Package google.cloud.healthcare.v1.consent

Index

ConsentService (interface)
ActivateConsentRequest (message)
ArchiveUserDataMappingRequest (message)
ArchiveUserDataMappingResponse (message)
Attribute (message)
AttributeDefinition (message)
AttributeDefinition.Category (enum)
CheckDataAccessRequest (message)
CheckDataAccessRequest.ResponseView (enum)
CheckDataAccessResponse (message)
Consent (message)
Consent.State (enum)
ConsentArtifact (message)
ConsentEvaluation (message)
ConsentEvaluation.EvaluationResult (enum)
ConsentList (message)
ConsentStore (message)
CreateAttributeDefinitionRequest (message)
CreateConsentArtifactRequest (message)
CreateConsentRequest (message)
CreateConsentStoreRequest (message)
CreateUserDataMappingRequest (message)
DeleteAttributeDefinitionRequest (message)
DeleteConsentArtifactRequest (message)
DeleteConsentRequest (message)
DeleteConsentRevisionRequest (message)
DeleteConsentStoreRequest (message)
DeleteUserDataMappingRequest (message)
EvaluateUserConsentsRequest (message)
EvaluateUserConsentsRequest.ResponseView (enum)
EvaluateUserConsentsResponse (message)
EvaluateUserConsentsResponse.Result (message)
GcsDestination (message)
GetAttributeDefinitionRequest (message)
GetConsentArtifactRequest (message)
GetConsentRequest (message)
GetConsentStoreRequest (message)
GetUserDataMappingRequest (message)
Image (message)
ListAttributeDefinitionsRequest (message)
ListAttributeDefinitionsResponse (message)
ListConsentArtifactsRequest (message)
ListConsentArtifactsResponse (message)
ListConsentRevisionsRequest (message)
ListConsentRevisionsResponse (message)
ListConsentStoresRequest (message)
ListConsentStoresResponse (message)
ListConsentsRequest (message)
ListConsentsResponse (message)
ListUserDataMappingsRequest (message)
ListUserDataMappingsResponse (message)
Policy (message)
QueryAccessibleDataRequest (message)
QueryAccessibleDataResponse (message)
RejectConsentRequest (message)
RevokeConsentRequest (message)
Signature (message)
UpdateAttributeDefinitionRequest (message)
UpdateConsentRequest (message)
UpdateConsentStoreRequest (message)
UpdateUserDataMappingRequest (message)
UserDataMapping (message)

ConsentService

ActivateConsent

ActivateConsent
`rpc ActivateConsent(ActivateConsentRequest) returns (Consent)` Activates the latest revision of the specified `Consent` by committing a new revision with `state` updated to `ACTIVE`. If the latest revision of the specified Consent is in the `ACTIVE` state, no new revision is committed. A `FAILED_PRECONDITION` error occurs if the latest revision of the specified Consent is in the `REJECTED` or `REVOKED` state. Authorization scopes Requires one of the following OAuth scopes: `https://www.googleapis.com/auth/cloud-healthcare` `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc ActivateConsent(ActivateConsentRequest) returns (Consent)

Activates the latest revision of the specified Consent by committing a new revision with state updated to ACTIVE. If the latest revision of the specified Consent is in the ACTIVE state, no new revision is committed. A FAILED_PRECONDITION error occurs if the latest revision of the specified Consent is in the REJECTED or REVOKED state.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/cloud-healthcare
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ArchiveUserDataMapping

ArchiveUserDataMapping
`rpc ArchiveUserDataMapping(ArchiveUserDataMappingRequest) returns (ArchiveUserDataMappingResponse)` Archives the specified `User data mapping`. Authorization scopes Requires one of the following OAuth scopes: `https://www.googleapis.com/auth/cloud-healthcare` `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc ArchiveUserDataMapping(ArchiveUserDataMappingRequest) returns (ArchiveUserDataMappingResponse)

Archives the specified User data mapping.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/cloud-healthcare
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

CheckDataAccess

CheckDataAccess
`rpc CheckDataAccess(CheckDataAccessRequest) returns (CheckDataAccessResponse)` Checks if a particular data_id of a `User data mapping` in the specified `consent store` is consented for the specified use. Authorization scopes Requires one of the following OAuth scopes: `https://www.googleapis.com/auth/cloud-healthcare` `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc CheckDataAccess(CheckDataAccessRequest) returns (CheckDataAccessResponse)

Checks if a particular data_id of a User data mapping in the specified consent store is consented for the specified use.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/cloud-healthcare
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

CreateAttributeDefinition

CreateAttributeDefinition
`rpc CreateAttributeDefinition(CreateAttributeDefinitionRequest) returns (AttributeDefinition)` Creates a new `Attribute definition` in the parent `consent store`. Authorization scopes Requires one of the following OAuth scopes: `https://www.googleapis.com/auth/cloud-healthcare` `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc CreateAttributeDefinition(CreateAttributeDefinitionRequest) returns (AttributeDefinition)

Creates a new Attribute definition in the parent consent store.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/cloud-healthcare
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

CreateConsent

CreateConsent
`rpc CreateConsent(CreateConsentRequest) returns (Consent)` Creates a new `Consent` in the parent `consent store`. Authorization scopes Requires one of the following OAuth scopes: `https://www.googleapis.com/auth/cloud-healthcare` `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc CreateConsent(CreateConsentRequest) returns (Consent)

Creates a new Consent in the parent consent store.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/cloud-healthcare
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

CreateConsentArtifact

CreateConsentArtifact
`rpc CreateConsentArtifact(CreateConsentArtifactRequest) returns (ConsentArtifact)` Creates a new `Consent artifact` in the parent `consent store`. Authorization scopes Requires one of the following OAuth scopes: `https://www.googleapis.com/auth/cloud-healthcare` `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc CreateConsentArtifact(CreateConsentArtifactRequest) returns (ConsentArtifact)

Creates a new Consent artifact in the parent consent store.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/cloud-healthcare
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

CreateConsentStore

CreateConsentStore
`rpc CreateConsentStore(CreateConsentStoreRequest) returns (ConsentStore)` Creates a new `consent store` in the parent dataset. Attempting to create a consent store with the same ID as an existing store fails with an ALREADY_EXISTS error. Authorization scopes Requires one of the following OAuth scopes: `https://www.googleapis.com/auth/cloud-healthcare` `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc CreateConsentStore(CreateConsentStoreRequest) returns (ConsentStore)

Creates a new consent store in the parent dataset. Attempting to create a consent store with the same ID as an existing store fails with an ALREADY_EXISTS error.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/cloud-healthcare
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

CreateUserDataMapping

CreateUserDataMapping
`rpc CreateUserDataMapping(CreateUserDataMappingRequest) returns (UserDataMapping)` Creates a new `User data mapping` in the parent `consent store`. Authorization scopes Requires one of the following OAuth scopes: `https://www.googleapis.com/auth/cloud-healthcare` `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc CreateUserDataMapping(CreateUserDataMappingRequest) returns (UserDataMapping)

Creates a new User data mapping in the parent consent store.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/cloud-healthcare
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

DeleteAttributeDefinition

DeleteAttributeDefinition
`rpc DeleteAttributeDefinition(DeleteAttributeDefinitionRequest) returns (Empty)` Deletes the specified `Attribute definition`. Fails if the Attribute definition is referenced by any `User data mapping`, or the latest revision of any `Consent`. Authorization scopes Requires one of the following OAuth scopes: `https://www.googleapis.com/auth/cloud-healthcare` `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc DeleteAttributeDefinition(DeleteAttributeDefinitionRequest) returns (Empty)

Deletes the specified Attribute definition. Fails if the Attribute definition is referenced by any User data mapping, or the latest revision of any Consent.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/cloud-healthcare
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

DeleteConsent

DeleteConsent
`rpc DeleteConsent(DeleteConsentRequest) returns (Empty)` Deletes the `Consent` and its revisions. To keep a record of the Consent but mark it inactive, see [RevokeConsent]. To delete a revision of a Consent, see [DeleteConsentRevision]. This operation does not delete the related Consent artifact. Authorization scopes Requires one of the following OAuth scopes: `https://www.googleapis.com/auth/cloud-healthcare` `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc DeleteConsent(DeleteConsentRequest) returns (Empty)

Deletes the Consent and its revisions. To keep a record of the Consent but mark it inactive, see [RevokeConsent]. To delete a revision of a Consent, see [DeleteConsentRevision]. This operation does not delete the related Consent artifact.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/cloud-healthcare
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

DeleteConsentArtifact

DeleteConsentArtifact
`rpc DeleteConsentArtifact(DeleteConsentArtifactRequest) returns (Empty)` Deletes the specified `Consent artifact`. Fails if the artifact is referenced by the latest revision of any `Consent`. Authorization scopes Requires one of the following OAuth scopes: `https://www.googleapis.com/auth/cloud-healthcare` `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc DeleteConsentArtifact(DeleteConsentArtifactRequest) returns (Empty)

Deletes the specified Consent artifact. Fails if the artifact is referenced by the latest revision of any Consent.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/cloud-healthcare
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

DeleteConsentRevision

DeleteConsentRevision
`rpc DeleteConsentRevision(DeleteConsentRevisionRequest) returns (Empty)` Deletes the specified revision of a `Consent`. An `INVALID_ARGUMENT` error occurs if the specified revision is the latest revision. Authorization scopes Requires one of the following OAuth scopes: `https://www.googleapis.com/auth/cloud-healthcare` `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc DeleteConsentRevision(DeleteConsentRevisionRequest) returns (Empty)

Deletes the specified revision of a Consent. An INVALID_ARGUMENT error occurs if the specified revision is the latest revision.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/cloud-healthcare
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

DeleteConsentStore

DeleteConsentStore
`rpc DeleteConsentStore(DeleteConsentStoreRequest) returns (Empty)` Deletes the specified `consent store` and removes all the consent store's data. Authorization scopes Requires one of the following OAuth scopes: `https://www.googleapis.com/auth/cloud-healthcare` `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc DeleteConsentStore(DeleteConsentStoreRequest) returns (Empty)

Deletes the specified consent store and removes all the consent store's data.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/cloud-healthcare
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

DeleteUserDataMapping

DeleteUserDataMapping
`rpc DeleteUserDataMapping(DeleteUserDataMappingRequest) returns (Empty)` Deletes the specified `User data mapping`. Authorization scopes Requires one of the following OAuth scopes: `https://www.googleapis.com/auth/cloud-healthcare` `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc DeleteUserDataMapping(DeleteUserDataMappingRequest) returns (Empty)

Deletes the specified User data mapping.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/cloud-healthcare
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

EvaluateUserConsents

EvaluateUserConsents
`rpc EvaluateUserConsents(EvaluateUserConsentsRequest) returns (EvaluateUserConsentsResponse)` Evaluates the user's `Consents` for all matching `User data mappings`. Note: User data mappings are indexed asynchronously, which can cause a slight delay between the time mappings are created or updated and when they are included in EvaluateUserConsents results. Authorization scopes Requires one of the following OAuth scopes: `https://www.googleapis.com/auth/cloud-healthcare` `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc EvaluateUserConsents(EvaluateUserConsentsRequest) returns (EvaluateUserConsentsResponse)

Evaluates the user's Consents for all matching User data mappings.

Note: User data mappings are indexed asynchronously, which can cause a slight delay between the time mappings are created or updated and when they are included in EvaluateUserConsents results.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/cloud-healthcare
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GetAttributeDefinition

GetAttributeDefinition
`rpc GetAttributeDefinition(GetAttributeDefinitionRequest) returns (AttributeDefinition)` Gets the specified `Attribute definition`. Authorization scopes Requires one of the following OAuth scopes: `https://www.googleapis.com/auth/cloud-healthcare` `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc GetAttributeDefinition(GetAttributeDefinitionRequest) returns (AttributeDefinition)

Gets the specified Attribute definition.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/cloud-healthcare
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GetConsent

GetConsent
`rpc GetConsent(GetConsentRequest) returns (Consent)` Gets the specified revision of a `Consent`, or the latest revision if `revision_id` is not specified in the resource name. Authorization scopes Requires one of the following OAuth scopes: `https://www.googleapis.com/auth/cloud-healthcare` `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc GetConsent(GetConsentRequest) returns (Consent)

Gets the specified revision of a Consent, or the latest revision if revision_id is not specified in the resource name.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/cloud-healthcare
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GetConsentArtifact

GetConsentArtifact
`rpc GetConsentArtifact(GetConsentArtifactRequest) returns (ConsentArtifact)` Gets the specified `Consent artifact`. Authorization scopes Requires one of the following OAuth scopes: `https://www.googleapis.com/auth/cloud-healthcare` `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc GetConsentArtifact(GetConsentArtifactRequest) returns (ConsentArtifact)

Gets the specified Consent artifact.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/cloud-healthcare
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GetConsentStore

GetConsentStore
`rpc GetConsentStore(GetConsentStoreRequest) returns (ConsentStore)` Gets the specified `consent store`. Authorization scopes Requires one of the following OAuth scopes: `https://www.googleapis.com/auth/cloud-healthcare` `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc GetConsentStore(GetConsentStoreRequest) returns (ConsentStore)

Gets the specified consent store.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/cloud-healthcare
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GetUserDataMapping

GetUserDataMapping
`rpc GetUserDataMapping(GetUserDataMappingRequest) returns (UserDataMapping)` Gets the specified `User data mapping`. Authorization scopes Requires one of the following OAuth scopes: `https://www.googleapis.com/auth/cloud-healthcare` `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc GetUserDataMapping(GetUserDataMappingRequest) returns (UserDataMapping)

Gets the specified User data mapping.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/cloud-healthcare
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ListAttributeDefinitions

ListAttributeDefinitions
`rpc ListAttributeDefinitions(ListAttributeDefinitionsRequest) returns (ListAttributeDefinitionsResponse)` Lists the `Attribute definitions` in the specified `consent store`. Authorization scopes Requires one of the following OAuth scopes: `https://www.googleapis.com/auth/cloud-healthcare` `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc ListAttributeDefinitions(ListAttributeDefinitionsRequest) returns (ListAttributeDefinitionsResponse)

Lists the Attribute definitions in the specified consent store.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/cloud-healthcare
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ListConsentArtifacts

ListConsentArtifacts
`rpc ListConsentArtifacts(ListConsentArtifactsRequest) returns (ListConsentArtifactsResponse)` Lists the `Consent artifacts` in the specified `consent store`. Authorization scopes Requires one of the following OAuth scopes: `https://www.googleapis.com/auth/cloud-healthcare` `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc ListConsentArtifacts(ListConsentArtifactsRequest) returns (ListConsentArtifactsResponse)

Lists the Consent artifacts in the specified consent store.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/cloud-healthcare
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ListConsentRevisions

ListConsentRevisions
`rpc ListConsentRevisions(ListConsentRevisionsRequest) returns (ListConsentRevisionsResponse)` Lists the revisions of the specified `Consent` in reverse chronological order. Authorization scopes Requires one of the following OAuth scopes: `https://www.googleapis.com/auth/cloud-healthcare` `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc ListConsentRevisions(ListConsentRevisionsRequest) returns (ListConsentRevisionsResponse)

Lists the revisions of the specified Consent in reverse chronological order.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/cloud-healthcare
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ListConsentStores

ListConsentStores
`rpc ListConsentStores(ListConsentStoresRequest) returns (ListConsentStoresResponse)` Lists the `consent stores` in the specified dataset. Authorization scopes Requires one of the following OAuth scopes: `https://www.googleapis.com/auth/cloud-healthcare` `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc ListConsentStores(ListConsentStoresRequest) returns (ListConsentStoresResponse)

Lists the consent stores in the specified dataset.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/cloud-healthcare
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ListConsents

ListConsents
`rpc ListConsents(ListConsentsRequest) returns (ListConsentsResponse)` Lists the `Consent` in the given `consent store`, returning each Consent's latest revision. Authorization scopes Requires one of the following OAuth scopes: `https://www.googleapis.com/auth/cloud-healthcare` `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc ListConsents(ListConsentsRequest) returns (ListConsentsResponse)

Lists the Consent in the given consent store, returning each Consent's latest revision.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/cloud-healthcare
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ListUserDataMappings

ListUserDataMappings
`rpc ListUserDataMappings(ListUserDataMappingsRequest) returns (ListUserDataMappingsResponse)` Lists the `User data mappings` in the specified `consent store`. Authorization scopes Requires one of the following OAuth scopes: `https://www.googleapis.com/auth/cloud-healthcare` `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc ListUserDataMappings(ListUserDataMappingsRequest) returns (ListUserDataMappingsResponse)

Lists the User data mappings in the specified consent store.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/cloud-healthcare
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

QueryAccessibleData

QueryAccessibleData
`rpc QueryAccessibleData(QueryAccessibleDataRequest) returns (Operation)` Queries all data_ids that are consented for a specified use in the given `consent store` and writes them to a specified destination. The returned `Operation` includes a progress counter for the number of `User data mappings` processed. If the request is successful, a detailed response is returned of type `QueryAccessibleDataResponse`, contained in the [response][google.longrunning.Operation.result.response] field when the operation finishes. The `metadata` field type is `OperationMetadata`. Errors are logged to Cloud Logging (see Viewing error logs in Cloud Logging). For example, the following sample log entry shows a `failed to evaluate consent policy` error that occurred during a QueryAccessibleData call to consent store `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}`. jsonPayload: { @type: "type.googleapis.com/google.cloud.healthcare.logging.QueryAccessibleDataLogEntry" error: { code: 9 message: "failed to evaluate consent policy" } resourceName: "projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id}" } logName: "projects/{project_id}/logs/healthcare.googleapis.com%2Fquery_accessible_data" operation: { id: "projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/operations/{operation_id}" producer: "healthcare.googleapis.com/QueryAccessibleData" } receiveTimestamp: "TIMESTAMP" resource: { labels: { consent_store_id: "{consent_store_id}" dataset_id: "{dataset_id}" location: "{location_id}" project_id: "{project_id}" } type: "healthcare_consent_store" } severity: "ERROR" timestamp: "TIMESTAMP" Authorization scopes Requires one of the following OAuth scopes: `https://www.googleapis.com/auth/cloud-healthcare` `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc QueryAccessibleData(QueryAccessibleDataRequest) returns (Operation)

Queries all data_ids that are consented for a specified use in the given consent store and writes them to a specified destination.

The returned Operation includes a progress counter for the number of User data mappings processed.

If the request is successful, a detailed response is returned of type QueryAccessibleDataResponse, contained in the [response][google.longrunning.Operation.result.response] field when the operation finishes. The metadata field type is OperationMetadata.

Errors are logged to Cloud Logging (see Viewing error logs in Cloud Logging). For example, the following sample log entry shows a failed to evaluate consent policy error that occurred during a QueryAccessibleData call to consent store projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}.

jsonPayload: {
  @type:
  "type.googleapis.com/google.cloud.healthcare.logging.QueryAccessibleDataLogEntry"
  error: {
    code:  9
    message:  "failed to evaluate consent policy"
  }
  resourceName:
  "projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id}"
}
logName:
"projects/{project_id}/logs/healthcare.googleapis.com%2Fquery_accessible_data"
operation: {
  id:
  "projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/operations/{operation_id}"
  producer:  "healthcare.googleapis.com/QueryAccessibleData"
}
receiveTimestamp:  "TIMESTAMP"
resource: {
  labels: {
    consent_store_id:  "{consent_store_id}"
    dataset_id:  "{dataset_id}"
    location:  "{location_id}"
    project_id:  "{project_id}"
  }
  type:  "healthcare_consent_store"
}
severity:  "ERROR"
timestamp:  "TIMESTAMP"

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/cloud-healthcare
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

RejectConsent

RejectConsent
`rpc RejectConsent(RejectConsentRequest) returns (Consent)` Rejects the latest revision of the specified `Consent` by committing a new revision with `state` updated to `REJECTED`. If the latest revision of the specified Consent is in the `REJECTED` state, no new revision is committed. A `FAILED_PRECONDITION` error occurs if the latest revision of the specified Consent is in the `ACTIVE` or `REVOKED` state. Authorization scopes Requires one of the following OAuth scopes: `https://www.googleapis.com/auth/cloud-healthcare` `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc RejectConsent(RejectConsentRequest) returns (Consent)

Rejects the latest revision of the specified Consent by committing a new revision with state updated to REJECTED. If the latest revision of the specified Consent is in the REJECTED state, no new revision is committed. A FAILED_PRECONDITION error occurs if the latest revision of the specified Consent is in the ACTIVE or REVOKED state.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/cloud-healthcare
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

RevokeConsent

RevokeConsent
`rpc RevokeConsent(RevokeConsentRequest) returns (Consent)` Revokes the latest revision of the specified `Consent` by committing a new revision with `state` updated to `REVOKED`. If the latest revision of the specified Consent is in the `REVOKED` state, no new revision is committed. A `FAILED_PRECONDITION` error occurs if the latest revision of the given consent is in `DRAFT` or `REJECTED` state. Authorization scopes Requires one of the following OAuth scopes: `https://www.googleapis.com/auth/cloud-healthcare` `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc RevokeConsent(RevokeConsentRequest) returns (Consent)

Revokes the latest revision of the specified Consent by committing a new revision with state updated to REVOKED. If the latest revision of the specified Consent is in the REVOKED state, no new revision is committed. A FAILED_PRECONDITION error occurs if the latest revision of the given consent is in DRAFT or REJECTED state.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/cloud-healthcare
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

UpdateAttributeDefinition

UpdateAttributeDefinition
`rpc UpdateAttributeDefinition(UpdateAttributeDefinitionRequest) returns (AttributeDefinition)` Updates the specified `Attribute definition`. Authorization scopes Requires one of the following OAuth scopes: `https://www.googleapis.com/auth/cloud-healthcare` `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc UpdateAttributeDefinition(UpdateAttributeDefinitionRequest) returns (AttributeDefinition)

Updates the specified Attribute definition.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/cloud-healthcare
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

UpdateConsent

UpdateConsent
`rpc UpdateConsent(UpdateConsentRequest) returns (Consent)` Updates the latest revision of the specified `Consent` by committing a new revision with the changes. A `FAILED_PRECONDITION` error occurs if the latest revision of the specified Consent is in the `REJECTED` or `REVOKED` state. Authorization scopes Requires one of the following OAuth scopes: `https://www.googleapis.com/auth/cloud-healthcare` `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc UpdateConsent(UpdateConsentRequest) returns (Consent)

Updates the latest revision of the specified Consent by committing a new revision with the changes. A FAILED_PRECONDITION error occurs if the latest revision of the specified Consent is in the REJECTED or REVOKED state.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/cloud-healthcare
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

UpdateConsentStore

UpdateConsentStore
`rpc UpdateConsentStore(UpdateConsentStoreRequest) returns (ConsentStore)` Updates the specified `consent store`. Authorization scopes Requires one of the following OAuth scopes: `https://www.googleapis.com/auth/cloud-healthcare` `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc UpdateConsentStore(UpdateConsentStoreRequest) returns (ConsentStore)

Updates the specified consent store.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/cloud-healthcare
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

UpdateUserDataMapping

UpdateUserDataMapping
`rpc UpdateUserDataMapping(UpdateUserDataMappingRequest) returns (UserDataMapping)` Updates the specified `User data mapping`. Authorization scopes Requires one of the following OAuth scopes: `https://www.googleapis.com/auth/cloud-healthcare` `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc UpdateUserDataMapping(UpdateUserDataMappingRequest) returns (UserDataMapping)

Updates the specified User data mapping.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/cloud-healthcare
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ActivateConsentRequest

Fields
`name`	`string` Required. The resource name of the Consent to activate, of the form `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id}`. An `INVALID_ARGUMENT` error occurs if `revision_id` is specified in the name. Authorization requires the following IAM permission on the specified resource `name`: `healthcare.consents.activate`
`consent_artifact`	`string` Required. The resource name of the Consent artifact that contains documentation of the user's consent, of the form `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consentArtifacts/{consent_artifact_id}`. If the draft Consent had a Consent artifact, this Consent artifact overwrites it. Authorization requires the following IAM permission on the specified resource `consentArtifact`: `healthcare.consentArtifacts.get`
Union field `expiration`. Optional. Allows setting expiration time for Consents. Expired consents are ignored in access determination methods such as [CheckDataAccess]. This value overrides the expiration duration configured for the consent store. `expiration` can be only one of the following:
`expire_time`	`Timestamp` Timestamp in UTC of when this Consent is considered expired.
`ttl`	`Duration` The time to live for this Consent from when it is marked as active.

ArchiveUserDataMappingRequest

Fields

Fields
`name`	`string` Required. The resource name of the User data mapping to archive. Authorization requires the following IAM permission on the specified resource `name`: `healthcare.userDataMappings.archive`

name

string

Required. The resource name of the User data mapping to archive.

Authorization requires the following IAM permission on the specified resource name:

healthcare.userDataMappings.archive

Attribute

Fields

Fields
`attribute_definition_id`	`string` Indicates the name of an attribute defined in the consent store.
`values[]`	`string` Required. The value of the attribute. Must be an acceptable value as defined in the consent store. For example, if the consent store defines "data type" with acceptable values "questionnaire" and "step-count", when the attribute name is data type, this field must contain one of those values.

attribute_definition_id

string

Indicates the name of an attribute defined in the consent store.

values[]

string

Required. The value of the attribute. Must be an acceptable value as defined in the consent store. For example, if the consent store defines "data type" with acceptable values "questionnaire" and "step-count", when the attribute name is data type, this field must contain one of those values.

AttributeDefinition

Fields
`name`	`string` Identifier. Resource name of the Attribute definition, of the form `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/attributeDefinitions/{attribute_definition_id}`. Cannot be changed after creation.
`description`	`string` Optional. A description of the attribute.
`category`	`Category` Required. The category of the attribute. The value of this field cannot be changed after creation.
`allowed_values[]`	`string` Required. Possible values for the attribute. The number of allowed values must not exceed 500. An empty list is invalid. The list can only be expanded after creation.
`consent_default_values[]`	`string` Optional. Default values of the attribute in Consents. If no default values are specified, it defaults to an empty value.
`data_mapping_default_value`	`string` Optional. Default value of the attribute in User data mappings. If no default value is specified, it defaults to an empty value. This field is only applicable to attributes of the category `RESOURCE`.

Enums
`CATEGORY_UNSPECIFIED`	No category specified. This option is invalid.
`RESOURCE`	Specify this category when this attribute describes the properties of resources. For example, data anonymity or data type.
`REQUEST`	Specify this category when this attribute describes the properties of requests. For example, requester's role or requester's organization.

CheckDataAccessRequest

Fields
`consent_store`	`string` Required. Name of the consent store where the requested data_id is stored, of the form `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}`. Authorization requires the following IAM permission on the specified resource `consentStore`: `healthcare.consentStores.checkDataAccess`
`data_id`	`string` Required. The unique identifier of the resource to check access for. This identifier must correspond to a User data mapping in the given consent store.
`request_attributes`	`map<string, string>` The values of request attributes associated with this access request.
`response_view`	`ResponseView` Optional. The view for `CheckDataAccessResponse`. If unspecified, defaults to `BASIC` and returns `consented` as `TRUE` or `FALSE`.
Union field `consent_selection`. The selection of `Consents` to evaluate the access request against. If no selection is specified, the access request is evaluated against all `ACTIVE` unexpired Consents with the same `user_id` as the data to check access for. `consent_selection` can be only one of the following:
`consent_list`	`ConsentList` Optional. Specific `Consents` to evaluate the access request against. These Consents must have the same `user_id` as the evaluated User data mapping, must exist in the current `consent_store`, and have a `state` of either `ACTIVE` or `DRAFT`. A maximum of 100 Consents can be provided here. If no selection is specified, the access request is evaluated against all `ACTIVE` unexpired Consents with the same `user_id` as the evaluated User data mapping.

ResponseView

Enums
`RESPONSE_VIEW_UNSPECIFIED`	No response view specified. The API will default to the BASIC view.
`BASIC`	Only the `consented` field is populated in `CheckDataAccessResponse`.
`FULL`	All fields within `CheckDataAccessResponse` are populated. When set to `FULL`, all `ACTIVE` Consents are evaluated even if a matching policy is found during evaluation.

CheckDataAccessResponse

Fields

Fields
`consented`	`bool` Whether the requested resource is consented for the given use.
`consent_details`	`map<string, ConsentEvaluation>` The resource names of all evaluated `Consents` mapped to their evaluation.

consented

bool

Whether the requested resource is consented for the given use.

consent_details

map<string, ConsentEvaluation>

The resource names of all evaluated Consents mapped to their evaluation.

Fields
`name`	`string` Identifier. Resource name of the Consent, of the form `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id}`. Cannot be changed after creation.
`revision_id`	`string` Output only. The revision ID of the Consent. The format is an 8-character hexadecimal string. Refer to a specific revision of a Consent by appending `@{revision_id}` to the Consent's resource name.
`revision_create_time`	`Timestamp` Output only. The timestamp that the revision was created.
`user_id`	`string` Required. User's UUID provided by the client.
`policies[]`	`Policy` Optional. Represents a user's consent in terms of the resources that can be accessed and under what conditions.
`consent_artifact`	`string` Required. The resource name of the Consent artifact that contains proof of the end user's consent, of the form `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consentArtifacts/{consent_artifact_id}`.
`state`	`State` Required. Indicates the current state of this Consent.
`metadata`	`map<string, string>` Optional. User-supplied key-value pairs used to organize Consent resources. Metadata keys must: be between 1 and 63 characters long have a UTF-8 encoding of maximum 128 bytes begin with a letter consist of up to 63 characters including lowercase letters, numeric characters, underscores, and dashes Metadata values must be: - be between 1 and 63 characters long - have a UTF-8 encoding of maximum 128 bytes - consist of up to 63 characters including lowercase letters, numeric characters, underscores, and dashes No more than 64 metadata entries can be associated with a given consent.
Union field `expiration`. Optional. Allows setting expiration time for Consents. Expired Consents are ignored in access determination methods such as [CheckDataAccess]. This value replaces any default expiration duration configured for the Consent store. `expiration` can be only one of the following:
`expire_time`	`Timestamp` Timestamp in UTC of when this Consent is considered expired.
`ttl`	`Duration` Input only. The time to live for this Consent from when it is created.

State

Enums
`STATE_UNSPECIFIED`	No state specified. Treated as ACTIVE only at the time of resource creation.
`ACTIVE`	The Consent is active and is considered when evaluating a user's consent on resources.
`ARCHIVED`	The archived state is currently not being used.
`REVOKED`	A revoked Consent is not considered when evaluating a user's consent on resources.
`DRAFT`	A draft Consent is not considered when evaluating a user's consent on resources unless explicitly specified.
`REJECTED`	When a draft Consent is rejected by a user, it is set to a rejected state. A rejected Consent is not considered when evaluating a user's consent on resources.

ConsentArtifact

Fields
`name`	`string` Identifier. Resource name of the Consent artifact, of the form `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consentArtifacts/{consent_artifact_id}`. Cannot be changed after creation.
`user_id`	`string` Required. User's UUID provided by the client.
`user_signature`	`Signature` Optional. User's signature.
`guardian_signature`	`Signature` Optional. A signature from a guardian.
`witness_signature`	`Signature` Optional. A signature from a witness.
`consent_content_screenshots[]`	`Image` Optional. Screenshots, PDFs, or other binary information documenting the user's consent.
`consent_content_version`	`string` Optional. An string indicating the version of the consent information shown to the user.
`metadata`	`map<string, string>` Optional. Metadata associated with the Consent artifact. For example, the consent locale or user agent version.

ConsentEvaluation

Fields

Fields
`evaluation_result`	`EvaluationResult` The evaluation result.

evaluation_result

EvaluationResult

The evaluation result.

EvaluationResult

Enums
`EVALUATION_RESULT_UNSPECIFIED`	No evaluation result specified. This option is invalid.
`NOT_APPLICABLE`	The Consent is not applicable to the requested access determination. For example, the Consent does not apply to the user for which the access determination is requested, or it has a `state` of `REVOKED`, or it has expired.
`NO_MATCHING_POLICY`	The Consent does not have a policy that matches the `resource_attributes` of the evaluated resource.
`NO_SATISFIED_POLICY`	The Consent has at least one policy that matches the `resource_attributes` of the evaluated resource, but no `authorization_rule` was satisfied.
`HAS_SATISFIED_POLICY`	The Consent has at least one policy that matches the `resource_attributes` of the evaluated resource, and at least one `authorization_rule` was satisfied.

ConsentList

Fields

Fields
`consents[]`	`string` The resource names of the `Consents` to evaluate against, of the form `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id}`.

consents[]

string

The resource names of the Consents to evaluate against, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id}.

ConsentStore

Fields
`name`	`string` Identifier. Resource name of the consent store, of the form `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}`. Cannot be changed after creation.
`default_consent_ttl`	`Duration` Optional. Default time to live for Consents created in this store. Must be at least 24 hours. Updating this field will not affect the expiration time of existing consents.
`labels`	`map<string, string>` Optional. User-supplied key-value pairs used to organize consent stores. Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}][\p{Ll}\p{Lo}\p{N}_-]{0,62}. Label values must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}\p{N}_-]{0,63}. No more than 64 labels can be associated with a given store. For more information: https://cloud.google.com/healthcare/docs/how-tos/labeling-resources
`enable_consent_create_on_update`	`bool` Optional. If `true`, [UpdateConsent] [google.cloud.healthcare.v1.consent.UpdateConsent] creates the Consent if it does not already exist. If unspecified, defaults to `false`.

CreateAttributeDefinitionRequest

Fields

Fields
`parent`	`string` Required. The name of the consent store that this Attribute definition belongs to. Authorization requires the following IAM permission on the specified resource `parent`: `healthcare.attributeDefinitions.create`
`attribute_definition_id`	`string` Required. The ID of the Attribute definition to create. The string must match the following regex: `[_a-zA-Z][_a-zA-Z0-9]{0,255}` and must not be a reserved keyword within the Common Expression Language as listed on https://github.com/google/cel-spec/blob/master/doc/langdef.md.
`attribute_definition`	`AttributeDefinition` Required. Attribute definition to create.

parent

string

Required. The name of the consent store that this Attribute definition belongs to.

Authorization requires the following IAM permission on the specified resource parent:

healthcare.attributeDefinitions.create

attribute_definition_id

string

Required. The ID of the Attribute definition to create. The string must match the following regex: [_a-zA-Z][_a-zA-Z0-9]{0,255} and must not be a reserved keyword within the Common Expression Language as listed on https://github.com/google/cel-spec/blob/master/doc/langdef.md.

attribute_definition

AttributeDefinition

Required. Attribute definition to create.

CreateConsentArtifactRequest

Fields

Fields
`parent`	`string` Required. The name of the consent store this Consent artifact belongs to. Authorization requires the following IAM permission on the specified resource `parent`: `healthcare.consentArtifacts.create`
`consent_artifact`	`ConsentArtifact` Required. Consent artifact to create.

parent

string

Required. The name of the consent store this Consent artifact belongs to.

Authorization requires the following IAM permission on the specified resource parent:

healthcare.consentArtifacts.create

consent_artifact

ConsentArtifact

Required. Consent artifact to create.

CreateConsentRequest

Fields

parent

string

Required. Name of the consent store.

Authorization requires the following IAM permission on the specified resource parent:

healthcare.consents.create

consent

Consent

Required. Consent to create.

CreateConsentStoreRequest

Fields

parent

string

Required. The name of the dataset this consent store belongs to.

Authorization requires the following IAM permission on the specified resource parent:

healthcare.consentStores.create

consent_store_id

string

Required. The ID of the consent store to create. The string must match the following regex: [\p{L}\p{N}_\-\.]{1,256}. Cannot be changed after creation.

consent_store

ConsentStore

Required. Configuration info for this consent store.

CreateUserDataMappingRequest

Fields

parent

string

Required. Name of the consent store.

Authorization requires the following IAM permission on the specified resource parent:

healthcare.userDataMappings.create

user_data_mapping

UserDataMapping

Required. User data mapping to create.

DeleteAttributeDefinitionRequest

Fields

name

string

Required. The resource name of the Attribute definition to delete. To preserve referential integrity, Attribute definitions referenced by a User data mapping or the latest revision of a Consent cannot be deleted.

Authorization requires the following IAM permission on the specified resource name:

healthcare.attributeDefinitions.delete

DeleteConsentArtifactRequest

Fields

name

string

Required. The resource name of the Consent artifact to delete. To preserve referential integrity, Consent artifacts referenced by the latest revision of a Consent cannot be deleted.

Authorization requires the following IAM permission on the specified resource name:

healthcare.consentArtifacts.delete

DeleteConsentRequest

Fields

name

string

Required. The resource name of the Consent to delete, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id}. An INVALID_ARGUMENT error occurs if revision_id is specified in the name.

Authorization requires the following IAM permission on the specified resource name:

healthcare.consents.delete

DeleteConsentRevisionRequest

Fields

name

string

Required. The resource name of the Consent revision to delete, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id}@{revision_id}. An INVALID_ARGUMENT error occurs if revision_id is not specified in the name.

Authorization requires the following IAM permission on the specified resource name:

healthcare.consents.delete

DeleteConsentStoreRequest

Fields

name

string

Required. The resource name of the consent store to delete.

Authorization requires the following IAM permission on the specified resource name:

healthcare.consentStores.delete

DeleteUserDataMappingRequest

Fields

name

string

Required. The resource name of the User data mapping to delete.

Authorization requires the following IAM permission on the specified resource name:

healthcare.userDataMappings.delete

EvaluateUserConsentsRequest

Fields
`consent_store`	`string` Required. Name of the consent store to retrieve User data mappings from. Authorization requires the following IAM permission on the specified resource `consentStore`: `healthcare.consentStores.evaluateUserConsents`
`user_id`	`string` Required. User ID to evaluate consents for.
`resource_attributes`	`map<string, string>` Optional. The values of resource attributes associated with the resources being requested. If no values are specified, then all resources are queried.
`request_attributes`	`map<string, string>` Required. The values of request attributes associated with this access request.
`response_view`	`ResponseView` Optional. The view for `EvaluateUserConsentsResponse`. If unspecified, defaults to `BASIC` and returns `consented` as `TRUE` or `FALSE`.
`page_size`	`int32` Optional. Limit on the number of User data mappings to return in a single response. If not specified, 100 is used. May not be larger than 1000.
`page_token`	`string` Optional. Token to retrieve the next page of results, or empty to get the first page.
Union field `consent_selection`. `consent_selection` can be only one of the following:
`consent_list`	`ConsentList` Optional. Specific `Consents` to evaluate the access request against. These Consents must have the same `user_id` as the User data mappings being evalauted, must exist in the current `consent_store`, and must have a `state` of either `ACTIVE` or `DRAFT`. A maximum of 100 Consents can be provided here. If unspecified, all `ACTIVE` unexpired Consents in the current `consent_store` will be evaluated.

ResponseView

Enums
`RESPONSE_VIEW_UNSPECIFIED`	No response view specified. The API will default to the BASIC view.
`BASIC`	Only the `data_id` and `consented` fields are populated in the response.
`FULL`	All fields within the response are populated. When set to `FULL`, all `ACTIVE` Consents are evaluated even if a matching policy is found during evaluation.

EvaluateUserConsentsResponse

Fields

results[]

Result

The consent evaluation result for each data_id.

next_page_token

string

Token to retrieve the next page of results, or empty if there are no more results in the list. This token is valid for 72 hours after it is created.

Result

Fields

data_id

string

The unique identifier of the evaluated resource.

consented

bool

Whether the resource is consented for the given use.

consent_details

map<string, ConsentEvaluation>

The resource names of all evaluated Consents mapped to their evaluation.

GcsDestination

Fields

uri_prefix

string

URI for a Cloud Storage directory where the server writes result files, in the format gs://{bucket-id}/{path/to/destination/dir}. If there is no trailing slash, the service appends one when composing the object path. The user is responsible for creating the Cloud Storage bucket and directory referenced in uri_prefix.

GetAttributeDefinitionRequest

Fields

name

string

Required. The resource name of the Attribute definition to get.

Authorization requires the following IAM permission on the specified resource name:

healthcare.attributeDefinitions.get

GetConsentArtifactRequest

Fields

name

string

Required. The resource name of the Consent artifact to retrieve.

Authorization requires the following IAM permission on the specified resource name:

healthcare.consentArtifacts.get

GetConsentRequest

Fields

name

string

Required. The resource name of the Consent to retrieve, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id}.

In order to retrieve a previous revision of the Consent, also provide the revision ID: projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id}@{revision_id}

Authorization requires the following IAM permission on the specified resource name:

healthcare.consents.get

GetConsentStoreRequest

Fields

name

string

Required. The resource name of the consent store to get.

Authorization requires the following IAM permission on the specified resource name:

healthcare.consentStores.get

GetUserDataMappingRequest

Fields

name

string

Required. The resource name of the User data mapping to retrieve.

Authorization requires the following IAM permission on the specified resource name:

healthcare.userDataMappings.get

Image

Fields

Union field data.

data can be only one of the following:

raw_bytes

bytes

Consent artifact content represented as a stream of bytes. This field is populated when returned in GetConsentArtifact response, but not included in CreateConsentArtifact and ListConsentArtifact response.

gcs_uri

string

Input only. Points to a Cloud Storage URI containing the consent artifact content. The URI must be in the following format: gs://{bucket_id}/{object_id}. The Cloud Healthcare API service account must have the roles/storage.objectViewer Cloud IAM role for this Cloud Storage location. The consent artifact content at this URI is copied to a Cloud Storage location managed by the Cloud Healthcare API. Responses to fetching requests return the consent artifact content in raw_bytes.

ListAttributeDefinitionsRequest

Fields
`parent`	`string` Required. Name of the consent store to retrieve Attribute definitions from. Authorization requires the following IAM permission on the specified resource `parent`: `healthcare.attributeDefinitions.list`
`page_size`	`int32` Optional. Limit on the number of Attribute definitions to return in a single response. If not specified, 100 is used. May not be larger than 1000.
`page_token`	`string` Optional. Token to retrieve the next page of results or empty to get the first page.
`filter`	`string` Optional. Restricts the attributes returned to those matching a filter. The only field available for filtering is `category`. For example, `filter=category=\"REQUEST\"`.

ListAttributeDefinitionsResponse

Fields

attribute_definitions[]

AttributeDefinition

The returned Attribute definitions. The maximum number of attributes returned is determined by the value of page_size in the ListAttributeDefinitionsRequest.

next_page_token

string

Token to retrieve the next page of results, or empty if there are no more results in the list.

ListConsentArtifactsRequest

Fields
`parent`	`string` Required. Name of the consent store to retrieve consent artifacts from. Authorization requires the following IAM permission on the specified resource `parent`: `healthcare.consentArtifacts.list`
`page_size`	`int32` Optional. Limit on the number of consent artifacts to return in a single response. If not specified, 100 is used. May not be larger than 1000.
`page_token`	`string` Optional. The next_page_token value returned from the previous List request, if any.
`filter`	`string` Optional. Restricts the artifacts returned to those matching a filter. The following syntax is available: A string field value can be written as text inside quotation marks, for example `"query text"`. The only valid relational operation for text fields is equality (`=`), where text is searched within the field, rather than having the field be equal to the text. For example, `"Comment = great"` returns messages with `great` in the comment field. A number field value can be written as an integer, a decimal, or an exponential. The valid relational operators for number fields are the equality operator (`=`), along with the less than/greater than operators (`<`, `<=`, `>`, `>=`). Note that there is no inequality (`!=`) operator. You can prepend the `NOT` operator to an expression to negate it. A date field value must be written in `yyyy-mm-dd` form. Fields with date and time use the RFC3339 time format. Leading zeros are required for one-digit months and days. The valid relational operators for date fields are the equality operator (`=`) , along with the less than/greater than operators (`<`, `<=`, `>`, `>=`). Note that there is no inequality (`!=`) operator. You can prepend the `NOT` operator to an expression to negate it. Multiple field query expressions can be combined in one query by adding `AND` or `OR` operators between the expressions. If a boolean operator appears within a quoted string, it is not treated as special, it's just another part of the character string to be matched. You can prepend the `NOT` operator to an expression to negate it. The fields available for filtering are: user_id. For example, `filter=user_id=\"user123\"`. consent_content_version metadata. For example, `filter=Metadata(\"testkey\")=\"value\"` or `filter=HasMetadata(\"testkey\")`.

ListConsentArtifactsResponse

Fields

consent_artifacts[]

ConsentArtifact

The returned Consent artifacts. The maximum number of artifacts returned is determined by the value of page_size in the ListConsentArtifactsRequest.

next_page_token

string

Token to retrieve the next page of results, or empty if there are no more results in the list.

ListConsentRevisionsRequest

Fields
`name`	`string` Required. The resource name of the Consent to retrieve revisions for. Authorization requires the following IAM permission on the specified resource `name`: `healthcare.consents.get`
`page_size`	`int32` Optional. Limit on the number of revisions to return in a single response. If not specified, 100 is used. May not be larger than 1000.
`page_token`	`string` Optional. Token to retrieve the next page of results or empty if there are no more results in the list.
`filter`	`string` Optional. Restricts the revisions returned to those matching a filter. The following syntax is available: A string field value can be written as text inside quotation marks, for example `"query text"`. The only valid relational operation for text fields is equality (`=`), where text is searched within the field, rather than having the field be equal to the text. For example, `"Comment = great"` returns messages with `great` in the comment field. A number field value can be written as an integer, a decimal, or an exponential. The valid relational operators for number fields are the equality operator (`=`), along with the less than/greater than operators (`<`, `<=`, `>`, `>=`). Note that there is no inequality (`!=`) operator. You can prepend the `NOT` operator to an expression to negate it. A date field value must be written in `yyyy-mm-dd` form. Fields with date and time use the RFC3339 time format. Leading zeros are required for one-digit months and days. The valid relational operators for date fields are the equality operator (`=`) , along with the less than/greater than operators (`<`, `<=`, `>`, `>=`). Note that there is no inequality (`!=`) operator. You can prepend the `NOT` operator to an expression to negate it. Multiple field query expressions can be combined in one query by adding `AND` or `OR` operators between the expressions. If a boolean operator appears within a quoted string, it is not treated as special, it's just another part of the character string to be matched. You can prepend the `NOT` operator to an expression to negate it. Fields available for filtering are: user_id. For example, `filter='user_id="user123"'`. consent_artifact state revision_create_time metadata. For example, `filter=Metadata(\"testkey\")=\"value\"` or `filter=HasMetadata(\"testkey\")`.

ListConsentRevisionsResponse

Fields

consents[]

Consent

The returned Consent revisions. The maximum number of revisions returned is determined by the value of page_size in the ListConsentRevisionsRequest.

next_page_token

string

Token to retrieve the next page of results, or empty if there are no more results in the list.

ListConsentStoresRequest

Fields
`parent`	`string` Required. Name of the dataset. Authorization requires the following IAM permission on the specified resource `parent`: `healthcare.consentStores.list`
`page_size`	`int32` Optional. Limit on the number of consent stores to return in a single response. If not specified, 100 is used. May not be larger than 1000.
`page_token`	`string` Optional. Token to retrieve the next page of results, or empty to get the first page.
`filter`	`string` Optional. Restricts the stores returned to those matching a filter. Only filtering on labels is supported. For example, `filter=labels.key=value`.

ListConsentStoresResponse

Fields

consent_stores[]

ConsentStore

The returned consent stores. The maximum number of stores returned is determined by the value of page_size in the ListConsentStoresRequest.

next_page_token

string

Token to retrieve the next page of results, or empty if there are no more results in the list.

ListConsentsRequest

Fields
`parent`	`string` Required. Name of the consent store to retrieve Consents from. Authorization requires the following IAM permission on the specified resource `parent`: `healthcare.consents.list`
`page_size`	`int32` Optional. Limit on the number of Consents to return in a single response. If not specified, 100 is used. May not be larger than 1000.
`page_token`	`string` Optional. The next_page_token value returned from the previous List request, if any.
`filter`	`string` Optional. Restricts the Consents returned to those matching a filter. The following syntax is available: A string field value can be written as text inside quotation marks, for example `"query text"`. The only valid relational operation for text fields is equality (`=`), where text is searched within the field, rather than having the field be equal to the text. For example, `"Comment = great"` returns messages with `great` in the comment field. A number field value can be written as an integer, a decimal, or an exponential. The valid relational operators for number fields are the equality operator (`=`), along with the less than/greater than operators (`<`, `<=`, `>`, `>=`). Note that there is no inequality (`!=`) operator. You can prepend the `NOT` operator to an expression to negate it. A date field value must be written in `yyyy-mm-dd` form. Fields with date and time use the RFC3339 time format. Leading zeros are required for one-digit months and days. The valid relational operators for date fields are the equality operator (`=`) , along with the less than/greater than operators (`<`, `<=`, `>`, `>=`). Note that there is no inequality (`!=`) operator. You can prepend the `NOT` operator to an expression to negate it. Multiple field query expressions can be combined in one query by adding `AND` or `OR` operators between the expressions. If a boolean operator appears within a quoted string, it is not treated as special, it's just another part of the character string to be matched. You can prepend the `NOT` operator to an expression to negate it. The fields available for filtering are: user_id. For example, `filter='user_id="user123"'`. consent_artifact state revision_create_time metadata. For example, `filter=Metadata(\"testkey\")=\"value\"` or `filter=HasMetadata(\"testkey\")`.

ListConsentsResponse

Fields

consents[]

Consent

The returned Consents. The maximum number of Consents returned is determined by the value of page_size in the ListConsentsRequest.

next_page_token

string

Token to retrieve the next page of results, or empty if there are no more results in the list.

ListUserDataMappingsRequest

Fields
`parent`	`string` Required. Name of the consent store to retrieve User data mappings from. Authorization requires the following IAM permission on the specified resource `parent`: `healthcare.userDataMappings.list`
`page_size`	`int32` Optional. Limit on the number of User data mappings to return in a single response. If not specified, 100 is used. May not be larger than 1000.
`page_token`	`string` Optional. Token to retrieve the next page of results, or empty to get the first page.
`filter`	`string` Optional. Restricts the User data mappings returned to those matching a filter. The following syntax is available: A string field value can be written as text inside quotation marks, for example `"query text"`. The only valid relational operation for text fields is equality (`=`), where text is searched within the field, rather than having the field be equal to the text. For example, `"Comment = great"` returns messages with `great` in the comment field. A number field value can be written as an integer, a decimal, or an exponential. The valid relational operators for number fields are the equality operator (`=`), along with the less than/greater than operators (`<`, `<=`, `>`, `>=`). Note that there is no inequality (`!=`) operator. You can prepend the `NOT` operator to an expression to negate it. A date field value must be written in `yyyy-mm-dd` form. Fields with date and time use the RFC3339 time format. Leading zeros are required for one-digit months and days. The valid relational operators for date fields are the equality operator (`=`) , along with the less than/greater than operators (`<`, `<=`, `>`, `>=`). Note that there is no inequality (`!=`) operator. You can prepend the `NOT` operator to an expression to negate it. Multiple field query expressions can be combined in one query by adding `AND` or `OR` operators between the expressions. If a boolean operator appears within a quoted string, it is not treated as special, it's just another part of the character string to be matched. You can prepend the `NOT` operator to an expression to negate it. The fields available for filtering are: data_id user_id. For example, `filter=user_id=\"user123\"`. archived archive_time

ListUserDataMappingsResponse

Fields

user_data_mappings[]

UserDataMapping

The returned User data mappings. The maximum number of User data mappings returned is determined by the value of page_size in the ListUserDataMappingsRequest.

next_page_token

string

Token to retrieve the next page of results, or empty if there are no more results in the list.

Policy

Fields

resource_attributes[]

Attribute

The resources that this policy applies to. A resource is a match if it matches all the attributes listed here. If empty, this policy applies to all User data mappings for the given user.

authorization_rule

Expr

Required. The request conditions to meet to grant access. In addition to any supported comparison operators, authorization rules may have IN operator as well as at most 10 logical operators that are limited to AND (&&), OR (||).

QueryAccessibleDataRequest

Fields
`consent_store`	`string` Required. Name of the consent store to retrieve User data mappings from. Authorization requires the following IAM permission on the specified resource `consentStore`: `healthcare.consentStores.queryAccessibleData`
`resource_attributes`	`map<string, string>` Optional. The values of resource attributes associated with the type of resources being requested. If no values are specified, then all resource types are included in the output.
`request_attributes`	`map<string, string>` The values of request attributes associated with this access request.
Union field `destination`. Required. The output destination of the result file which contains a single data_id on each line. `destination` can be only one of the following:
`gcs_destination`	`GcsDestination` The Cloud Storage destination. The Cloud Healthcare API service account must have the `roles/storage.objectAdmin` Cloud IAM role for this Cloud Storage location.

QueryAccessibleDataResponse

Fields

gcs_uris[]

string

List of files, each of which contains a list of data_id(s) that are consented for a specified use in the request.

RejectConsentRequest

Fields

name

string

Required. The resource name of the Consent to reject, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id}. An INVALID_ARGUMENT error occurs if revision_id is specified in the name.

Authorization requires the following IAM permission on the specified resource name:

healthcare.consents.reject

consent_artifact

string

Optional. The resource name of the Consent artifact that contains documentation of the user's rejection of the draft Consent, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consentArtifacts/{consent_artifact_id}. If the draft Consent had a Consent artifact, this Consent artifact overwrites it.

Authorization requires the following IAM permission on the specified resource consentArtifact:

healthcare.consentArtifacts.get

RevokeConsentRequest

Fields

name

string

Required. The resource name of the Consent to revoke, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id}. An INVALID_ARGUMENT error occurs if revision_id is specified in the name.

Authorization requires the following IAM permission on the specified resource name:

healthcare.consents.revoke

consent_artifact

string

Optional. The resource name of the Consent artifact that contains proof of the user's revocation of the Consent, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consentArtifacts/{consent_artifact_id}.

Authorization requires the following IAM permission on the specified resource consentArtifact:

healthcare.consentArtifacts.get

Signature

Fields
`user_id`	`string` Required. User's UUID provided by the client.
`image`	`Image` Optional. An image of the user's signature.
`metadata`	`map<string, string>` Optional. Metadata associated with the user's signature. For example, the user's name or the user's title.
`signature_time`	`Timestamp` Optional. Timestamp of the signature.

UpdateAttributeDefinitionRequest

Fields

attribute_definition

AttributeDefinition

Required. The Attribute definition resource that updates the resource on the server. Only the fields listed in update_mask are applied.

Authorization requires the following IAM permission on the specified resource attributeDefinition:

healthcare.attributeDefinitions.update

update_mask

FieldMask

Required. The update mask that applies to the resource. For the FieldMask definition, see https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask. Only the description, allowed_values, consent_default_values and data_mapping_default_value fields can be updated. The updated allowed_values must contain all values from the previous allowed_values.

UpdateConsentRequest

Fields

consent

Consent

Required. The Consent resource that updates the resource on the server. Only the fields listed in update_mask are applied. An INVALID_ARGUMENT error occurs if revision_id is specified as part of the Consent's name.

Authorization requires the following IAM permission on the specified resource consent:

healthcare.consents.update

update_mask

FieldMask

Required. The update mask to apply to the resource. For the FieldMask definition, see https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask. Only the user_id, policies, consent_artifact, and metadata fields can be updated.

UpdateConsentStoreRequest

Fields

consent_store

ConsentStore

Required. The consent store resource that updates the resource on the server. Only the fields listed in update_mask are applied.

Authorization requires the following IAM permission on the specified resource consentStore:

healthcare.consentStores.update

update_mask

FieldMask

Required. The update mask that applies to the resource. For the FieldMask definition, see https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask. Only the labels, default_consent_ttl, and enable_consent_create_on_update fields are allowed to be updated.

UpdateUserDataMappingRequest

Fields

user_data_mapping

UserDataMapping

Required. The User data mapping resource that updates the resource on the server. Only the fields listed in update_mask are applied.

Authorization requires the following IAM permission on the specified resource userDataMapping:

healthcare.userDataMappings.update

update_mask

FieldMask

UserDataMapping

Fields
`name`	`string` Resource name of the User data mapping, of the form `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/userDataMappings/{user_data_mapping_id}`.
`data_id`	`string` Required. A unique identifier for the mapped resource.
`user_id`	`string` Required. User's UUID provided by the client.
`resource_attributes[]`	`Attribute` Attributes of the resource. Only explicitly set attributes are displayed here. `Attribute definitions` with defaults set implicitly apply to these [User data mappings] [google.cloud.healthcare.v1.consent.UserDataMappings]. Attributes listed here must be single valued, that is, exactly one value is specified for the field "values" in each `Attribute`.
`archived`	`bool` Output only. Indicates whether this mapping is archived.
`archive_time`	`Timestamp` Output only. Indicates the time when this mapping was archived.

Package google.cloud.healthcare.v1.consent

Index

ConsentService

ActivateConsentRequest

ArchiveUserDataMappingRequest

ArchiveUserDataMappingResponse

Attribute

AttributeDefinition

Category

CheckDataAccessRequest

ResponseView

CheckDataAccessResponse

Consent

State

ConsentArtifact

ConsentEvaluation

EvaluationResult

ConsentList

ConsentStore

CreateAttributeDefinitionRequest

CreateConsentArtifactRequest

CreateConsentRequest

CreateConsentStoreRequest

CreateUserDataMappingRequest

DeleteAttributeDefinitionRequest

DeleteConsentArtifactRequest

DeleteConsentRequest

DeleteConsentRevisionRequest

DeleteConsentStoreRequest

DeleteUserDataMappingRequest

EvaluateUserConsentsRequest

ResponseView

EvaluateUserConsentsResponse

Result

GcsDestination

GetAttributeDefinitionRequest

GetConsentArtifactRequest

GetConsentRequest

GetConsentStoreRequest

GetUserDataMappingRequest

Image

ListAttributeDefinitionsRequest

ListAttributeDefinitionsResponse

ListConsentArtifactsRequest

ListConsentArtifactsResponse

ListConsentRevisionsRequest

ListConsentRevisionsResponse

ListConsentStoresRequest

ListConsentStoresResponse

ListConsentsRequest

ListConsentsResponse

ListUserDataMappingsRequest

ListUserDataMappingsResponse

Policy

QueryAccessibleDataRequest

QueryAccessibleDataResponse

RejectConsentRequest

RevokeConsentRequest

Signature

UpdateAttributeDefinitionRequest

UpdateConsentRequest

UpdateConsentStoreRequest

UpdateUserDataMappingRequest

UserDataMapping