from the scan. Regular expressions use RE2 syntax; a guide can be found under the google/re2 repository on GitHub. |
Color
Represents a color in the RGB color space.
| Fields | |
|---|---|
red |
The amount of red in the color as a value in the interval [0, 1]. |
green |
The amount of green in the color as a value in the interval [0, 1]. |
blue |
The amount of blue in the color as a value in the interval [0, 1]. |
ColumnDataProfile
The profile for a scanned column within a table.
| Fields | |
|---|---|
name |
The name of the profile. |
profile_status |
Success or error status from the most recent profile generation attempt. May be empty if the profile is still being generated. |
state |
State of a profile. |
profile_last_generated |
The last time the profile was generated. |
table_data_profile |
The resource name to the table data profile. |
table_full_resource |
The resource name of the table this column is within. |
dataset_project_id |
The Google Cloud project ID that owns the BigQuery dataset. |
dataset_location |
The BigQuery location where the dataset's data is stored. See https://cloud.google.com/bigquery/docs/locations for supported locations. |
dataset_id |
The BigQuery dataset ID. |
table_id |
The BigQuery table ID. |
column |
The name of the column. |
sensitivity_score |
The sensitivity of this column. |
data_risk_level |
The data risk level for this column. |
column_info_type |
If it's been determined this column can be identified as a single type, this will be set. Otherwise the column either has unidentifiable content or mixed types. |
other_matches[] |
Other types found within this column. List will be un-ordered. |
estimated_null_percentage |
Approximate percentage of entries being null in the column. |
estimated_uniqueness_score |
Approximate uniqueness of the column. |
free_text_score |
The likelihood that this column contains free-form text. A value close to 1 may indicate the column is likely to contain free-form or natural language text. Range in 0-1. |
column_type |
The data type of a given column. |
policy_state |
Indicates if a policy tag has been applied to the column. |
ColumnDataType
Data types that a column can be. Types may be added over time.
| Enums | |
|---|---|
COLUMN_DATA_TYPE_UNSPECIFIED |
Invalid type. |
TYPE_INT64 |
Encoded as a string in decimal format. |
TYPE_BOOL |
Encoded as a boolean "false" or "true". |
TYPE_FLOAT64 |
Encoded as a number, or string "NaN", "Infinity" or "-Infinity". |
TYPE_STRING |
Encoded as a string value. |
TYPE_BYTES |
Encoded as a base64 string per RFC 4648, section 4. |
TYPE_TIMESTAMP |
Encoded as an RFC 3339 timestamp with mandatory "Z" time zone string: 1985-04-12T23:20:50.52Z |
TYPE_DATE |
Encoded as RFC 3339 full-date format string: 1985-04-12 |
TYPE_TIME |
Encoded as RFC 3339 partial-time format string: 23:20:50.52 |
TYPE_DATETIME |
Encoded as RFC 3339 full-date "T" partial-time: 1985-04-12T23:20:50.52 |
TYPE_GEOGRAPHY |
Encoded as WKT |
TYPE_NUMERIC |
Encoded as a decimal string. |
TYPE_RECORD |
Container of ordered fields, each with a type and field name. |
TYPE_BIGNUMERIC |
Decimal type. |
TYPE_JSON |
Json type. |
ColumnPolicyState
The possible policy states for a column.
| Enums | |
|---|---|
COLUMN_POLICY_STATE_UNSPECIFIED |
No policy tags. |
COLUMN_POLICY_TAGGED |
Column has policy tag applied. |
State
Possible states of a profile. New items may be added.
| Enums | |
|---|---|
STATE_UNSPECIFIED |
Unused. |
RUNNING |
The profile is currently running. Once a profile has finished it will transition to DONE. |
DONE |
The profile is no longer generating. If profile_status.status.code is 0, the profile succeeded, otherwise, it failed. |
Container
Represents a container that may contain DLP findings. Examples of a container include a file, table, or database record.
| Fields | |
|---|---|
type |
Container type, for example BigQuery or Cloud Storage. |
project_id |
Project where the finding was found. Can be different from the project that owns the finding. |
full_path |
A string representation of the full container name. Examples: - BigQuery: 'Project:DataSetId.TableId' - Cloud Storage: 'gs://Bucket/folders/filename.txt' |
root_path |
The root of the container. Examples:
|
relative_path |
The rest of the path after the root. Examples:
|
update_time |
Findings container modification timestamp, if applicable. For Cloud Storage, this field contains the last file modification timestamp. For a BigQuery table, this field contains the last_modified_time property. For Datastore, this field isn't populated. |
version |
Findings container version, if available ("generation" for Cloud Storage). |
ContentItem
| Fields | |
|---|---|
Union field data_item. Data of the item either in the byte array or UTF-8 string form, or table. data_item can be only one of the following: |
|
value |
String data to inspect or redact. |
table |
Structured content for inspection. See https://cloud.google.com/dlp/docs/inspecting-text#inspecting_a_table to learn more. |
byte_item |
Content data to inspect or redact. Replaces |
ContentLocation
Precise location of the finding within a document, record, image, or metadata container.
| Fields | |
|---|---|
container_name |
Name of the container where the finding is located. The top level name is the source file name or table name. Names of some common storage containers are formatted as follows:
Nested names could be absent if the embedded object has no string identifier (for example, an image contained within a document). |
container_timestamp |
Finding container modification timestamp, if applicable. For Cloud Storage, this field contains the last file modification timestamp. For a BigQuery table, this field contains the last_modified_time property. For Datastore, this field isn't populated. |
container_version |
Finding container version, if available ("generation" for Cloud Storage). |
Union field location. Type of the container within the file with location of the finding. location can be only one of the following: |
|
record_location |
Location within a row or record of a database table. |