本頁面由 Cloud Translation API 翻譯而成。

使用 IAM 控管存取權

總覽

Cloud Healthcare API 使用身分與存取權管理 (IAM) 控管存取權。

在 Cloud Healthcare API 中，您可在專案、資料集或資料儲存庫層級設定存取權控管。舉例來說，您可以授權一組開發人員，讓他們存取某個專案中的所有資料集。如要瞭解如何設定 IAM 並搭配 Cloud Healthcare API 使用，請參閱「控管存取權」和「控管其他產品的存取權」。

如需 IAM 和其功能的詳細說明，請參閱 IAM 說明文件。特別是管理 IAM 政策一節。

每個 Cloud Healthcare API 方法都會要求呼叫者具備必要權限，詳情請參閱「權限」和「角色」。

權限

下表列出與 Cloud Healthcare API 相關的 IAM 權限。表格中的方法名稱已縮短，每個方法的完整名稱開頭都是 projects.locations.。

同意聲明儲存庫方法

同意聲明儲存庫方法	所需權限
`datasets.consentStores.checkDataAccess`	`healthcare.consentStores.checkDataAccess`。
`datasets.consentStores.create`	父項資料集上的 `healthcare.consentStores.create`。
`datasets.consentStores.delete`	`healthcare.consentStores.delete`。
`datasets.consentStores.evaluateUserConsents`	`healthcare.consentStores.evaluateUserConsents`。
`datasets.consentStores.get`	`healthcare.consentStores.get`。
`datasets.consentStores.getIamPolicy`	`healthcare.consentStores.getIamPolicy`。
`datasets.consentStores.list`	父項資料集上的 `healthcare.consentStores.list`。
`datasets.consentStores.patch`	`healthcare.consentStores.update`。
`datasets.consentStores.queryAccessibleData`	`healthcare.consentStores.queryAccessibleData`。
`datasets.consentStores.setIamPolicy`	`healthcare.consentStores.setIamPolicy`。
`datasets.consentStores.attributeDefinitions.create`	`healthcare.attributeDefinitions.create` 家長同意聲明商店。
`datasets.consentStores.attributeDefinitions.delete`	`healthcare.attributeDefinitions.delete` 要求的屬性定義資源。
`datasets.consentStores.attributeDefinitions.get`	`healthcare.attributeDefinitions.get` 要求的屬性定義資源。
`datasets.consentStores.attributeDefinitions.list`	`healthcare.attributeDefinitions.list` 家長同意聲明商店。
`datasets.consentStores.attributeDefinitions.patch`	`healthcare.attributeDefinitions.update` 要求的屬性定義資源。
`datasets.consentStores.consentArtifacts.create`	`healthcare.consentArtifacts.create` 家長同意聲明商店。
`datasets.consentStores.consentArtifacts.delete`	`healthcare.consentArtifacts.delete` 要求的同意聲明構件資源。
`datasets.consentStores.consentArtifacts.get`	`healthcare.consentArtifacts.get` 要求的同意聲明構件資源。
`datasets.consentStores.consentArtifacts.list`	`healthcare.consentArtifacts.list` 家長同意聲明商店。
`datasets.consentStores.consents.create`	`healthcare.consents.create` 家長同意聲明商店。
`datasets.consentStores.consents.delete`	`healthcare.consents.delete` 要求的同意聲明資源。
`datasets.consentStores.consents.get`	`healthcare.consents.get` 要求的同意聲明資源。
`datasets.consentStores.consents.list`	`healthcare.consents.list` 家長同意聲明商店。
`datasets.consentStores.consents.patch`	`healthcare.consents.update` 要求的同意聲明資源。
`datasets.consentStores.consents.revoke`	`healthcare.consents.revoke` 要求的同意聲明資源。
`datasets.consentStores.userDataMappings.archive`	`healthcare.userDataMappings.archive` 要求的使用者資料對應資源。
`datasets.consentStores.userDataMappings.create`	`healthcare.userDataMappings.create` 家長同意聲明商店。
`datasets.consentStores.userDataMappings.delete`	`healthcare.userDataMappings.delete` 要求的使用者資料對應資源。
`datasets.consentStores.userDataMappings.get`	`healthcare.userDataMappings.get` 要求的使用者資料對應資源。
`datasets.consentStores.userDataMappings.list`	`healthcare.userDataMappings.list` 家長同意聲明商店。
`datasets.consentStores.userDataMappings.patch`	`healthcare.userDataMappings.update` 要求的使用者資料對應資源。

資料集方法

資料集方法	所需權限
`datasets.create`	上層專案的 `healthcare.datasets.create` 權限。 Google Cloud
`datasets.deidentify`	來源資料集的 `healthcare.datasets.deidentify` 權限。 `healthcare.datasets.create` Google Cloud 目的地資料集所屬專案。
`datasets.delete`	`healthcare.datasets.delete` 要求的資料集。
`datasets.get`	`healthcare.datasets.get` 要求的資料集。
`datasets.getIamPolicy`	`healthcare.datasets.getIamPolicy` 要求的資料集。
`datasets.list`	上層專案的 `healthcare.datasets.list` 權限。 Google Cloud
`datasets.patch`	`healthcare.datasets.update` 要求的資料集。
`datasets.setIAMPolicy`	`healthcare.datasets.setIamPolicy` 要求的資料集。

DICOM 儲存庫方法

DICOM 儲存庫方法	所需權限
`datasets.dicomStores.create`	父項資料集上的 `healthcare.dicomStores.create`。
`datasets.dicomStores.deidentify`	來源 DICOM 儲存庫上的 `healthcare.dicomStores.deidentify`。目的地 DICOM 儲存庫上的 `healthcare.dicomStores.dicomWebWrite`。
`datasets.dicomStores.delete`	要求的 DICOM 儲存庫。`healthcare.dicomStores.delete`
`datasets.dicomStores.export`	要求的 DICOM 儲存庫。`healthcare.dicomStores.export` 匯出至 Cloud Storage 時：`roles/storage.objectAdmin` 授予專案的 Cloud Healthcare Service Agent 服務帳戶。如需操作說明，請參閱「將資料匯出至 Cloud Storage」。匯出至 BigQuery 時：`roles/bigquery.dataEditor` 和 `roles/bigquery.jobUser` 授予專案的 Cloud Healthcare 服務代理程式服務帳戶。如需操作說明，請參閱「DICOM 儲存庫 BigQuery 權限」。
`datasets.dicomStores.get`	要求的 DICOM 儲存庫。`healthcare.dicomStores.get`
`datasets.dicomStores.getIamPolicy`	要求的 DICOM 儲存庫。`healthcare.dicomStores.getIamPolicy`
`datasets.dicomStores.import`	要求的 DICOM 儲存庫。`healthcare.dicomStores.import` `roles/storage.objectViewer` 授予專案的 Cloud Healthcare Service Agent 服務帳戶。如需操作說明，請參閱「從 Cloud Storage 匯入資料」。
`datasets.dicomStores.list`	父項資料集上的 `healthcare.dicomStores.list`。
`datasets.dicomStores.patch`	要求的 DICOM 儲存庫。`healthcare.dicomStores.update`
`datasets.dicomStores.searchForInstances`	要求的 DICOM 儲存庫。`healthcare.dicomStores.dicomWebRead`
`datasets.dicomStores.searchForSeries`	要求的 DICOM 儲存庫。`healthcare.dicomStores.dicomWebRead`
`datasets.dicomStores.searchForStudies`	要求的 DICOM 儲存庫。`healthcare.dicomStores.dicomWebRead`
`datasets.dicomStores.setIamPolicy`	要求的 DICOM 儲存庫。`healthcare.dicomStores.setIamPolicy`
`datasets.dicomStores.storeInstances`	要求的 DICOM 儲存庫。`healthcare.dicomStores.dicomWebWrite`
`datasets.dicomStores.studies.delete`	要求的 DICOM 儲存庫。`healthcare.dicomStores.dicomWebDelete`
`datasets.dicomStores.studies.retrieveMetadata`	要求的 DICOM 儲存庫。`healthcare.dicomStores.dicomWebRead`
`datasets.dicomStores.studies.retrieveStudy`	要求的 DICOM 儲存庫。`healthcare.dicomStores.dicomWebRead`
`datasets.dicomStores.studies.searchForInstances`	要求的 DICOM 儲存庫。`healthcare.dicomStores.dicomWebRead`
`datasets.dicomStores.studies.searchForSeries`	要求的 DICOM 儲存庫。`healthcare.dicomStores.dicomWebRead`
`datasets.dicomStores.studies.storeInstances`	要求的 DICOM 儲存庫。`healthcare.dicomStores.dicomWebWrite`
`datasets.dicomStores.studies.updateInstances`	要求的 DICOM 儲存庫。`healthcare.dicomStores.dicomWebUpdate`
`datasets.dicomStores.studies.updateMetadata`	要求的 DICOM 儲存庫。`healthcare.dicomStores.dicomWebUpdate`
`datasets.dicomStores.studies.series.delete`	要求的 DICOM 儲存庫。`healthcare.dicomStores.dicomWebDelete`
`datasets.dicomStores.studies.series.retrieveMetadata`	要求的 DICOM 儲存庫。`healthcare.dicomStores.dicomWebRead`
`datasets.dicomStores.studies.series.retrieveSeries`	要求的 DICOM 儲存庫。`healthcare.dicomStores.dicomWebRead`
`datasets.dicomStores.studies.series.searchForInstances`	要求的 DICOM 儲存庫。`healthcare.dicomStores.dicomWebRead`
`datasets.dicomStores.studies.series.updateMetadata`	要求的 DICOM 儲存庫。`healthcare.dicomStores.dicomWebUpdate`
`datasets.dicomStores.studies.series.instances.delete`	要求的 DICOM 儲存庫。`healthcare.dicomStores.dicomWebDelete`
`datasets.dicomStores.studies.series.instances.retrieveInstance`	要求的 DICOM 儲存庫。`healthcare.dicomStores.dicomWebRead`
`datasets.dicomStores.studies.series.instances.retrieveMetadata`	要求的 DICOM 儲存庫。`healthcare.dicomStores.dicomWebRead`
`datasets.dicomStores.studies.series.instances.retrieveRendered`	要求的 DICOM 儲存庫。`healthcare.dicomStores.dicomWebRead`
`datasets.dicomStores.studies.series.instances.updateMetadata`	要求的 DICOM 儲存庫。`healthcare.dicomStores.dicomWebUpdate`
`datasets.dicomStores.studies.series.instances.frames.retrieveFrames`	要求的 DICOM 儲存庫。`healthcare.dicomStores.dicomWebRead`
`datasets.dicomStores.studies.series.instances.frames.retrieveRendered`	要求的 DICOM 儲存庫。`healthcare.dicomStores.dicomWebRead`
`datasets.dicomStores.studies.series.instances.bulkdata.retrieveBulkdata`	要求的 DICOM 儲存庫。`healthcare.dicomStores.dicomWebRead`

FHIR 儲存庫方法

FHIR 儲存庫方法	所需權限
`datasets.fhirStores.applyConsents`	所要求的 FHIR 存放區資源。`healthcare.fhirStores.applyConsents`
`datasets.fhirStores.applyAdminConsents`	所要求的 FHIR 存放區資源。`healthcare.fhirStores.applyConsents`
`datasets.fhirStores.configureSearch`	`healthcare.fhirStores.configureSearch`。
`datasets.fhirStores.create`	父項資料集上的 `healthcare.fhirStores.create`。
`datasets.fhirStores.deidentify`	來源 FHIR 儲存庫的 `healthcare.fhirStores.deidentify`。目的地 FHIR 儲存庫上的 `healthcare.fhirResources.update`。
`datasets.fhirStores.delete`	`healthcare.fhirStores.delete`。
`datasets.fhirStores.explainDataAccess`	所要求的 FHIR 存放區資源。`healthcare.fhirStores.explainDataAccess`
`datasets.fhirStores.export`	`healthcare.fhirStores.export`。匯出至 Cloud Storage 時：授予專案的 Cloud Healthcare Service Agent 服務帳戶 `storage.objects.create`、`storage.objects.delete` 和 `storage.objects.list`。如需操作說明，請參閱「將 FHIR 資源匯出至 Cloud Storage」。匯出至 BigQuery 時：`roles/bigquery.dataEditor` 和 `roles/bigquery.jobUser` 授予專案的 Cloud Healthcare 服務代理程式服務帳戶。如需操作說明，請參閱「FHIR 儲存庫 BigQuery 權限」。
`datasets.fhirStores.get`	`healthcare.fhirStores.get`。
`datasets.fhirStores.getFHIRStoreMetrics`	`healthcare.fhirStores.get`。
`datasets.fhirStores.getIamPolicy`	`healthcare.fhirStores.getIamPolicy`。
`datasets.fhirStores.import`	`healthcare.fhirStores.import`。 `storage.objects.get` 和 `storage.objects.list` 授予專案的 Cloud Healthcare Service Agent 服務帳戶。如需操作說明，請參閱「從 Cloud Storage 匯入 FHIR 資源」。
`datasets.fhirStores.list`	父項資料集上的 `healthcare.fhirStores.list`。
`datasets.fhirStores.patch`	`healthcare.fhirStores.update`。
`datasets.fhirStores.rollback`	`healthcare.fhirStores.rollback`。
`datasets.fhirStores.setIamPolicy`	`healthcare.fhirStores.setIamPolicy`。
`datasets.fhirStores.fhir.Encounter-everything`	對每個傳回的資源呼叫 `healthcare.fhirResources.get`。
`datasets.fhirStores.fhir.Observation-lastn`	上層 FHIR 儲存庫的 `healthcare.fhirStores.searchResources`。
`datasets.fhirStores.fhir.Patient-everything`	對每個傳回的資源呼叫 `healthcare.fhirResources.get`。
`datasets.fhirStores.fhir.Resource-purge`	所要求的 FHIR 存放區資源。`healthcare.fhirResources.purge`
`datasets.fhirStores.fhir.capabilities`	`healthcare.fhirStores.get`。
`datasets.fhirStores.fhir.conditionalDelete`	上層 FHIR 儲存庫的 `healthcare.fhirStores.searchResources`。所要求的 FHIR 存放區資源。`healthcare.fhirResources.delete`
`datasets.fhirStores.fhir.conditionalPatch`	上層 FHIR 儲存庫的 `healthcare.fhirStores.searchResources`。所要求的 FHIR 存放區資源。`healthcare.fhirResources.patch`
`datasets.fhirStores.fhir.conditionalUpdate`	上層 FHIR 儲存庫的 `healthcare.fhirStores.searchResources`。所要求的 FHIR 存放區資源。`healthcare.fhirResources.update`
`datasets.fhirStores.fhir.create`	條件式建立互動：父項 FHIR 儲存庫上的 `healthcare.fhirResources.create` 和 `healthcare.fhirStores.searchResources`。如要建立互動：父項 FHIR 儲存庫上的 `healthcare.fhirResources.create`。
`datasets.fhirStores.fhir.delete`	所要求的 FHIR 存放區資源。`healthcare.fhirResources.delete`
`datasets.fhirStores.fhir.executeBundle`	要求的 FHIR 存放區，以及與套件中個別作業對應的其他權限 (例如 `healthcare.fhirResources.create` 和 `healthcare.fhirResources.update`)。`healthcare.fhirResources.executeBundle`如果 API 呼叫者具有 `healthcare.fhirResources.create` 權限，但沒有 `healthcare.fhirResources.update` 權限，則呼叫者只能執行包含 `healthcare.fhirResources.create` 作業的套件。
`datasets.fhirStores.fhir.history`	`healthcare.fhirResources.get`，以及每個版本。
`datasets.fhirStores.fhir.patch`	所要求的 FHIR 存放區資源。`healthcare.fhirResources.patch`
`datasets.fhirStores.fhir.read`	所要求的 FHIR 存放區資源。`healthcare.fhirResources.get`
`datasets.fhirStores.fhir.search`	上層 FHIR 儲存庫的 `healthcare.fhirStores.searchResources`。
`datasets.fhirStores.fhir.update`	所要求的 FHIR 存放區資源。`healthcare.fhirResources.update`
`datasets.fhirStores.fhir.vread`	`healthcare.fhirResources.get`。
`datasets.fhirStores.fhir.Patient-consent-enforcement-status`	`healthcare.fhirResources.get` 要求的 FHIR 儲存庫病患資源。
`datasets.fhirStores.fhir.Consent-enforcement-status`	在要求的 FHIR 存放區同意聲明資源上。`healthcare.fhirResources.get`

HL7v2 儲存庫方法

HL7v2 儲存庫方法	所需權限
`datasets.hl7V2Stores.create`	父項資料集上的 `healthcare.hl7V2Stores.create`。
`datasets.hl7V2Stores.delete`	要求的 HL7v2 儲存庫上。`healthcare.hl7V2Stores.delete`
`datasets.hl7V2Stores.export`	要求的 HL7v2 儲存庫上。`healthcare.hl7V2Stores.export`
`datasets.hl7V2Stores.get`	要求的 HL7v2 儲存庫上。`healthcare.hl7V2Stores.get`
`datasets.hl7V2Stores.import`	要求的 HL7v2 儲存庫上。`healthcare.hl7V2Stores.import`
`datasets.hl7V2Stores.list`	父項資料集上的 `healthcare.hl7V2Stores.list`。
`datasets.hl7V2Stores.patch`	要求的 HL7v2 儲存庫上。`healthcare.hl7V2Stores.update`
`datasets.hl7V2Stores.getIamPolicy`	要求的 HL7v2 儲存庫上。`healthcare.hl7V2Stores.getIamPolicy`
`datasets.hl7V2Stores.setIamPolicy`	要求的 HL7v2 儲存庫上。`healthcare.hl7V2Stores.setIamPolicy`
`datasets.hl7V2Stores.messages.create`	父項 HL7v2 儲存庫的 `healthcare.hl7V2Messages.create`。
`datasets.hl7V2Stores.messages.delete`	要求的 HL7v2 儲存庫訊息。`healthcare.hl7V2Messages.delete`
`datasets.hl7V2Stores.messages.get`	要求的 HL7v2 儲存庫訊息。`healthcare.hl7V2Messages.get`
`datasets.hl7V2Stores.messages.ingest`	要求的 HL7v2 儲存庫訊息。`healthcare.hl7V2Messages.ingest`
`datasets.hl7V2Stores.messages.list`	父項 HL7v2 儲存庫的 `healthcare.hl7V2Messages.list`。
`datasets.hl7V2Stores.messages.patch`	要求的 HL7v2 儲存庫訊息。`healthcare.hl7V2Messages.update`

位置方法

位置方法	所需權限
`locations.get`	`healthcare.locations.get` 位於要求的位置。
`locations.list`	上層專案的 `healthcare.locations.list` 權限。 Google Cloud

Healthcare Natural Language API 方法

Healthcare Natural Language API 方法	所需權限
`nlp.analyzeEntities`	`healthcare.nlpservice.analyzeEntities`

操作方法

操作方法	必要權限
`datasets.operations.get`	`healthcare.operations.get` 要求的資料集。
`datasets.operations.list`	`healthcare.operations.list` 要求的資料集。
`datasets.operations.cancel`	`healthcare.operations.cancel` 要求的資料集。

去識別化方法

去識別化方法	必要權限
`services.deidentify.deidentifyDicomInstance`	`healthcare.deidentify.run`
`services.deidentify.deidentifyFhirResource`	`healthcare.deidentify.run`

角色

下表列出 Cloud Healthcare API IAM 角色，以及與各角色相關聯的權限。roles/owner、roles/editor 和 roles/viewer 角色也具備其他 Google Cloud 服務的權限。如要進一步瞭解角色，請參閱「瞭解角色」。

同意聲明儲存庫角色

同意聲明儲存庫角色權限

同意聲明儲存庫角色	權限
Healthcare Consent Store Viewer (`roles/healthcare.consentStoreViewer`) 可列出資料集中的同意聲明存放區。	`healthcare.consentStores.checkDataAccess` `healthcare.consentStores.evaluateUserConsents` `healthcare.consentStores.get` `healthcare.consentStores.list` `healthcare.consentStores.queryAccessibleData` `healthcare.datasets.get` `healthcare.datasets.list` `healthcare.locations.*` `healthcare.locations.get` `healthcare.locations.list` `healthcare.operations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Healthcare 同意聲明庫管理員 (`roles/healthcare.consentStoreAdmin`) 可管理同意聲明存放區。	`healthcare.consentStores.` `healthcare.consentStores.checkDataAccess` `healthcare.consentStores.create` `healthcare.consentStores.delete` `healthcare.consentStores.evaluateUserConsents` `healthcare.consentStores.get` `healthcare.consentStores.getIamPolicy` `healthcare.consentStores.list` `healthcare.consentStores.queryAccessibleData` `healthcare.consentStores.setIamPolicy` `healthcare.consentStores.update` `healthcare.datasets.get` `healthcare.datasets.list` `healthcare.locations.` `healthcare.locations.get` `healthcare.locations.list` `healthcare.operations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`

Healthcare Consent Store Viewer

(roles/healthcare.consentStoreViewer)

可列出資料集中的同意聲明存放區。

healthcare.consentStores.checkDataAccess

healthcare.consentStores.evaluateUserConsents

healthcare.consentStores.get

healthcare.consentStores.list

healthcare.consentStores.queryAccessibleData

healthcare.datasets.get

healthcare.datasets.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare 同意聲明庫管理員

(roles/healthcare.consentStoreAdmin)

可管理同意聲明存放區。

healthcare.consentStores.*

healthcare.consentStores.checkDataAccess
healthcare.consentStores.create
healthcare.consentStores.delete
healthcare.consentStores.evaluateUserConsents
healthcare.consentStores.get
healthcare.consentStores.getIamPolicy
healthcare.consentStores.list
healthcare.consentStores.queryAccessibleData
healthcare.consentStores.setIamPolicy
healthcare.consentStores.update

healthcare.datasets.get

healthcare.datasets.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

同意聲明角色

同意聲明角色權限

同意聲明角色	權限
Healthcare 屬性定義讀取者 (`roles/healthcare.attributeDefinitionReader`) 可讀取同意聲明存放區中的 AttributeDefinition 物件。	`healthcare.attributeDefinitions.get` `healthcare.attributeDefinitions.list` `healthcare.consentStores.checkDataAccess` `healthcare.consentStores.evaluateUserConsents` `healthcare.consentStores.get` `healthcare.consentStores.list` `healthcare.consentStores.queryAccessibleData` `healthcare.datasets.get` `healthcare.datasets.list` `healthcare.locations.*` `healthcare.locations.get` `healthcare.locations.list` `healthcare.operations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Healthcare 屬性定義編輯者 (`roles/healthcare.attributeDefinitionEditor`) 可編輯 AttributeDefinition 物件。	`healthcare.attributeDefinitions.` `healthcare.attributeDefinitions.create` `healthcare.attributeDefinitions.delete` `healthcare.attributeDefinitions.get` `healthcare.attributeDefinitions.list` `healthcare.attributeDefinitions.update` `healthcare.consentStores.checkDataAccess` `healthcare.consentStores.evaluateUserConsents` `healthcare.consentStores.get` `healthcare.consentStores.list` `healthcare.consentStores.queryAccessibleData` `healthcare.datasets.get` `healthcare.datasets.list` `healthcare.locations.` `healthcare.locations.get` `healthcare.locations.list` `healthcare.operations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Healthcare 同意聲明構件讀取者 (`roles/healthcare.consentArtifactReader`) 可讀取同意聲明存放區中的 ConsentArtifact 物件。	`healthcare.consentArtifacts.get` `healthcare.consentArtifacts.list` `healthcare.consentStores.checkDataAccess` `healthcare.consentStores.evaluateUserConsents` `healthcare.consentStores.get` `healthcare.consentStores.list` `healthcare.consentStores.queryAccessibleData` `healthcare.datasets.get` `healthcare.datasets.list` `healthcare.locations.*` `healthcare.locations.get` `healthcare.locations.list` `healthcare.operations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Healthcare 同意聲明構件編輯者 (`roles/healthcare.consentArtifactEditor`) 編輯 ConsentArtifact 物件。	`healthcare.consentArtifacts.create` `healthcare.consentArtifacts.get` `healthcare.consentArtifacts.list` `healthcare.consentStores.checkDataAccess` `healthcare.consentStores.evaluateUserConsents` `healthcare.consentStores.get` `healthcare.consentStores.list` `healthcare.consentStores.queryAccessibleData` `healthcare.datasets.get` `healthcare.datasets.list` `healthcare.locations.*` `healthcare.locations.get` `healthcare.locations.list` `healthcare.operations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Healthcare Consent Artifact Administrator (`roles/healthcare.consentArtifactAdmin`) 管理 ConsentArtifact 物件。	`healthcare.consentArtifacts.` `healthcare.consentArtifacts.create` `healthcare.consentArtifacts.delete` `healthcare.consentArtifacts.get` `healthcare.consentArtifacts.list` `healthcare.consentStores.checkDataAccess` `healthcare.consentStores.evaluateUserConsents` `healthcare.consentStores.get` `healthcare.consentStores.list` `healthcare.consentStores.queryAccessibleData` `healthcare.datasets.get` `healthcare.datasets.list` `healthcare.locations.` `healthcare.locations.get` `healthcare.locations.list` `healthcare.operations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Healthcare Consent Reader (`roles/healthcare.consentReader`) 可讀取同意聲明存放區中的同意聲明物件。	`healthcare.consentStores.checkDataAccess` `healthcare.consentStores.evaluateUserConsents` `healthcare.consentStores.get` `healthcare.consentStores.list` `healthcare.consentStores.queryAccessibleData` `healthcare.consents.get` `healthcare.consents.list` `healthcare.datasets.get` `healthcare.datasets.list` `healthcare.locations.*` `healthcare.locations.get` `healthcare.locations.list` `healthcare.operations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Healthcare 同意聲明編輯者 (`roles/healthcare.consentEditor`) 編輯 Consent 物件。	`healthcare.consentStores.checkDataAccess` `healthcare.consentStores.evaluateUserConsents` `healthcare.consentStores.get` `healthcare.consentStores.list` `healthcare.consentStores.queryAccessibleData` `healthcare.consents.` `healthcare.consents.activate` `healthcare.consents.create` `healthcare.consents.delete` `healthcare.consents.get` `healthcare.consents.list` `healthcare.consents.reject` `healthcare.consents.revoke` `healthcare.consents.update` `healthcare.datasets.get` `healthcare.datasets.list` `healthcare.locations.` `healthcare.locations.get` `healthcare.locations.list` `healthcare.operations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Healthcare 使用者資料對應關係讀取者 (`roles/healthcare.userDataMappingReader`) 可讀取同意聲明存放區中的 UserDataMapping 物件。	`healthcare.consentStores.checkDataAccess` `healthcare.consentStores.evaluateUserConsents` `healthcare.consentStores.get` `healthcare.consentStores.list` `healthcare.consentStores.queryAccessibleData` `healthcare.datasets.get` `healthcare.datasets.list` `healthcare.locations.*` `healthcare.locations.get` `healthcare.locations.list` `healthcare.operations.get` `healthcare.userDataMappings.get` `healthcare.userDataMappings.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Healthcare 使用者資料對應關係編輯者 (`roles/healthcare.userDataMappingEditor`) 可編輯 UserDataMapping 物件。	`healthcare.consentStores.checkDataAccess` `healthcare.consentStores.evaluateUserConsents` `healthcare.consentStores.get` `healthcare.consentStores.list` `healthcare.consentStores.queryAccessibleData` `healthcare.datasets.get` `healthcare.datasets.list` `healthcare.locations.` `healthcare.locations.get` `healthcare.locations.list` `healthcare.operations.get` `healthcare.userDataMappings.` `healthcare.userDataMappings.archive` `healthcare.userDataMappings.create` `healthcare.userDataMappings.delete` `healthcare.userDataMappings.get` `healthcare.userDataMappings.list` `healthcare.userDataMappings.update` `resourcemanager.projects.get` `resourcemanager.projects.list`

Healthcare 屬性定義讀取者

(roles/healthcare.attributeDefinitionReader)

可讀取同意聲明存放區中的 AttributeDefinition 物件。

healthcare.attributeDefinitions.get

healthcare.attributeDefinitions.list

healthcare.consentStores.checkDataAccess

healthcare.consentStores.evaluateUserConsents

healthcare.consentStores.get

healthcare.consentStores.list

healthcare.consentStores.queryAccessibleData

healthcare.datasets.get

healthcare.datasets.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare 屬性定義編輯者

(roles/healthcare.attributeDefinitionEditor)

可編輯 AttributeDefinition 物件。

healthcare.attributeDefinitions.*

healthcare.attributeDefinitions.create
healthcare.attributeDefinitions.delete
healthcare.attributeDefinitions.get
healthcare.attributeDefinitions.list
healthcare.attributeDefinitions.update

healthcare.consentStores.checkDataAccess

healthcare.consentStores.evaluateUserConsents

healthcare.consentStores.get

healthcare.consentStores.list

healthcare.consentStores.queryAccessibleData

healthcare.datasets.get

healthcare.datasets.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare 同意聲明構件讀取者

(roles/healthcare.consentArtifactReader)

可讀取同意聲明存放區中的 ConsentArtifact 物件。

healthcare.consentArtifacts.get

healthcare.consentArtifacts.list

healthcare.consentStores.checkDataAccess

healthcare.consentStores.evaluateUserConsents

healthcare.consentStores.get

healthcare.consentStores.list

healthcare.consentStores.queryAccessibleData

healthcare.datasets.get

healthcare.datasets.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare 同意聲明構件編輯者

(roles/healthcare.consentArtifactEditor)

編輯 ConsentArtifact 物件。

healthcare.consentArtifacts.create

healthcare.consentArtifacts.get

healthcare.consentArtifacts.list

healthcare.consentStores.checkDataAccess

healthcare.consentStores.evaluateUserConsents

healthcare.consentStores.get

healthcare.consentStores.list

healthcare.consentStores.queryAccessibleData

healthcare.datasets.get

healthcare.datasets.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare Consent Artifact Administrator

(roles/healthcare.consentArtifactAdmin)

管理 ConsentArtifact 物件。

healthcare.consentArtifacts.*

healthcare.consentArtifacts.create
healthcare.consentArtifacts.delete
healthcare.consentArtifacts.get
healthcare.consentArtifacts.list

healthcare.consentStores.checkDataAccess

healthcare.consentStores.evaluateUserConsents

healthcare.consentStores.get

healthcare.consentStores.list

healthcare.consentStores.queryAccessibleData

healthcare.datasets.get

healthcare.datasets.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare Consent Reader

(roles/healthcare.consentReader)

可讀取同意聲明存放區中的同意聲明物件。

healthcare.consentStores.checkDataAccess

healthcare.consentStores.evaluateUserConsents

healthcare.consentStores.get

healthcare.consentStores.list

healthcare.consentStores.queryAccessibleData

healthcare.consents.get

healthcare.consents.list

healthcare.datasets.get

healthcare.datasets.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare 同意聲明編輯者

(roles/healthcare.consentEditor)

編輯 Consent 物件。

healthcare.consentStores.checkDataAccess

healthcare.consentStores.evaluateUserConsents

healthcare.consentStores.get

healthcare.consentStores.list

healthcare.consentStores.queryAccessibleData

healthcare.consents.*

healthcare.consents.activate
healthcare.consents.create
healthcare.consents.delete
healthcare.consents.get
healthcare.consents.list
healthcare.consents.reject
healthcare.consents.revoke
healthcare.consents.update

healthcare.datasets.get

healthcare.datasets.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare 使用者資料對應關係讀取者

(roles/healthcare.userDataMappingReader)

可讀取同意聲明存放區中的 UserDataMapping 物件。

healthcare.consentStores.checkDataAccess

healthcare.consentStores.evaluateUserConsents

healthcare.consentStores.get

healthcare.consentStores.list

healthcare.consentStores.queryAccessibleData

healthcare.datasets.get

healthcare.datasets.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.get

healthcare.userDataMappings.get

healthcare.userDataMappings.list

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare 使用者資料對應關係編輯者

(roles/healthcare.userDataMappingEditor)

可編輯 UserDataMapping 物件。

healthcare.consentStores.checkDataAccess

healthcare.consentStores.evaluateUserConsents

healthcare.consentStores.get

healthcare.consentStores.list

healthcare.consentStores.queryAccessibleData

healthcare.datasets.get

healthcare.datasets.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.get

healthcare.userDataMappings.*

healthcare.userDataMappings.archive
healthcare.userDataMappings.create
healthcare.userDataMappings.delete
healthcare.userDataMappings.get
healthcare.userDataMappings.list
healthcare.userDataMappings.update

resourcemanager.projects.get

resourcemanager.projects.list

資料集角色

資料集角色權限

資料集角色	權限
Healthcare 資料集檢視者 (`roles/healthcare.datasetViewer`) 可在專案中列出 Healthcare 資料集。	`healthcare.datasets.get` `healthcare.datasets.list` `healthcare.locations.*` `healthcare.locations.get` `healthcare.locations.list` `healthcare.operations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Healthcare 資料集管理員 (`roles/healthcare.datasetAdmin`) 可管理 Healthcare 資料集。	`healthcare.datasets.` `healthcare.datasets.create` `healthcare.datasets.deidentify` `healthcare.datasets.delete` `healthcare.datasets.get` `healthcare.datasets.getIamPolicy` `healthcare.datasets.list` `healthcare.datasets.setIamPolicy` `healthcare.datasets.update` `healthcare.locations.` `healthcare.locations.get` `healthcare.locations.list` `healthcare.operations.*` `healthcare.operations.cancel` `healthcare.operations.get` `healthcare.operations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

Healthcare 資料集檢視者

(roles/healthcare.datasetViewer)

可在專案中列出 Healthcare 資料集。

healthcare.datasets.get

healthcare.datasets.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare 資料集管理員

(roles/healthcare.datasetAdmin)

可管理 Healthcare 資料集。

healthcare.datasets.*

healthcare.datasets.create
healthcare.datasets.deidentify
healthcare.datasets.delete
healthcare.datasets.get
healthcare.datasets.getIamPolicy
healthcare.datasets.list
healthcare.datasets.setIamPolicy
healthcare.datasets.update

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.*

healthcare.operations.cancel
healthcare.operations.get
healthcare.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

DICOM 儲存庫角色

DICOM 儲存庫角色權限

DICOM 儲存庫角色	權限
Healthcare DICOM Store 檢視者 (`roles/healthcare.dicomStoreViewer`) 可列出資料集中的 DICOM Store。	`healthcare.datasets.get` `healthcare.datasets.list` `healthcare.dicomStores.get` `healthcare.dicomStores.list` `healthcare.locations.*` `healthcare.locations.get` `healthcare.locations.list` `healthcare.operations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Healthcare DICOM 存放區管理員 (`roles/healthcare.dicomStoreAdmin`) 可以管理 DICOM Store。	`healthcare.datasets.get` `healthcare.datasets.list` `healthcare.dicomStores.create` `healthcare.dicomStores.deidentify` `healthcare.dicomStores.delete` `healthcare.dicomStores.dicomWebDelete` `healthcare.dicomStores.get` `healthcare.dicomStores.getIamPolicy` `healthcare.dicomStores.list` `healthcare.dicomStores.setIamPolicy` `healthcare.dicomStores.update` `healthcare.locations.*` `healthcare.locations.get` `healthcare.locations.list` `healthcare.operations.cancel` `healthcare.operations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Healthcare DICOM 檢視者 (`roles/healthcare.dicomViewer`) 可以從 DICOM Store 擷取 DICOM 映像檔。	`healthcare.datasets.get` `healthcare.datasets.list` `healthcare.dicomStores.dicomWebRead` `healthcare.dicomStores.export` `healthcare.dicomStores.get` `healthcare.dicomStores.list` `healthcare.locations.*` `healthcare.locations.get` `healthcare.locations.list` `healthcare.operations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Healthcare DICOM 編輯者 (`roles/healthcare.dicomEditor`) 可個別以及大量編輯 DICOM 映像檔。	`healthcare.datasets.get` `healthcare.datasets.list` `healthcare.dicomStores.dicomWebDelete` `healthcare.dicomStores.dicomWebRead` `healthcare.dicomStores.dicomWebUpdate` `healthcare.dicomStores.dicomWebWrite` `healthcare.dicomStores.export` `healthcare.dicomStores.get` `healthcare.dicomStores.import` `healthcare.dicomStores.list` `healthcare.locations.*` `healthcare.locations.get` `healthcare.locations.list` `healthcare.operations.cancel` `healthcare.operations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`

Healthcare DICOM Store 檢視者

(roles/healthcare.dicomStoreViewer)

可列出資料集中的 DICOM Store。

healthcare.datasets.get

healthcare.datasets.list

healthcare.dicomStores.get

healthcare.dicomStores.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare DICOM 存放區管理員

(roles/healthcare.dicomStoreAdmin)

可以管理 DICOM Store。

healthcare.datasets.get

healthcare.datasets.list

healthcare.dicomStores.create

healthcare.dicomStores.deidentify

healthcare.dicomStores.delete

healthcare.dicomStores.dicomWebDelete

healthcare.dicomStores.get

healthcare.dicomStores.getIamPolicy

healthcare.dicomStores.list

healthcare.dicomStores.setIamPolicy

healthcare.dicomStores.update

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.cancel

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare DICOM 檢視者

(roles/healthcare.dicomViewer)

可以從 DICOM Store 擷取 DICOM 映像檔。

healthcare.datasets.get

healthcare.datasets.list

healthcare.dicomStores.dicomWebRead

healthcare.dicomStores.export

healthcare.dicomStores.get

healthcare.dicomStores.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare DICOM 編輯者

(roles/healthcare.dicomEditor)

可個別以及大量編輯 DICOM 映像檔。

healthcare.datasets.get

healthcare.datasets.list

healthcare.dicomStores.dicomWebDelete

healthcare.dicomStores.dicomWebRead

healthcare.dicomStores.dicomWebUpdate

healthcare.dicomStores.dicomWebWrite

healthcare.dicomStores.export

healthcare.dicomStores.get

healthcare.dicomStores.import

healthcare.dicomStores.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.cancel

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

FHIR 儲存庫角色

FHIR 存放區角色權限

FHIR 存放區角色	權限
Healthcare FHIR Store 檢視者 (`roles/healthcare.fhirStoreViewer`) 可列出資料集中的 FHIR Store。	`healthcare.datasets.get` `healthcare.datasets.list` `healthcare.fhirStores.get` `healthcare.fhirStores.list` `healthcare.locations.*` `healthcare.locations.get` `healthcare.locations.list` `healthcare.operations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Healthcare FHIR 存放區管理員 (`roles/healthcare.fhirStoreAdmin`) 可管理 FHIR 資源存放區。	`healthcare.datasets.get` `healthcare.datasets.list` `healthcare.fhirResources.purge` `healthcare.fhirStores.applyConsents` `healthcare.fhirStores.configureSearch` `healthcare.fhirStores.create` `healthcare.fhirStores.deidentify` `healthcare.fhirStores.delete` `healthcare.fhirStores.deleteFhirOperation` `healthcare.fhirStores.explainDataAccess` `healthcare.fhirStores.export` `healthcare.fhirStores.get` `healthcare.fhirStores.getFhirOperation` `healthcare.fhirStores.getIamPolicy` `healthcare.fhirStores.import` `healthcare.fhirStores.list` `healthcare.fhirStores.rollback` `healthcare.fhirStores.setIamPolicy` `healthcare.fhirStores.update` `healthcare.locations.*` `healthcare.locations.get` `healthcare.locations.list` `healthcare.operations.cancel` `healthcare.operations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Healthcare FHIR 資源讀取者 (`roles/healthcare.fhirResourceReader`) 讀取及搜尋 FHIR 資源。	`healthcare.datasets.get` `healthcare.datasets.list` `healthcare.fhirResources.get` `healthcare.fhirResources.translateConceptMap` `healthcare.fhirStores.executeBundle` `healthcare.fhirStores.get` `healthcare.fhirStores.list` `healthcare.fhirStores.searchResources` `healthcare.locations.*` `healthcare.locations.get` `healthcare.locations.list` `healthcare.operations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Healthcare FHIR 資源編輯者 (`roles/healthcare.fhirResourceEditor`) 建立、刪除、更新、讀取及搜尋 FHIR 資源。	`healthcare.datasets.get` `healthcare.datasets.list` `healthcare.fhirResources.create` `healthcare.fhirResources.delete` `healthcare.fhirResources.get` `healthcare.fhirResources.patch` `healthcare.fhirResources.translateConceptMap` `healthcare.fhirResources.update` `healthcare.fhirStores.executeBundle` `healthcare.fhirStores.get` `healthcare.fhirStores.list` `healthcare.fhirStores.searchResources` `healthcare.locations.*` `healthcare.locations.get` `healthcare.locations.list` `healthcare.operations.cancel` `healthcare.operations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`

Healthcare FHIR Store 檢視者

(roles/healthcare.fhirStoreViewer)

可列出資料集中的 FHIR Store。

healthcare.datasets.get

healthcare.datasets.list

healthcare.fhirStores.get

healthcare.fhirStores.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare FHIR 存放區管理員

(roles/healthcare.fhirStoreAdmin)

可管理 FHIR 資源存放區。

healthcare.datasets.get

healthcare.datasets.list

healthcare.fhirResources.purge

healthcare.fhirStores.applyConsents

healthcare.fhirStores.configureSearch

healthcare.fhirStores.create

healthcare.fhirStores.deidentify

healthcare.fhirStores.delete

healthcare.fhirStores.deleteFhirOperation

healthcare.fhirStores.explainDataAccess

healthcare.fhirStores.export

healthcare.fhirStores.get

healthcare.fhirStores.getFhirOperation

healthcare.fhirStores.getIamPolicy

healthcare.fhirStores.import

healthcare.fhirStores.list

healthcare.fhirStores.rollback

healthcare.fhirStores.setIamPolicy

healthcare.fhirStores.update

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.cancel

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare FHIR 資源讀取者

(roles/healthcare.fhirResourceReader)

讀取及搜尋 FHIR 資源。

healthcare.datasets.get

healthcare.datasets.list

healthcare.fhirResources.get

healthcare.fhirResources.translateConceptMap

healthcare.fhirStores.executeBundle

healthcare.fhirStores.get

healthcare.fhirStores.list

healthcare.fhirStores.searchResources

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare FHIR 資源編輯者

(roles/healthcare.fhirResourceEditor)

建立、刪除、更新、讀取及搜尋 FHIR 資源。

healthcare.datasets.get

healthcare.datasets.list

healthcare.fhirResources.create

healthcare.fhirResources.delete

healthcare.fhirResources.get

healthcare.fhirResources.patch

healthcare.fhirResources.translateConceptMap

healthcare.fhirResources.update

healthcare.fhirStores.executeBundle

healthcare.fhirStores.get

healthcare.fhirStores.list

healthcare.fhirStores.searchResources

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.cancel

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

HL7v2 儲存庫角色

HL7v2 儲存庫角色權限

HL7v2 儲存庫角色	權限
Healthcare HL7v2 Store 檢視者 (`roles/healthcare.hl7V2StoreViewer`) 可檢視資料集中的 HL7v2 Store。	`healthcare.datasets.get` `healthcare.datasets.list` `healthcare.hl7V2Stores.get` `healthcare.hl7V2Stores.list` `healthcare.locations.*` `healthcare.locations.get` `healthcare.locations.list` `healthcare.operations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Healthcare HL7v2 Store 管理員 (`roles/healthcare.hl7V2StoreAdmin`) 可管理 HL7v2 Store。	`healthcare.datasets.get` `healthcare.datasets.list` `healthcare.hl7V2Stores.` `healthcare.hl7V2Stores.create` `healthcare.hl7V2Stores.delete` `healthcare.hl7V2Stores.export` `healthcare.hl7V2Stores.get` `healthcare.hl7V2Stores.getIamPolicy` `healthcare.hl7V2Stores.import` `healthcare.hl7V2Stores.list` `healthcare.hl7V2Stores.rollback` `healthcare.hl7V2Stores.setIamPolicy` `healthcare.hl7V2Stores.update` `healthcare.locations.` `healthcare.locations.get` `healthcare.locations.list` `healthcare.operations.cancel` `healthcare.operations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Healthcare HL7v2 訊息擷取者 (`roles/healthcare.hl7V2Ingest`) 可擷取來源網路發送的 HL7v2 訊息。	`healthcare.datasets.get` `healthcare.datasets.list` `healthcare.hl7V2Messages.ingest` `healthcare.hl7V2Stores.get` `healthcare.hl7V2Stores.list` `healthcare.locations.*` `healthcare.locations.get` `healthcare.locations.list` `healthcare.operations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Healthcare HL7v2 訊息使用者 (`roles/healthcare.hl7V2Consumer`) 可列出和讀取 HL7v2 訊息、更新訊息標籤及發布新訊息。	`healthcare.datasets.get` `healthcare.datasets.list` `healthcare.hl7V2Messages.create` `healthcare.hl7V2Messages.get` `healthcare.hl7V2Messages.list` `healthcare.hl7V2Messages.update` `healthcare.hl7V2Stores.get` `healthcare.hl7V2Stores.list` `healthcare.locations.*` `healthcare.locations.get` `healthcare.locations.list` `healthcare.operations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Healthcare HL7v2 訊息編輯者 (`roles/healthcare.hl7V2Editor`) 具備 HL7v2 訊息的讀取、寫入及刪除存取權。	`healthcare.datasets.get` `healthcare.datasets.list` `healthcare.hl7V2Messages.` `healthcare.hl7V2Messages.create` `healthcare.hl7V2Messages.delete` `healthcare.hl7V2Messages.get` `healthcare.hl7V2Messages.ingest` `healthcare.hl7V2Messages.list` `healthcare.hl7V2Messages.update` `healthcare.hl7V2Stores.get` `healthcare.hl7V2Stores.list` `healthcare.locations.` `healthcare.locations.get` `healthcare.locations.list` `healthcare.operations.cancel` `healthcare.operations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`

Healthcare HL7v2 Store 檢視者

(roles/healthcare.hl7V2StoreViewer)

可檢視資料集中的 HL7v2 Store。

healthcare.datasets.get

healthcare.datasets.list

healthcare.hl7V2Stores.get

healthcare.hl7V2Stores.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare HL7v2 Store 管理員

(roles/healthcare.hl7V2StoreAdmin)

可管理 HL7v2 Store。

healthcare.datasets.get

healthcare.datasets.list

healthcare.hl7V2Stores.*

healthcare.hl7V2Stores.create
healthcare.hl7V2Stores.delete
healthcare.hl7V2Stores.export
healthcare.hl7V2Stores.get
healthcare.hl7V2Stores.getIamPolicy
healthcare.hl7V2Stores.import
healthcare.hl7V2Stores.list
healthcare.hl7V2Stores.rollback
healthcare.hl7V2Stores.setIamPolicy
healthcare.hl7V2Stores.update

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.cancel

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare HL7v2 訊息擷取者

(roles/healthcare.hl7V2Ingest)

可擷取來源網路發送的 HL7v2 訊息。

healthcare.datasets.get

healthcare.datasets.list

healthcare.hl7V2Messages.ingest

healthcare.hl7V2Stores.get

healthcare.hl7V2Stores.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare HL7v2 訊息使用者

(roles/healthcare.hl7V2Consumer)

可列出和讀取 HL7v2 訊息、更新訊息標籤及發布新訊息。

healthcare.datasets.get

healthcare.datasets.list

healthcare.hl7V2Messages.create

healthcare.hl7V2Messages.get

healthcare.hl7V2Messages.list

healthcare.hl7V2Messages.update

healthcare.hl7V2Stores.get

healthcare.hl7V2Stores.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare HL7v2 訊息編輯者

(roles/healthcare.hl7V2Editor)

具備 HL7v2 訊息的讀取、寫入及刪除存取權。

healthcare.datasets.get

healthcare.datasets.list

healthcare.hl7V2Messages.*

healthcare.hl7V2Messages.create
healthcare.hl7V2Messages.delete
healthcare.hl7V2Messages.get
healthcare.hl7V2Messages.ingest
healthcare.hl7V2Messages.list
healthcare.hl7V2Messages.update

healthcare.hl7V2Stores.get

healthcare.hl7V2Stores.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.cancel

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare Natural Language API 角色

Healthcare Natural Language API 角色權限

Healthcare Natural Language API 角色	權限
醫療照護自然語言處理服務檢視者 ^{Beta 版} (`roles/healthcare.nlpServiceViewer`) 從指定的文字中擷取及分析醫學實體。	`healthcare.locations.*` `healthcare.locations.get` `healthcare.locations.list` `healthcare.nlpservice.analyzeEntities` `resourcemanager.projects.get` `resourcemanager.projects.list`

醫療照護自然語言處理服務檢視者 ^{Beta 版}

(roles/healthcare.nlpServiceViewer)

從指定的文字中擷取及分析醫學實體。

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.nlpservice.analyzeEntities

resourcemanager.projects.get

resourcemanager.projects.list

Cloud Healthcare 服務代理人

Cloud Healthcare Service Agent 是專案中共用的服務帳戶，Cloud Healthcare API 會使用這個帳戶與Google Cloud中的其他資源互動。

舉例來說，這個服務代理程式可用於讀取及寫入 Cloud Storage 值區、寫入 BigQuery，以及從 Cloud Healthcare API 將訊息發布至 Pub/Sub。

如要執行上述任何動作，您必須授予Cloud Healthcare 服務代理相關 Cloud Storage bucket、BigQuery 資料集或 Pub/Sub 主題的存取權。

為專案建立權限模型時，請注意，授予下列任一角色，使用者就能以 Cloud Healthcare 服務代理的身分叫用作業，並存取該代理可存取的任何資料：

roles/healthcare.consentStoreAdmin
roles/healthcare.consentStoreViewer
roles/healthcare.dicomStoreEditor
roles/healthcare.dicomStoreViewer
roles/healthcare.fhirStoreAdmin
roles/healthcare.hl7V2StoreAdmin

同樣地，將下列權限指派給自訂角色，也會允許使用者叫用以「Cloud Healthcare 服務代理」身分執行的作業：

healthcare.consentStores.queryAccessibleData
healthcare.dicomStores.create
healthcare.dicomStores.update
healthcare.dicomStores.import
healthcare.dicomStores.export
healthcare.fhirStores.create
healthcare.fhirStores.update
healthcare.fhirStores.import
healthcare.fhirStores.export
healthcare.hl7V2Stores.create
healthcare.hl7V2Stores.update

例如：

如果使用者具備任何匯入權限，且作業會存取 Cloud Healthcare Service Agent 具有讀取權限的任何 Cloud Storage 值區，則使用者可以執行作業，充當 Cloud Healthcare Service Agent。
如果使用者具備任何匯出權限，且作業會存取服務代理程式具有寫入權限的任何值區，則使用者可以執行作業，充當 Cloud Healthcare Service Agent。
如果使用者具備建立或更新資料儲存庫的權限，就能設定 Pub/Sub 通知目標或 BigQuery 串流目的地，在資料儲存庫變更時，由 Cloud Healthcare Service Agent 傳送通知。

最佳做法是利用多個專案，進一步隔離授予 Cloud Healthcare 服務代理程式的權限。

使用 IAM 控管存取權

總覽

權限

同意聲明儲存庫方法

資料集方法

DICOM 儲存庫方法

FHIR 儲存庫方法

HL7v2 儲存庫方法

位置方法

Healthcare Natural Language API 方法

操作方法

去識別化方法

角色

同意聲明儲存庫角色

Healthcare Consent Store Viewer

Healthcare 同意聲明庫管理員

同意聲明角色

Healthcare 屬性定義讀取者

Healthcare 屬性定義編輯者

Healthcare 同意聲明構件讀取者

Healthcare 同意聲明構件編輯者

Healthcare Consent Artifact Administrator

Healthcare Consent Reader

Healthcare 同意聲明編輯者

Healthcare 使用者資料對應關係讀取者

Healthcare 使用者資料對應關係編輯者

資料集角色

Healthcare 資料集檢視者

Healthcare 資料集管理員

DICOM 儲存庫角色

Healthcare DICOM Store 檢視者

Healthcare DICOM 存放區管理員

Healthcare DICOM 檢視者

Healthcare DICOM 編輯者

FHIR 儲存庫角色

Healthcare FHIR Store 檢視者

Healthcare FHIR 存放區管理員

Healthcare FHIR 資源讀取者

Healthcare FHIR 資源編輯者

HL7v2 儲存庫角色

Healthcare HL7v2 Store 檢視者

Healthcare HL7v2 Store 管理員

Healthcare HL7v2 訊息擷取者

Healthcare HL7v2 訊息使用者

Healthcare HL7v2 訊息編輯者

Healthcare Natural Language API 角色

醫療照護自然語言處理服務檢視者 Beta 版

Cloud Healthcare 服務代理人

醫療照護自然語言處理服務檢視者 ^{Beta 版}