Method: fhirStores.explainDataAccess

Full name: projects.locations.datasets.fhirStores.explainDataAccess

Explains all the permitted/denied actor, purpose and environment for a given resource.

HTTP request

GET https://healthcare.googleapis.com/v1beta1/{name=projects/*/locations/*/datasets/*/fhirStores/*}:explainDataAccess

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters
name

string

Required. The name of the FHIR store to enforce, in the format projects/{projectId}/locations/{locationId}/datasets/{datasetId}/fhirStores/{fhirStoreId}.

Authorization requires the following IAM permission on the specified resource name:

  • healthcare.fhirStores.explainDataAccess

Query parameters

Parameters
resourceId

string

Required. The ID({resourceType}/{id}) of the resource to explain data access on.

Request body

The request body must be empty.

Response body

List of consent scopes that are applicable to the explained access on a given resource.

If successful, the response body contains data with the following structure:

JSON representation
{
  "consentScopes": [
    {
      object(ExplainDataAccessConsentScope)
    }
  ],
  "warning": string
}
Fields
consentScopes[]

object(ExplainDataAccessConsentScope)

List of applicable consent scopes. Sorted in order of actor such that scopes belonging to the same actor will be adjacent to each other in the list.

warning

string

Warnings associated with this response. It inform user with exceeded scope limit errors.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ExplainDataAccessConsentScope

A single consent scope that provides info on who has access to the requested resource scope for a particular purpose and environment, enforced by which consent.

JSON representation
{
  "decision": enum(ConsentDecisionType),
  "enforcingConsents": [
    {
      object(ExplainDataAccessConsentInfo)
    }
  ],
  "exceptions": [
    {
      object(ExplainDataAccessConsentScope)
    }
  ],
  "accessorScope": {
    object(ConsentAccessorScope)
  }
}
Fields
decision

enum(ConsentDecisionType)

Whether the current consent scope is permitted or denied access on the requested resource.

enforcingConsents[]

object(ExplainDataAccessConsentInfo)

Metadata of the consent resources that enforce the consent scope's access.

exceptions[]

object(ExplainDataAccessConsentScope)

Other consent scopes that created exceptions within this scope.

accessorScope

object(ConsentAccessorScope)

The accessor scope that describes who can access, for what purpose, and in which environment.

ConsentDecisionType

List of consent decision outcomes.

Enums
CONSENT_DECISION_TYPE_UNSPECIFIED Unspecified consent decision type.
CONSENT_DECISION_TYPE_PERMIT Consent permitted access.
CONSENT_DECISION_TYPE_DENY Consent denied access.

ExplainDataAccessConsentInfo

The enforcing consent's metadata.

JSON representation
{
  "consentResource": string,
  "type": enum(ConsentPolicyType),
  "variants": [
    enum(ConsentVariant)
  ],
  "enforcementTime": string,
  "patientConsentOwner": string,
  "cascadeOrigins": [
    string
  ],
  "matchingAccessorScopes": [
    {
      object(ConsentAccessorScope)
    }
  ]
}
Fields
consentResource

string

The resource name of this consent resource, in the format: projects/{projectId}/locations/{location}/datasets/{datasetId}/fhirStores/{fhirStoreId}/fhir/Consent/{resourceId}.

type

enum(ConsentPolicyType)

The policy type of consent resource (e.g. PATIENT, ADMIN).

variants[]

enum(ConsentVariant)

The consent's variant combinations. A single consent may have multiple variants.

enforcementTime

string(Timestamp format)

Last enforcement timestamp of this consent resource.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

cascadeOrigins[]

string

The compartment base resources that matched a cascading policy. Each resource has the following format: projects/{projectId}/locations/{locationId}/datasets/{datasetId}/fhirStores/{fhirStoreId}/fhir/{resourceType}/{resourceId}

matchingAccessorScopes[]

object(ConsentAccessorScope)

A list of all the matching accessor scopes of this consent policy that enforced ExplainDataAccessConsentScope.accessor_scope.

ConsentPolicyType

List of consent policy types.

Enums
CONSENT_POLICY_TYPE_UNSPECIFIED Unspecified policy type.
CONSENT_POLICY_TYPE_PATIENT Consent represent a patient consent.
CONSENT_POLICY_TYPE_ADMIN Consent represent an admin consent.

ConsentVariant

List of consent policy variants.

Enums
CONSENT_VARIANT_UNSPECIFIED Consent variant unspecified.
CONSENT_VARIANT_STANDARD Consent is a standard patient or admin consent.
CONSENT_VARIANT_CASCADE Consent is a cascading consent.

ConsentAccessorScope

The accessor scope that describes who can access, for what purpose, in which environment.

JSON representation
{
  "actor": string,
  "purpose": string,
  "environment": string
}
Fields
actor

string

An individual, group, or access role that identifies the accessor or a characteristic of the accessor. This can be a resource ID (such as {resourceType}/{id}) or an external URI. This value must be present.

purpose

string

The intent of data use. Can be "*" if it applies to all purposes.

environment

string

An abstract identifier that describes the environment or conditions under which the accessor is acting. Can be "*" if it applies to all environments.