Full name: projects.locations.datasets.fhirStores.explainDataAccess
Explains all the permitted/denied actor, purpose and environment for a given resource.
HTTP request
GET https://healthcare.googleapis.com/v1beta1/{name=projects/*/locations/*/datasets/*/fhirStores/*}:explainDataAccess
The URL uses gRPC Transcoding syntax.
Path parameters
Parameters | |
---|---|
name |
Required. The name of the FHIR store to enforce, in the format Authorization requires the following IAM permission on the specified resource
|
Query parameters
Parameters | |
---|---|
resourceId |
Required. The ID( |
Request body
The request body must be empty.
Response body
List of consent scopes that are applicable to the explained access on a given resource.
If successful, the response body contains data with the following structure:
JSON representation |
---|
{
"consentScopes": [
{
object( |
Fields | |
---|---|
consentScopes[] |
List of applicable consent scopes. Sorted in order of actor such that scopes belonging to the same actor will be adjacent to each other in the list. |
warning |
Warnings associated with this response. It inform user with exceeded scope limit errors. |
Authorization scopes
Requires one of the following OAuth scopes:
https://www.googleapis.com/auth/cloud-healthcare
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.
ExplainDataAccessConsentScope
A single consent scope that provides info on who has access to the requested resource scope for a particular purpose and environment, enforced by which consent.
JSON representation |
---|
{ "decision": enum( |
Fields | |
---|---|
decision |
Whether the current consent scope is permitted or denied access on the requested resource. |
enforcingConsents[] |
Metadata of the consent resources that enforce the consent scope's access. |
exceptions[] |
Other consent scopes that created exceptions within this scope. |
accessorScope |
The accessor scope that describes who can access, for what purpose, and in which environment. |
ConsentDecisionType
List of consent decision outcomes.
Enums | |
---|---|
CONSENT_DECISION_TYPE_UNSPECIFIED |
Unspecified consent decision type. |
CONSENT_DECISION_TYPE_PERMIT |
Consent permitted access. |
CONSENT_DECISION_TYPE_DENY |
Consent denied access. |
ExplainDataAccessConsentInfo
The enforcing consent's metadata.
JSON representation |
---|
{ "consentResource": string, "type": enum( |
Fields | |
---|---|
consentResource |
The resource name of this consent resource, in the format: |
type |
The policy type of consent resource (e.g. PATIENT, ADMIN). |
variants[] |
The consent's variant combinations. A single consent may have multiple variants. |
enforcementTime |
Last enforcement timestamp of this consent resource. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
patientConsentOwner |
The patient owning the consent (only applicable for patient consents), in the format: |
cascadeOrigins[] |
The compartment base resources that matched a cascading policy. Each resource has the following format: |
matchingAccessorScopes[] |
A list of all the matching accessor scopes of this consent policy that enforced ExplainDataAccessConsentScope.accessor_scope. |
ConsentPolicyType
List of consent policy types.
Enums | |
---|---|
CONSENT_POLICY_TYPE_UNSPECIFIED |
Unspecified policy type. |
CONSENT_POLICY_TYPE_PATIENT |
Consent represent a patient consent. |
CONSENT_POLICY_TYPE_ADMIN |
Consent represent an admin consent. |
ConsentVariant
List of consent policy variants.
Enums | |
---|---|
CONSENT_VARIANT_UNSPECIFIED |
Consent variant unspecified. |
CONSENT_VARIANT_STANDARD |
Consent is a standard patient or admin consent. |
CONSENT_VARIANT_CASCADE |
Consent is a cascading consent. |
ConsentAccessorScope
The accessor scope that describes who can access, for what purpose, in which environment.
JSON representation |
---|
{ "actor": string, "purpose": string, "environment": string } |
Fields | |
---|---|
actor |
An individual, group, or access role that identifies the accessor or a characteristic of the accessor. This can be a resource ID (such as |
purpose |
The intent of data use. Can be "*" if it applies to all purposes. |
environment |
An abstract identifier that describes the environment or conditions under which the accessor is acting. Can be "*" if it applies to all environments. |