Sebelum memulai
Siapkan konfigurasi dan resource penyimpanan FHIR yang diperlukan serta terapkan kontrol akses. Untuk mengetahui informasi selengkapnya, lihat Mengontrol akses ke resource FHIR.
Ringkasan
Metode
ExplainDataAccess
memungkinkan Anda mengetahui aktor mana yang memiliki akses ke resource
tertentu berdasarkan izin dan kebijakan
yang diterapkan.
Metode
ExplainDataAccess
dapat membantu Anda menjawab pertanyaan seperti ini:
- Siapa yang dapat mengakses resource tertentu?
- Untuk tujuan apa aktor ini dapat mengakses resource ini?
- Apa resource Izin yang menerapkan akses tersebut?
Memahami akses data
Untuk menggunakan
ExplainDataAccess,
teruskan ID resource yang diinginkan. Respons memberikan daftar
cakupan izin
(pelaku, tujuan, lingkungan) yang diizinkan atau ditolak untuk mengakses
resource yang disediakan. Pengecualian untuk cakupan izin dicantumkan di kolom ExplainDataAccessConsentScope.exceptions. Pengecualian dapat terjadi jika satu kebijakan mengizinkan actor mengakses
Observation/ob1 untuk tujuan apa pun, sementara ada kebijakan penolakan yang menolak
actor mengakses resource ini dengan tujuan research. Setiap cakupan izin
berisi informasi tentang resource izin yang menerapkan akses tersebut melalui
ExplainDataAccessConsentScope.enforcing_consents,
hal ini membantu Anda memahami detail izin yang diterapkan dan berlaku di
resource ini.
Ada batas 1.000 perintah izin izinkan dan 1.000 perintah izin tolak. Batas ini membatasi jumlah cakupan izin yang diterapkan ke resource tertentu. Jika jumlah cakupan izin melebihi batas, kolom ExplainDataAccessResponse.warning akan berisi pesan yang relevan.
Berikut adalah contoh permintaan yang menjelaskan akses data untuk resource tertentu:
curl -X GET \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "Content-Type: application/json" \ "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID:explainDataAccess?resource_id=Observation/7473784b-46a8-470c-b9a6-fe38a01025aa"
Anda akan melihat respons JSON seperti berikut:
{ "consentScopes":[ { "decision":"CONSENT_DECISION_TYPE_PERMIT", "enforcingConsents":[ { "consentResource":"projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Consent/73c54e8d-2789-403b-9dee-13085c5d5e34", "type":"CONSENT_POLICY_TYPE_PATIENT", "enforcementTime":"2024-02-09T02:48:02.721589Z", "patientConsentOwner":"projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/3c6aa096-c054-4c22-b2b4-1e4a4d203de2", "matchingAccessorScopes":[ { "actor":"Practitioner/12942879-f89f-41ae-aa80-0b911b649833", "purpose":"v3/ETREAT", "environment":"*" } ] } ], "accessorScope":{ "actor":"Practitioner/12942879-f89f-41ae-aa80-0b911b649833", "purpose":"v3/ETREAT", "environment":"*" } }, { "decision":"CONSENT_DECISION_TYPE_PERMIT", "enforcingConsents":[ { "consentResource":"projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Consent/10998b60-a252-405f-aa47-0702554ddc8e", "type":"CONSENT_POLICY_TYPE_PATIENT", "enforcementTime":"2024-02-09T02:48:02.721589Z", "patientConsentOwner":"projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/3c6aa096-c054-4c22-b2b4-1e4a4d203de2", "matchingAccessorScopes":[ { "actor":"Practitioner/12942879-f89f-41ae-aa80-0b911b649833", "purpose":"*", "environment":"App/123" } ] } ], "accessorScope":{ "actor":"Practitioner/12942879-f89f-41ae-aa80-0b911b649833", "purpose":"*", "environment":"App/123" } }, { "decision":"CONSENT_DECISION_TYPE_PERMIT", "enforcingConsents":[ { "consentResource":"projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Consent/5c8e3f8a-9fd5-480d-a08e-f29b89feccde", "type":"CONSENT_POLICY_TYPE_ADMIN", "enforcementTime":"2024-02-09T02:50:03.973252Z", "matchingAccessorScopes":[ { "actor":"Practitioner/12942879-f89f-41ae-aa80-0b911b649833", "purpose":"v3/BIORCH", "environment":"App/golden" } ] } ], "accessorScope":{ "actor":"Practitioner/12942879-f89f-41ae-aa80-0b911b649833", "purpose":"v3/BIORCH", "environment":"App/golden" } } ] }
Dalam contoh ini, Akses berikut diizinkan:
Practitioner/12942879-f89f-41ae-aa80-0b911b649833dengan tujuanv3/ETREATdi semua lingkungan, yang diberikan oleh izin pasien.Practitioner/12942879-f89f-41ae-aa80-0b911b649833dengan semua tujuan di lingkunganApp/123, yang diberikan oleh izin pasien.Practitioner/12942879-f89f-41ae-aa80-0b911b649833dengan tujuanv3/BIORCHdi lingkunganApp/golden, yang diberikan oleh izin admin.
Contoh Respons ExplainDataAccess Tambahan
{ "consentScopes":[ { "decision":"CONSENT_DECISION_TYPE_PERMIT", "accessorScope":{ "actor":"Practitioner/doctor", "purpose":"*", "environment":"*" }, "enforcingConsents":[ { "consentResource":"projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Consent/pc1", "type":"CONSENT_POLICY_TYPE_PATIENT", "enforcementTime":"2024-01-02T14:10:55.271144Z", "patientConsentOwner":"projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/p1", "matchingAccessorScopes":[ { "actor":"Practitioner/doctor", "purpose":"*", "environment":"*" } ] } ], "exceptions":[ { "decision":"CONSENT_DECISION_TYPE_DENY", "accessorScope":{ "actor":"Practitioner/doctor", "purpose":"v3/TREAT", "environment":"*" }, "enforcingConsents":[ { "consentResource":"projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Consent/ac1", "type":"CONSENT_POLICY_TYPE_ADMIN", "enforcementTime":"2024-01-02T14:10:55.229196Z", "matchingAccessorScopes":[ { "actor":"Practitioner/doctor", "purpose":"v3/TREAT", "environment":"*" } ] }, { "consentResource":"projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Consent/ac1-dup", "type":"CONSENT_POLICY_TYPE_ADMIN", "variants":["CONSENT_VARIANT_CASCADE"], "enforcementTime":"2024-01-02T14:10:55.229196Z", "cascadeOrigins":[ "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/p1" ], "matchingAccessorScopes":[ { "actor":"Practitioner/doctor", "purpose":"v3/TREAT", "environment":"*" } ] } ] } ] }, { "decision":"CONSENT_DECISION_TYPE_DENY", "accessorScope":{ "actor":"Practitioner/doctor", "purpose":"v3/TREAT", "environment":"*" }, "enforcingConsents":[ { "consentResource":"projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Consent/ac1", "type":"CONSENT_POLICY_TYPE_ADMIN", "enforcementTime":"2024-01-02T14:10:55.229196Z", "matchingAccessorScopes":[ { "actor":"Practitioner/doctor", "purpose":"v3/TREAT", "environment":"*" } ] }, { "consentResource":"projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Consent/ac1-dup", "type":"CONSENT_POLICY_TYPE_ADMIN", "variants":["CONSENT_VARIANT_CASCADE"], "enforcementTime":"2024-01-02T14:10:55.229196Z", "cascadeOrigins":[ "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/p1" ], "matchingAccessorScopes":[ { "actor":"Practitioner/doctor", "purpose":"v3/TREAT", "environment":"*" } ] } ] } ] }
Dalam contoh ini, Practitioner/doctor diizinkan untuk mengakses resource di
semua lingkungan dan untuk semua tujuan kecuali v3/TREAT . Kebijakan penerapan izin
adalah izin pasien Consent/pc1 , dan kebijakan penerapan izin
adalah kebijakan admin (Consent/ac1 dan Consent/ac1-dup ).
Consent/ac1-dup adalah kebijakan cascading admin yang cocok dengan pemilik resource
Patient/p1 .