Sebelum memulai
Siapkan konfigurasi penyimpanan dan resource FHIR yang diperlukan serta terapkan kontrol akses. Untuk mengetahui informasi selengkapnya, lihat Mengontrol akses ke resource FHIR.
Ringkasan
Metode ExplainDataAccess memungkinkan Anda mengetahui aktor yang memiliki akses ke resource tertentu berdasarkan kebijakan dan izin yang diterapkan.
Metode
ExplainDataAccess
dapat membantu Anda menjawab pertanyaan seperti berikut:
- Siapa yang dapat mengakses resource yang diberikan?
- Untuk tujuan apa pelaku ini dapat mengakses sumber daya ini?
- Apa saja Resource izin yang menerapkan akses tersebut?
Memahami akses data
Untuk menggunakan
ExplainDataAccess,
teruskan ID resource yang diinginkan. Respons ini memberikan daftar cakupan izin (pelaku, tujuan, lingkungan) yang diizinkan atau ditolak untuk mengakses resource yang disediakan. Pengecualian untuk cakupan izin tercantum di kolom ExplainDataAccessConsentScope.exceptions. Pengecualian dapat terjadi jika satu kebijakan mengizinkan actor mengakses
Observation/ob1 untuk tujuan apa pun, sementara ada kebijakan penolakan yang menolak
actor mengakses resource ini dengan tujuan research. Setiap cakupan izin berisi informasi tentang resource izin yang menerapkan akses tersebut melalui ExplainDataAccessConsentScope.enforcing_consents,
hal ini membantu Anda memahami detail izin yang diterapkan dan berlaku pada
resource ini.
Ada batas 1.000 perintah izin dan 1.000 perintah penolakan izin. Batas ini membatasi jumlah cakupan izin yang diterapkan ke resource tertentu. Jika jumlah cakupan izin melebihi batas, kolom ExplainDataAccessResponse.warning akan berisi pesan yang relevan.
Berikut adalah contoh permintaan yang menjelaskan akses data untuk resource tertentu:
curl -X GET \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "Content-Type: application/json" \ "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID?resource_id=Observation/7473784b-46a8-470c-b9a6-fe38a01025aa"
Anda akan melihat respons JSON seperti berikut:
{ "consentScopes":[ { "decision":"CONSENT_DECISION_TYPE_PERMIT", "enforcingConsents":[ { "consentResource":"projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Consent/73c54e8d-2789-403b-9dee-13085c5d5e34", "type":"CONSENT_POLICY_TYPE_PATIENT", "enforcementTime":"2024-02-09T02:48:02.721589Z", "patientConsentOwner":"projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/3c6aa096-c054-4c22-b2b4-1e4a4d203de2", "matchingAccessorScopes":[ { "actor":"Practitioner/12942879-f89f-41ae-aa80-0b911b649833", "purpose":"v3/ETREAT", "environment":"*" } ] } ], "accessorScope":{ "actor":"Practitioner/12942879-f89f-41ae-aa80-0b911b649833", "purpose":"v3/ETREAT", "environment":"*" } }, { "decision":"CONSENT_DECISION_TYPE_PERMIT", "enforcingConsents":[ { "consentResource":"projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Consent/10998b60-a252-405f-aa47-0702554ddc8e", "type":"CONSENT_POLICY_TYPE_PATIENT", "enforcementTime":"2024-02-09T02:48:02.721589Z", "patientConsentOwner":"projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/3c6aa096-c054-4c22-b2b4-1e4a4d203de2", "matchingAccessorScopes":[ { "actor":"Practitioner/12942879-f89f-41ae-aa80-0b911b649833", "purpose":"*", "environment":"App/123" } ] } ], "accessorScope":{ "actor":"Practitioner/12942879-f89f-41ae-aa80-0b911b649833", "purpose":"*", "environment":"App/123" } }, { "decision":"CONSENT_DECISION_TYPE_PERMIT", "enforcingConsents":[ { "consentResource":"projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Consent/5c8e3f8a-9fd5-480d-a08e-f29b89feccde", "type":"CONSENT_POLICY_TYPE_ADMIN", "enforcementTime":"2024-02-09T02:50:03.973252Z", "matchingAccessorScopes":[ { "actor":"Practitioner/12942879-f89f-41ae-aa80-0b911b649833", "purpose":"v3/BIORCH", "environment":"App/golden" } ] } ], "accessorScope":{ "actor":"Practitioner/12942879-f89f-41ae-aa80-0b911b649833", "purpose":"v3/BIORCH", "environment":"App/golden" } } ] }
Pada contoh ini, akses berikut diizinkan:
Practitioner/12942879-f89f-41ae-aa80-0b911b649833dengan tujuanv3/ETREATdi semua lingkungan, yang diberikan dengan izin pasien.Practitioner/12942879-f89f-41ae-aa80-0b911b649833dengan semua tujuan di lingkunganApp/123, yang diberikan dengan izin pasien.Practitioner/12942879-f89f-41ae-aa80-0b911b649833dengan tujuanv3/BIORCHdi lingkunganApp/golden, yang diberikan oleh izin admin.
Contoh Respons ExplainDataAccess Tambahan
{ "consentScopes":[ { "decision":"CONSENT_DECISION_TYPE_PERMIT", "accessorScope":{ "actor":"Practitioner/doctor", "purpose":"*", "environment":"*" }, "enforcingConsents":[ { "consentResource":"projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Consent/pc1", "type":"CONSENT_POLICY_TYPE_PATIENT", "enforcementTime":"2024-01-02T14:10:55.271144Z", "patientConsentOwner":"projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/p1", "matchingAccessorScopes":[ { "actor":"Practitioner/doctor", "purpose":"*", "environment":"*" } ] } ], "exceptions":[ { "decision":"CONSENT_DECISION_TYPE_DENY", "accessorScope":{ "actor":"Practitioner/doctor", "purpose":"v3/TREAT", "environment":"*" }, "enforcingConsents":[ { "consentResource":"projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Consent/ac1", "type":"CONSENT_POLICY_TYPE_ADMIN", "enforcementTime":"2024-01-02T14:10:55.229196Z", "matchingAccessorScopes":[ { "actor":"Practitioner/doctor", "purpose":"v3/TREAT", "environment":"*" } ] }, { "consentResource":"projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Consent/ac1-dup", "type":"CONSENT_POLICY_TYPE_ADMIN", "variants":["CONSENT_VARIANT_CASCADE"], "enforcementTime":"2024-01-02T14:10:55.229196Z", "cascadeOrigins":[ "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/p1" ], "matchingAccessorScopes":[ { "actor":"Practitioner/doctor", "purpose":"v3/TREAT", "environment":"*" } ] } ] } ] }, { "decision":"CONSENT_DECISION_TYPE_DENY", "accessorScope":{ "actor":"Practitioner/doctor", "purpose":"v3/TREAT", "environment":"*" }, "enforcingConsents":[ { "consentResource":"projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Consent/ac1", "type":"CONSENT_POLICY_TYPE_ADMIN", "enforcementTime":"2024-01-02T14:10:55.229196Z", "matchingAccessorScopes":[ { "actor":"Practitioner/doctor", "purpose":"v3/TREAT", "environment":"*" } ] }, { "consentResource":"projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Consent/ac1-dup", "type":"CONSENT_POLICY_TYPE_ADMIN", "variants":["CONSENT_VARIANT_CASCADE"], "enforcementTime":"2024-01-02T14:10:55.229196Z", "cascadeOrigins":[ "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/p1" ], "matchingAccessorScopes":[ { "actor":"Practitioner/doctor", "purpose":"v3/TREAT", "environment":"*" } ] } ] } ] }
Dalam contoh ini, Practitioner/doctor diizinkan mengakses resource di
semua lingkungan dan untuk semua tujuan kecuali untuk v3/TREAT . Kebijakan yang memberlakukan izin adalah izin pasien Consent/pc1 , dan kebijakan penerapan izin adalah kebijakan admin (Consent/ac1 dan Consent/ac1-dup).
Consent/ac1-dup adalah kebijakan menurun admin yang cocok dengan pemilik resource
Patient/p1 .