Creating and managing consent stores

Stay organized with collections Save and categorize content based on your preferences.

This page shows how to create and manage consent stores.

The Consent Management API is a tool for recording user consents, managing actions based on those consents, and maintaining associated documentation and records.

The organization using the Consent Management API is responsible for obtaining and maintaining the required consents necessary to permit the processing of any data through the Consent Management API.

The Consent Management API fulfills the role of a policy decision point. Policy enforcement must be implemented in the application or through a proxy. For more information, see Attribute-based access control.

Set up permissions

To use the features in this guide, you must have the roles/healthcare.consentStoreAdmin role. However, to perform additional useful operations with the Consent Management API, additional permissions might be required. See Access control for more details.

Consent stores are the top-level resources that contain all information related to the configuration and operation of the Consent Management API. Consent stores belong to a Cloud Healthcare API dataset, which is assigned to a region when it is created. This region is the geographic location in which your consent store operates.

The following samples show how to get details about a consent store.

Console

To view a consent store's details:

  1. In the Google Cloud console, go to the Datasets page.

    Go to the Datasets page

  2. Select the dataset containing the consent store you want to view.
  3. Click the name of the consent store.

API

To get details about a consent store, use the projects.locations.datasets.consentStores.get method.

The following samples show how to list the consent stores in a dataset.

Console

To view the data stores in a dataset:

  1. In the Google Cloud console, go to the Datasets page.

    Go to the Datasets page

  2. Click the ID of the dataset whose data stores you want to view.

API

To list the consent stores in a dataset, use the projects.locations.datasets.consentStores.list method.

After you create a consent store, you can update the default expiry duration and the labels.

The following samples show how to edit a consent store.

Console

To edit a consent store, complete the following steps:

  1. In the Google Cloud console, go to the Datasets page.

    Go to the Datasets page

  2. Select the dataset containing the consent store you want to edit.
  3. In the Data stores list, click the data store you want to edit.
  4. To edit the consent store's configuration, click the edit icon next to Consent Store Configuration.

    For more information on the consent store's configuration options, see Creating a consent store.
  5. To add one or more labels to the store, click Labels, click Add label, and enter the key/value label. For more information on resource labels, see Using resource labels.
  6. Click Save.

API

To edit a consent store, use the projects.locations.datasets.consentStores.patch method.

The following samples show how to delete a consent store.

Audit logging

The Consent Management API writes the following types of audit logs:

  • Admin Activity: record operations that modify the configuration or metadata of a resource. You can't disable Admin Activity audit logs.
  • Data Access: contain API calls that read the configuration or metadata of resources, as well as external API calls that create, modify, or read customer-provided resource data. These logs must be enabled. For example, Data Access audit logs can be used to log what service made an access determination request, what information was provided in that request, and how the API responded to that request. For more information on Data Access audit logs, see Configuring Data Access audit logs. For more information about audit logging in the Cloud Healthcare API, visit Viewing Cloud Audit Logs.

For more information on audit logs for the Consent Management API, see Viewing Cloud Audit Logs.