Method: consentStores.queryAccessibleData

Full name: projects.locations.datasets.consentStores.queryAccessibleData

Queries all data_ids that are consented for a specified use in the given consent store and writes them to a specified destination.

The returned Operation includes a progress counter for the number of User data mappings processed.

If the request is successful, a detailed response is returned of type QueryAccessibleDataResponse, contained in the [response][google.longrunning.Operation.result.response] field when the operation finishes. The metadata field type is OperationMetadata.

Errors are logged to Cloud Logging (see Viewing error logs in Cloud Logging). For example, the following sample log entry shows a failed to evaluate consent policy error that occurred during a consentStores.queryAccessibleData call to consent store projects/{projectId}/locations/{locationId}/datasets/{datasetId}/consentStores/{consentStoreId}.

jsonPayload: {
  @type:
  "type.googleapis.com/google.cloud.healthcare.logging.QueryAccessibleDataLogEntry"
  error: {
    code:  9
    message:  "failed to evaluate consent policy"
  }
  resourceName:
  "projects/{projectId}/locations/{locationId}/datasets/{datasetId}/consentStores/{consentStoreId}/consents/{consentId}"
}
logName:
"projects/{projectId}/logs/healthcare.googleapis.com%2Fquery_accessible_data"
operation: {
  id:
  "projects/{projectId}/locations/{locationId}/datasets/{datasetId}/operations/{operation_id}"
  producer:  "healthcare.googleapis.com/consentStores.queryAccessibleData"
}
receiveTimestamp:  "TIMESTAMP"
resource: {
  labels: {
    consentStoreId:  "{consentStoreId}"
    datasetId:  "{datasetId}"
    location:  "{locationId}"
    projectId:  "{projectId}"
  }
  type:  "healthcare_consent_store"
}
severity:  "ERROR"
timestamp:  "TIMESTAMP"

HTTP request

POST https://healthcare.googleapis.com/v1beta1/{consentStore=projects/*/locations/*/datasets/*/consentStores/*}:queryAccessibleData

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters
consentStore

string

Required. Name of the consent store to retrieve User data mappings from.

Authorization requires the following IAM permission on the specified resource consentStore:

  • healthcare.consentStores.queryAccessibleData

Request body

The request body contains data with the following structure:

JSON representation
{
  "resourceAttributes": {
    string: string,
    ...
  },
  "requestAttributes": {
    string: string,
    ...
  },

  // Union field destination can be only one of the following:
  "gcsDestination": {
    object(GcsDestination)
  }
  // End of list of possible types for union field destination.
}
Fields
resourceAttributes

map (key: string, value: string)

Optional. The values of resource attributes associated with the type of resources being requested. If no values are specified, then all resource types are included in the output.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.

requestAttributes

map (key: string, value: string)

The values of request attributes associated with this access request.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.

Union field destination. Required. The output destination of the result file. destination can be only one of the following:
gcsDestination

object(GcsDestination)

The Cloud Storage destination. The Cloud Healthcare API service account must have the roles/storage.objectAdmin Cloud IAM role for this Cloud Storage location.

The object name is in the following format:

query-accessible-data-result-{operation_id}.txt

where each line contains a single dataId.

Response body

If successful, the response body contains an instance of Operation.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GcsDestination

The Cloud Storage location for export.

JSON representation
{
  "uriPrefix": string
}
Fields
uriPrefix

string

URI for a Cloud Storage directory where the server writes result files, in the format gs://{bucket-id}/{path/to/destination/dir}. If there is no trailing slash, the service appends one when composing the object path. The user is responsible for creating the Cloud Storage bucket and directory referenced in uriPrefix.