Method: fhirStores.explainDataAccess

Full name: projects.locations.datasets.fhirStores.explainDataAccess

Explains all the permitted/denied actor, purpose and environment for a given resource.

FHIR Consent is not supported in DSTU2 or R5.

HTTP request

GET https://healthcare.googleapis.com/v1/{name=projects/*/locations/*/datasets/*/fhirStores/*}:explainDataAccess

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters

Parameters
`name`	`string` Required. The name of the FHIR store to enforce, in the format `projects/{projectId}/locations/{locationId}/datasets/{datasetId}/fhirStores/{fhirStoreId}`. Authorization requires the following IAM permission on the specified resource `name`: `healthcare.fhirStores.explainDataAccess`

name

string

Required. The name of the FHIR store to enforce, in the format projects/{projectId}/locations/{locationId}/datasets/{datasetId}/fhirStores/{fhirStoreId}.

Authorization requires the following IAM permission on the specified resource name:

healthcare.fhirStores.explainDataAccess

Query parameters

Parameters

Parameters
`resourceId`	`string` Required. The ID(`{resourceType}/{id}`) of the resource to explain data access on.

resourceId

string

Required. The ID({resourceType}/{id}) of the resource to explain data access on.

Request body

The request body must be empty.

Response body

List of consent scopes that are applicable to the explained access on a given resource.

If successful, the response body contains data with the following structure:

JSON representation
{ "consentScopes": [ { object(`ExplainDataAccessConsentScope`) } ], "warning": string }

Fields

Fields
`consentScopes[]`	`object(ExplainDataAccessConsentScope)` List of applicable consent scopes. Sorted in order of actor such that scopes belonging to the same actor will be adjacent to each other in the list.
`warning`	`string` Warnings associated with this response. It inform user with exceeded scope limit errors.

consentScopes[]

object(ExplainDataAccessConsentScope)

List of applicable consent scopes. Sorted in order of actor such that scopes belonging to the same actor will be adjacent to each other in the list.

warning

string

Warnings associated with this response. It inform user with exceeded scope limit errors.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/cloud-healthcare
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ExplainDataAccessConsentScope

A single consent scope that provides info on who has access to the requested resource scope for a particular purpose and environment, enforced by which consent.

JSON representation

JSON representation
{ "decision": enum(`ConsentDecisionType`), "enforcingConsents": [ { object(`ExplainDataAccessConsentInfo`) } ], "exceptions": [ { object(`ExplainDataAccessConsentScope`) } ], "accessorScope": { object(`ConsentAccessorScope`) } }

{
  "decision": enum(ConsentDecisionType),
  "enforcingConsents": [
    {
      object(ExplainDataAccessConsentInfo)
    }
  ],
  "exceptions": [
    {
      object(ExplainDataAccessConsentScope)
    }
  ],
  "accessorScope": {
    object(ConsentAccessorScope)
  }
}

Fields
`decision`	`enum(ConsentDecisionType)` Whether the current consent scope is permitted or denied access on the requested resource.
`enforcingConsents[]`	`object(ExplainDataAccessConsentInfo)` Metadata of the consent resources that enforce the consent scope's access.
`exceptions[]`	`object(ExplainDataAccessConsentScope)` Other consent scopes that created exceptions within this scope.
`accessorScope`	`object(ConsentAccessorScope)` The accessor scope that describes who can access, for what purpose, and in which environment.

ConsentDecisionType

List of consent decision outcomes.

Enums
`CONSENT_DECISION_TYPE_UNSPECIFIED`	Unspecified consent decision type.
`CONSENT_DECISION_TYPE_PERMIT`	Consent permitted access.
`CONSENT_DECISION_TYPE_DENY`	Consent denied access.

ExplainDataAccessConsentInfo

The enforcing consent's metadata.

JSON representation

JSON representation
{ "consentResource": string, "type": enum(`ConsentPolicyType`), "variants": [ enum(`ConsentVariant`) ], "enforcementTime": string, "patientConsentOwner": string, "cascadeOrigins": [ string ], "matchingAccessorScopes": [ { object(`ConsentAccessorScope`) } ] }

{
  "consentResource": string,
  "type": enum(ConsentPolicyType),
  "variants": [
    enum(ConsentVariant)
  ],
  "enforcementTime": string,
  "patientConsentOwner": string,
  "cascadeOrigins": [
    string
  ],
  "matchingAccessorScopes": [
    {
      object(ConsentAccessorScope)
    }
  ]
}

Fields
`consentResource`	`string` The resource name of this consent resource, in the format: `projects/{projectId}/locations/{location}/datasets/{datasetId}/fhirStores/{fhirStoreId}/fhir/Consent/{resourceId}`.
`type`	`enum(ConsentPolicyType)` The policy type of consent resource (e.g. PATIENT, ADMIN).
`variants[]`	`enum(ConsentVariant)` The consent's variant combinations. A single consent may have multiple variants.
`enforcementTime`	`string(Timestamp format)` Last enforcement timestamp of this consent resource. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: `"2014-10-02T15:01:23Z"`, `"2014-10-02T15:01:23.045123456Z"` or `"2014-10-02T15:01:23+05:30"`.
`patientConsentOwner`	`string` The patient owning the consent (only applicable for patient consents), in the format: `projects/{projectId}/locations/{locationId}/datasets/{datasetId}/fhirStores/{fhirStoreId}/fhir/Patient/{patientId}`
`cascadeOrigins[]`	`string` The compartment base resources that matched a cascading policy. Each resource has the following format: `projects/{projectId}/locations/{locationId}/datasets/{datasetId}/fhirStores/{fhirStoreId}/fhir/{resourceType}/{resourceId}`
`matchingAccessorScopes[]`	`object(ConsentAccessorScope)` A list of all the matching accessor scopes of this consent policy that enforced ExplainDataAccessConsentScope.accessor_scope.

ConsentPolicyType

List of consent policy types.

Enums
`CONSENT_POLICY_TYPE_UNSPECIFIED`	Unspecified policy type.
`CONSENT_POLICY_TYPE_PATIENT`	Consent represent a patient consent.
`CONSENT_POLICY_TYPE_ADMIN`	Consent represent an admin consent.

ConsentVariant

List of consent policy variants.

Enums
`CONSENT_VARIANT_UNSPECIFIED`	Consent variant unspecified.
`CONSENT_VARIANT_STANDARD`	Consent is a standard patient or admin consent.
`CONSENT_VARIANT_CASCADE`	Consent is a cascading consent.

ConsentAccessorScope

The accessor scope that describes who can access, for what purpose, in which environment.

JSON representation
{ "actor": string, "purpose": string, "environment": string }

Fields

Fields
`actor`	`string` An individual, group, or access role that identifies the accessor or a characteristic of the accessor. This can be a resource ID (such as `{resourceType}/{id}`) or an external URI. This value must be present.
`purpose`	`string` The intent of data use. If it's not specified, it applies to all purposes.
`environment`	`string` An abstract identifier that describes the environment or conditions under which the accessor is acting. If it's not specified, it applies to all environments.

actor

string

An individual, group, or access role that identifies the accessor or a characteristic of the accessor. This can be a resource ID (such as {resourceType}/{id}) or an external URI. This value must be present.

purpose

string

The intent of data use. If it's not specified, it applies to all purposes.

environment

string

An abstract identifier that describes the environment or conditions under which the accessor is acting. If it's not specified, it applies to all environments.