Package google.cloud.healthcare.v1beta1.consent

Stay organized with collections Save and categorize content based on your preferences.

Index

ConsentService

A service for managing user consents.

ActivateConsent

rpc ActivateConsent(ActivateConsentRequest) returns (Consent)

Activates the latest revision of the specified Consent by committing a new revision with state updated to ACTIVE. If the latest revision of the specified Consent is in the ACTIVE state, no new revision is committed. A FAILED_PRECONDITION error occurs if the latest revision of the specified consent is in the REJECTED or REVOKED state.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.
ArchiveUserDataMapping

rpc ArchiveUserDataMapping(ArchiveUserDataMappingRequest) returns (ArchiveUserDataMappingResponse)

Archives the specified User data mapping.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.
CheckDataAccess

rpc CheckDataAccess(CheckDataAccessRequest) returns (CheckDataAccessResponse)

Checks if a particular data_id of a User data mapping in the specified consent store is consented for the specified use.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.
CreateAttributeDefinition

rpc CreateAttributeDefinition(CreateAttributeDefinitionRequest) returns (AttributeDefinition)

Creates a new Attribute definition in the parent consent store.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.
CreateConsent

rpc CreateConsent(CreateConsentRequest) returns (Consent)

Creates a new Consent in the parent consent store.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.
CreateConsentArtifact

rpc CreateConsentArtifact(CreateConsentArtifactRequest) returns (ConsentArtifact)

Creates a new Consent artifact in the parent consent store.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.
CreateConsentStore

rpc CreateConsentStore(CreateConsentStoreRequest) returns (ConsentStore)

Creates a new consent store in the parent dataset. Attempting to create a consent store with the same ID as an existing store fails with an ALREADY_EXISTS error.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.
CreateUserDataMapping

rpc CreateUserDataMapping(CreateUserDataMappingRequest) returns (UserDataMapping)

Creates a new User data mapping in the parent consent store.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.
DeleteAttributeDefinition

rpc DeleteAttributeDefinition(DeleteAttributeDefinitionRequest) returns (Empty)

Deletes the specified Attribute definition. Fails if the Attribute definition is referenced by any User data mapping, or the latest revision of any Consent.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.
DeleteConsent

rpc DeleteConsent(DeleteConsentRequest) returns (Empty)

Deletes the Consent and its revisions. To keep a record of the Consent but mark it inactive, see [RevokeConsent]. To delete a revision of a Consent, see [DeleteConsentRevision]. This operation does not delete the related Consent artifact.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.
DeleteConsentArtifact

rpc DeleteConsentArtifact(DeleteConsentArtifactRequest) returns (Empty)

Deletes the specified Consent artifact. Fails if the artifact is referenced by the latest revision of any Consent.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.
DeleteConsentRevision

rpc DeleteConsentRevision(DeleteConsentRevisionRequest) returns (Empty)

Deletes the specified revision of a Consent. An INVALID_ARGUMENT error occurs if the specified revision is the latest revision.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.
DeleteConsentStore

rpc DeleteConsentStore(DeleteConsentStoreRequest) returns (Empty)

Deletes the specified consent store and removes all the consent store's data.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.
DeleteUserDataMapping

rpc DeleteUserDataMapping(DeleteUserDataMappingRequest) returns (Empty)

Deletes the specified User data mapping.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.
EvaluateUserConsents

rpc EvaluateUserConsents(EvaluateUserConsentsRequest) returns (EvaluateUserConsentsResponse)

Evaluates the user's Consents for all matching User data mappings.

Note: User data mappings are indexed asynchronously, which can cause a slight delay between the time mappings are created or updated and when they are included in EvaluateUserConsents results.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.
GetAttributeDefinition

rpc GetAttributeDefinition(GetAttributeDefinitionRequest) returns (AttributeDefinition)

Gets the specified Attribute definition.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.
GetConsent

rpc GetConsent(GetConsentRequest) returns (Consent)

Gets the specified revision of a Consent, or the latest revision if revision_id is not specified in the resource name.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.
GetConsentArtifact

rpc GetConsentArtifact(GetConsentArtifactRequest) returns (ConsentArtifact)

Gets the specified Consent artifact.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.
GetConsentStore

rpc GetConsentStore(GetConsentStoreRequest) returns (ConsentStore)

Gets the specified consent store.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.
GetUserDataMapping

rpc GetUserDataMapping(GetUserDataMappingRequest) returns (UserDataMapping)

Gets the specified User data mapping.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.
ListAttributeDefinitions

rpc ListAttributeDefinitions(ListAttributeDefinitionsRequest) returns (ListAttributeDefinitionsResponse)

Lists the Attribute definitions in the specified consent store.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.
ListConsentArtifacts

rpc ListConsentArtifacts(ListConsentArtifactsRequest) returns (ListConsentArtifactsResponse)

Lists the Consent artifacts in the specified consent store.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.
ListConsentRevisions

rpc ListConsentRevisions(ListConsentRevisionsRequest) returns (ListConsentRevisionsResponse)

Lists the revisions of the specified Consent in reverse chronological order.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.
ListConsentStores

rpc ListConsentStores(ListConsentStoresRequest) returns (ListConsentStoresResponse)

Lists the consent stores in the specified dataset.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.
ListConsents

rpc ListConsents(ListConsentsRequest) returns (ListConsentsResponse)

Lists the Consent in the given consent store, returning each Consent's latest revision.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.
ListUserDataMappings

rpc ListUserDataMappings(ListUserDataMappingsRequest) returns (ListUserDataMappingsResponse)

Lists the User data mappings in the specified consent store.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.
QueryAccessibleData

rpc QueryAccessibleData(QueryAccessibleDataRequest) returns (Operation)

Queries all data_ids that are consented for a specified use in the given consent store and writes them to a specified destination.

The returned Operation includes a progress counter for the number of User data mappings processed.

If the request is successful, a detailed response is returned of type QueryAccessibleDataResponse, contained in the [response][google.longrunning.Operation.result.response] field when the operation finishes. The metadata field type is OperationMetadata.

Errors are logged to Cloud Logging (see Viewing error logs in Cloud Logging). For example, the following sample log entry shows a failed to evaluate consent policy error that occurred during a QueryAccessibleData call to consent store projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}.

jsonPayload: {
  @type:
  "type.googleapis.com/google.cloud.healthcare.logging.QueryAccessibleDataLogEntry"
  error: {
    code:  9
    message:  "failed to evaluate consent policy"
  }
  resourceName:
  "projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id}"
}
logName:
"projects/{project_id}/logs/healthcare.googleapis.com%2Fquery_accessible_data"
operation: {
  id:
  "projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/operations/{operation_id}"
  producer:  "healthcare.googleapis.com/QueryAccessibleData"
}
receiveTimestamp:  "TIMESTAMP"
resource: {
  labels: {
    consent_store_id:  "{consent_store_id}"
    dataset_id:  "{dataset_id}"
    location:  "{location_id}"
    project_id:  "{project_id}"
  }
  type:  "healthcare_consent_store"
}
severity:  "ERROR"
timestamp:  "TIMESTAMP"
Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.
RejectConsent

rpc RejectConsent(RejectConsentRequest) returns (Consent)

Rejects the latest revision of the specified Consent by committing a new revision with state updated to REJECTED. If the latest revision of the specified Consent is in the REJECTED state, no new revision is committed. A FAILED_PRECONDITION error occurs if the latest revision of the specified Consent is in the ACTIVE or REVOKED state.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.
RevokeConsent

rpc RevokeConsent(RevokeConsentRequest) returns (Consent)

Revokes the latest revision of the specified Consent by committing a new revision with state updated to REVOKED. If the latest revision of the specified Consent is in the REVOKED state, no new revision is committed. A FAILED_PRECONDITION error occurs if the latest revision of the given consent is in DRAFT or REJECTED state.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.
UpdateAttributeDefinition

rpc UpdateAttributeDefinition(UpdateAttributeDefinitionRequest) returns (AttributeDefinition)

Updates the specified Attribute definition.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.
UpdateConsent

rpc UpdateConsent(UpdateConsentRequest) returns (Consent)

Updates the latest revision of the specified Consent by committing a new revision with the changes. A FAILED_PRECONDITION error occurs if the latest revision of the specified Consent is in the REJECTED or REVOKED state.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.
UpdateConsentStore

rpc UpdateConsentStore(UpdateConsentStoreRequest) returns (ConsentStore)

Updates the specified consent store.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.
UpdateUserDataMapping

rpc UpdateUserDataMapping(UpdateUserDataMappingRequest) returns (UserDataMapping)

Updates the specified User data mapping.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ActivateConsentRequest

Activates the latest revision of the specified Consent by committing a new revision with state updated to ACTIVE. If the latest revision of the given Consent is in the ACTIVE state, no new revision is committed. A FAILED_PRECONDITION error occurs if the latest revision of the given consent is in the REJECTED or REVOKED state.

Fields
name

string

Required. The resource name of the Consent to activate, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id}. An INVALID_ARGUMENT error occurs if revision_id is specified in the name.

Authorization requires the following IAM permission on the specified resource name:

  • healthcare.consents.activate
consent_artifact

string

Required. The resource name of the Consent artifact that contains documentation of the user's consent, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consentArtifacts/{consent_artifact_id}. If the draft Consent had a Consent artifact, this Consent artifact overwrites it.

Authorization requires the following IAM permission on the specified resource consentArtifact:

  • healthcare.consentArtifacts.get
Union field expiration. Optional. Allows setting expiration time for Consents. Expired consents are ignored in access determination methods such as [CheckDataAccess]. This value overrides the expiration duration configured for the consent store. expiration can be only one of the following:
expire_time

Timestamp

Timestamp in UTC of when this Consent is considered expired.
ttl

Duration

The time to live for this Consent from when it is marked as active.

ArchiveUserDataMappingRequest

Archives the specified User data mapping.

Fields
name

string

Required. The resource name of the User data mapping to archive.

Authorization requires the following IAM permission on the specified resource name:

  • healthcare.userDataMappings.archive

ArchiveUserDataMappingResponse

Archives the specified User data mapping.

Attribute

An attribute value for a Consent or User data mapping. Each Attribute must have a corresponding AttributeDefinition in the consent store that defines the default and allowed values.

Fields
attribute_definition_id

string

Indicates the name of an attribute defined in the consent store.
values[]

string

The value of the attribute. Must be an acceptable value as defined in the consent store. For example, if the consent store defines "data type" with acceptable values "questionnaire" and "step-count", when the attribute name is data type, this field must contain one of those values.

AttributeDefinition

A client-defined consent attribute.

Fields
name

string

Resource name of the Attribute definition, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/attributeDefinitions/{attribute_definition_id}. Cannot be changed after creation.
description

string

Optional. A description of the attribute.
category

Category

Required. The category of the attribute. The value of this field cannot be changed after creation.
allowed_values[]

string

Required. Possible values for the attribute. The number of allowed values must not exceed 500. An empty list is invalid. The list can only be expanded after creation.
consent_default_values[]

string

Optional. Default values of the attribute in Consents. If no default values are specified, it defaults to an empty value.
data_mapping_default_value

string

Optional. Default value of the attribute in User data mappings. If no default value is specified, it defaults to an empty value. This field is only applicable to attributes of the category RESOURCE.

Category

The category of the attribute.

Enums
CATEGORY_UNSPECIFIED No category specified. This option is invalid.
RESOURCE Specify this category when this attribute describes the properties of resources. For example, data anonymity or data type.
REQUEST Specify this category when this attribute describes the properties of requests. For example, requester's role or requester's organization.

CheckDataAccessRequest

Checks if a particular data_id of a User data mapping in the given consent store is consented for a given use.

Fields
consent_store

string

Required. Name of the consent store where the requested data_id is stored, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}.

Authorization requires the following IAM permission on the specified resource consentStore:

  • healthcare.consentStores.checkDataAccess
data_id

string

Required. The unique identifier of the resource to check access for. This identifier must correspond to a User data mapping in the given consent store.
request_attributes

map<string, string>

The values of request attributes associated with this access request.
response_view

ResponseView

Optional. The view for CheckDataAccessResponse. If unspecified, defaults to BASIC and returns consented as TRUE or FALSE.
consent_list

ConsentList

Optional. Specific Consents to evaluate the access request against. These Consents must have the same user_id as the evaluated User data mapping, must exist in the current consent_store, and have a state of either ACTIVE or DRAFT. A maximum of 100 Consents can be provided here. If no selection is specified, the access request is evaluated against all ACTIVE unexpired Consents with the same user_id as the evaluated User data mapping.

ResponseView

The supported views for CheckDataAccessResponse.

Enums
RESPONSE_VIEW_UNSPECIFIED No response view specified. The API will default to the BASIC view.
BASIC Only the consented field is populated in CheckDataAccessResponse.
FULL All fields within CheckDataAccessResponse are populated. When set to FULL, all ACTIVE Consents are evaluated even if a matching policy is found during evaluation.

CheckDataAccessResponse

Checks if a particular data_id of a User data mapping in the given consent store is consented for a given use.

Fields
consented

bool

Whether the requested resource is consented for the given use.
consent_details

map<string, ConsentEvaluation>

The resource names of all evaluated Consents mapped to their evaluation.

Represents a user's consent.

Fields
name

string

Resource name of the Consent, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id}. Cannot be changed after creation.
revision_id

string

Output only. The revision ID of the Consent. The format is an 8-character hexadecimal string. Refer to a specific revision of a Consent by appending @{revision_id} to the Consent's resource name.
revision_create_time

Timestamp

Output only. The timestamp that the revision was created.
user_id

string

Required. User's UUID provided by the client.
policies[]

Policy

Optional. Represents a user's consent in terms of the resources that can be accessed and under what conditions.
consent_artifact

string

Required. The resource name of the Consent artifact that contains proof of the end user's consent, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consentArtifacts/{consent_artifact_id}.
state

State

Required. Indicates the current state of this Consent.
metadata

map<string, string>

Optional. User-supplied key-value pairs used to organize Consent resources.

Metadata keys must:

  • be between 1 and 63 characters long
  • have a UTF-8 encoding of maximum 128 bytes
  • begin with a letter
  • consist of up to 63 characters including lowercase letters, numeric characters, underscores, and dashes

Metadata values must be: - be between 1 and 63 characters long - have a UTF-8 encoding of maximum 128 bytes - consist of up to 63 characters including lowercase letters, numeric characters, underscores, and dashes

No more than 64 metadata entries can be associated with a given consent.
Union field expiration. Optional. Allows setting expiration time for Consents. Expired Consents are ignored in access determination methods such as [CheckDataAccess]. This value replaces any default expiration duration configured for the Consent store. expiration can be only one of the following:
expire_time

Timestamp

Timestamp in UTC of when this Consent is considered expired.
ttl

Duration

Input only. The time to live for this Consent from when it is created.

State

The state of the Consent resource.

Enums
STATE_UNSPECIFIED No state specified. Treated as ACTIVE only at the time of resource creation.
ACTIVE The Consent is active and is considered when evaluating a user's consent on resources.
ARCHIVED The archived state is currently not being used.
REVOKED A revoked Consent is not considered when evaluating a user's consent on resources.
DRAFT A draft Consent is not considered when evaluating a user's consent on resources unless explicitly specified.
REJECTED When a draft Consent is rejected by a user, it is set to a rejected state. A rejected Consent is not considered when evaluating a user's consent on resources.

ConsentArtifact

Documentation of a user's consent.

Fields
name

string

Resource name of the Consent artifact, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consentArtifacts/{consent_artifact_id}. Cannot be changed after creation.
user_id

string

Required. User's UUID provided by the client.