使用 IAM 控制访问权限

概览

Cloud Healthcare API 使用身份和访问权限管理 (IAM) 进行访问权限控制。

在 Cloud Healthcare API 中，可以在项目、数据集或数据存储层级配置访问权限控制。例如，您可以向一组开发者授予对项目中所有数据集的访问权限。如需了解如何通过 Cloud Healthcare API 设置和使用 IAM，请参阅控制访问权限和控制对其他产品的访问权限。

如需详细了解 IAM 及其功能，请参阅 IAM 文档。尤其应参阅管理 IAM 政策部分。

Cloud Healthcare API 的每种方法都要求调用方拥有必要的权限。如需了解详情，请参阅权限和角色。

权限

下表列出了与 Cloud Healthcare API 关联的 IAM 权限。表中会显示简短的方法名称；每种方法的全名都以 projects.locations. 开头。

注释存储区方法

注释存储区方法	所需权限
`datasets.annotationStores.create`	父数据集上的 `healthcare.annotationStores.create` 权限。
`datasets.annotationStores.delete`	请求的注解存储区上的 `healthcare.annotationStores.delete` 权限。
`datasets.annotationStores.get`	请求的注解存储区上的 `healthcare.annotationStores.get` 权限。
`datasets.annotationStores.list`	父数据集上的 `healthcare.annotationStores.list` 权限。
`datasets.annotationStores.patch`	请求的注解存储区上的 `healthcare.annotationStores.update` 权限。
`datasets.annotationStores.annotations.create`	父级注解存储区上的 `healthcare.annotations.create` 权限。
`datasets.annotationStores.annotations.delete`	请求的注解记录上的 `healthcare.annotations.delete` 权限。
`datasets.annotationStores.annotations.get`	请求的注解记录上的 `healthcare.annotations.get` 权限。
`datasets.annotationStores.annotations.list`	父级注解存储区上的 `healthcare.annotations.list` 权限。
`datasets.annotationStores.annotations.patch`	请求的注解记录上的 `healthcare.annotations.update` 权限。

许可存储区方法

许可存储区方法	所需权限
`datasets.consentStores.checkDataAccess`	请求的许可存储区的 `healthcare.consentStores.checkDataAccess` 权限。
`datasets.consentStores.create`	父数据集上的 `healthcare.consentStores.create` 权限。
`datasets.consentStores.delete`	请求的许可存储区的 `healthcare.consentStores.delete` 权限。
`datasets.consentStores.evaluateUserConsents`	请求的许可存储区的 `healthcare.consentStores.evaluateUserConsents` 权限。
`datasets.consentStores.get`	请求的许可存储区的 `healthcare.consentStores.get` 权限。
`datasets.consentStores.getIamPolicy`	请求的许可存储区的 `healthcare.consentStores.getIamPolicy` 权限。
`datasets.consentStores.list`	父数据集上的 `healthcare.consentStores.list` 权限。
`datasets.consentStores.patch`	请求的许可存储区的 `healthcare.consentStores.update` 权限。
`datasets.consentStores.queryAccessibleData`	请求的许可存储区的 `healthcare.consentStores.queryAccessibleData` 权限。
`datasets.consentStores.setIamPolicy`	请求的许可存储区的 `healthcare.consentStores.setIamPolicy` 权限。
`datasets.consentStores.attributeDefinitions.create`	父许可存储区的 `healthcare.attributeDefinitions.create` 权限。
`datasets.consentStores.attributeDefinitions.delete`	请求的特性定义资源的 `healthcare.attributeDefinitions.delete` 权限。
`datasets.consentStores.attributeDefinitions.get`	请求的特性定义资源的 `healthcare.attributeDefinitions.get` 权限。
`datasets.consentStores.attributeDefinitions.list`	父许可存储区的 `healthcare.attributeDefinitions.list` 权限。
`datasets.consentStores.attributeDefinitions.patch`	请求的特性定义资源的 `healthcare.attributeDefinitions.update` 权限。
`datasets.consentStores.consentArtifacts.create`	父许可存储区的 `healthcare.consentArtifacts.create` 权限。
`datasets.consentStores.consentArtifacts.delete`	请求的许可工件资源的 `healthcare.consentArtifacts.delete` 权限。
`datasets.consentStores.consentArtifacts.get`	请求的许可工件资源的 `healthcare.consentArtifacts.get` 权限。
`datasets.consentStores.consentArtifacts.list`	父许可存储区的 `healthcare.consentArtifacts.list` 权限。
`datasets.consentStores.consents.create`	父许可存储区的 `healthcare.consents.create` 权限。
`datasets.consentStores.consents.delete`	请求的许可资源的 `healthcare.consents.delete` 权限。
`datasets.consentStores.consents.get`	请求的许可资源的 `healthcare.consents.get` 权限。
`datasets.consentStores.consents.list`	父许可存储区的 `healthcare.consents.list` 权限。
`datasets.consentStores.consents.patch`	请求的许可资源的 `healthcare.consents.update` 权限。
`datasets.consentStores.consents.revoke`	请求的许可资源的 `healthcare.consents.revoke` 权限。
`datasets.consentStores.userDataMappings.archive`	请求的用户数据映射资源的 `healthcare.userDataMappings.archive` 权限。
`datasets.consentStores.userDataMappings.create`	父许可存储区的 `healthcare.userDataMappings.create` 权限。
`datasets.consentStores.userDataMappings.delete`	请求的用户数据映射资源的 `healthcare.userDataMappings.delete` 权限。
`datasets.consentStores.userDataMappings.get`	请求的用户数据映射资源的 `healthcare.userDataMappings.get` 权限。
`datasets.consentStores.userDataMappings.list`	父许可存储区的 `healthcare.userDataMappings.list` 权限。
`datasets.consentStores.userDataMappings.patch`	请求的用户数据映射资源的 `healthcare.userDataMappings.update` 权限。

数据集方法

数据集方法	所需权限
`datasets.create`	父级 Google Cloud 项目上的 `healthcare.datasets.create` 权限。
`datasets.deidentify`	源数据集上的 `healthcare.datasets.deidentify` 权限。包含目标数据集的 Google Cloud 项目上的 `healthcare.datasets.create` 权限。
`datasets.delete`	请求数据集上的 `healthcare.datasets.delete` 权限。
`datasets.get`	请求数据集上的 `healthcare.datasets.get` 权限。
`datasets.getIamPolicy`	请求数据集上的 `healthcare.datasets.getIamPolicy` 权限。
`datasets.list`	父级 Google Cloud 项目上的 `healthcare.datasets.list` 权限。
`datasets.patch`	请求数据集上的 `healthcare.datasets.update` 权限。
`datasets.setIAMPolicy`	请求数据集上的 `healthcare.datasets.setIamPolicy` 权限。

DICOM 存储区方法

DICOM 存储方法	所需权限
`datasets.dicomStores.create`	父数据集上的 `healthcare.dicomStores.create` 权限。
`datasets.dicomStores.deidentify`	源 DICOM 存储区上的 `healthcare.dicomStores.deidentify` 权限。目标 DICOM 存储区上的 `healthcare.dicomStores.dicomWebWrite` 权限。
`datasets.dicomStores.delete`	请求 DICOM 存储区上的 `healthcare.dicomStores.delete` 权限。
`datasets.dicomStores.export`	请求 DICOM 存储区上的 `healthcare.dicomStores.export` 权限。导出到 Cloud Storage 时：将 `roles/storage.objectAdmin` 授予项目的 Cloud Healthcare Service Agent 服务账号。请参阅将数据导出到 Cloud Storage 查看说明。导出到 BigQuery 时：将 `roles/bigquery.dataEditor` 和 `roles/bigquery.jobUser` 授予项目的 Cloud Healthcare Service Agent 服务账号。请参阅 DICOM 存储 BigQuery 权限查看说明。
`datasets.dicomStores.get`	请求 DICOM 存储区上的 `healthcare.dicomStores.get` 权限。
`datasets.dicomStores.getIamPolicy`	请求 DICOM 存储区上的 `healthcare.dicomStores.getIamPolicy` 权限。
`datasets.dicomStores.import`	请求 DICOM 存储区上的 `healthcare.dicomStores.import` 权限。 `roles/storage.objectViewer` 授予项目的 Cloud Healthcare Service Agent 服务账号。请参阅从 Cloud Storage 导入数据查看说明。
`datasets.dicomStores.list`	父数据集上的 `healthcare.dicomStores.list` 权限。
`datasets.dicomStores.patch`	请求 DICOM 存储区上的 `healthcare.dicomStores.update` 权限。
`datasets.dicomStores.searchForInstances`	请求 DICOM 存储区上的 `healthcare.dicomStores.dicomWebRead` 权限。
`datasets.dicomStores.searchForSeries`	请求 DICOM 存储区上的 `healthcare.dicomStores.dicomWebRead` 权限。
`datasets.dicomStores.searchForStudies`	请求 DICOM 存储区上的 `healthcare.dicomStores.dicomWebRead` 权限。
`datasets.dicomStores.setIamPolicy`	请求 DICOM 存储区上的 `healthcare.dicomStores.setIamPolicy` 权限。
`datasets.dicomStores.storeInstances`	请求 DICOM 存储区上的 `healthcare.dicomStores.dicomWebWrite` 权限。
`datasets.dicomStores.studies.delete`	请求 DICOM 存储区上的 `healthcare.dicomStores.dicomWebDelete` 权限。
`datasets.dicomStores.studies.retrieveMetadata`	请求 DICOM 存储区上的 `healthcare.dicomStores.dicomWebRead` 权限。
`datasets.dicomStores.studies.retrieveStudy`	请求 DICOM 存储区上的 `healthcare.dicomStores.dicomWebRead` 权限。
`datasets.dicomStores.studies.searchForInstances`	请求 DICOM 存储区上的 `healthcare.dicomStores.dicomWebRead` 权限。
`datasets.dicomStores.studies.searchForSeries`	请求 DICOM 存储区上的 `healthcare.dicomStores.dicomWebRead` 权限。
`datasets.dicomStores.studies.storeInstances`	请求 DICOM 存储区上的 `healthcare.dicomStores.dicomWebWrite` 权限。
`datasets.dicomStores.studies.series.delete`	请求 DICOM 存储区上的 `healthcare.dicomStores.dicomWebDelete` 权限。
`datasets.dicomStores.studies.series.retrieveMetadata`	请求 DICOM 存储区上的 `healthcare.dicomStores.dicomWebRead` 权限。
`datasets.dicomStores.studies.series.retrieveSeries`	请求 DICOM 存储区上的 `healthcare.dicomStores.dicomWebRead` 权限。
`datasets.dicomStores.studies.series.searchForInstances`	请求 DICOM 存储区上的 `healthcare.dicomStores.dicomWebRead` 权限。
`datasets.dicomStores.studies.series.instances.delete`	请求 DICOM 存储区上的 `healthcare.dicomStores.dicomWebDelete` 权限。
`datasets.dicomStores.studies.series.instances.retrieveInstance`	请求 DICOM 存储区上的 `healthcare.dicomStores.dicomWebRead` 权限。
`datasets.dicomStores.studies.series.instances.retrieveMetadata`	请求 DICOM 存储区上的 `healthcare.dicomStores.dicomWebRead` 权限。
`datasets.dicomStores.studies.series.instances.retrieveRendered`	请求 DICOM 存储区上的 `healthcare.dicomStores.dicomWebRead` 权限。
`datasets.dicomStores.studies.series.instances.frames.retrieveFrames`	请求 DICOM 存储区上的 `healthcare.dicomStores.dicomWebRead` 权限。
`datasets.dicomStores.studies.series.instances.frames.retrieveRendered`	请求 DICOM 存储区上的 `healthcare.dicomStores.dicomWebRead` 权限。

FHIR 存储区方法

FHIR 存储方法	所需权限
`datasets.fhirStores.create`	父数据集上的 `healthcare.fhirStores.create` 权限。
`datasets.fhirStores.deidentify`	源 FHIR 存储区上的 `healthcare.fhirStores.deidentify` 权限。目标 FHIR 存储空间上的 `healthcare.fhirResources.update` 权限。
`datasets.fhirStores.delete`	请求 FHIR 存储区上的 `healthcare.fhirStores.delete` 权限。
`datasets.fhirStores.export`	请求 FHIR 存储区上的 `healthcare.fhirStores.export` 权限。导出到 Cloud Storage 时：将 `storage.objects.create`、`storage.objects.delete` 和 `storage.objects.list` 授予项目的 Cloud Healthcare Service Agent 服务账号。请参阅将 FHIR 资源导出到 Cloud Storage 查看说明。导出到 BigQuery 时：将 `roles/bigquery.dataEditor` 和 `roles/bigquery.jobUser` 授予项目的 Cloud Healthcare Service Agent 服务账号。请参阅 FHIR 存储 BigQuery 权限查看说明。
`datasets.fhirStores.get`	请求 FHIR 存储区上的 `healthcare.fhirStores.get` 权限。
`datasets.fhirStores.getIamPolicy`	请求 FHIR 存储区上的 `healthcare.fhirStores.getIamPolicy` 权限。
`datasets.fhirStores.import`	请求 FHIR 存储区上的 `healthcare.fhirStores.import` 权限。 `storage.objects.get` 和 `storage.objects.list` 授予项目的 Cloud Healthcare Service Agent 服务账号。请参阅从 Cloud Storage 导入 FHIR 资源查看说明。
`datasets.fhirStores.list`	父数据集上的 `healthcare.fhirStores.list` 权限。
`datasets.fhirStores.patch`	请求 FHIR 存储区上的 `healthcare.fhirStores.update` 权限。
`datasets.fhirStores.configureSearch`	请求 FHIR 存储区上的 `healthcare.fhirStores.configureSearch` 权限。
`datasets.fhirStores.setIamPolicy`	请求 FHIR 存储区上的 `healthcare.fhirStores.setIamPolicy` 权限。
`datasets.fhirStores.getFHIRStoreMetrics`	请求 FHIR 存储区上的 `healthcare.fhirStores.get` 权限。
`datasets.fhirStores.fhir.Observation-lastn`	父 FHIR 存储区上的 `healthcare.fhirStores.searchResources` 权限。
`datasets.fhirStores.fhir.Patient-everything`	每个返回资源上的 `healthcare.fhirResources.get` 权限。
`datasets.fhirStores.fhir.Resource-purge`	请求 FHIR 存储区资源上的 `healthcare.fhirResources.purge` 权限。
`datasets.fhirStores.fhir.capabilities`	请求 FHIR 存储区上的 `healthcare.fhirStores.get` 权限。
`datasets.fhirStores.fhir.conditionalDelete`	父 FHIR 存储区上的 `healthcare.fhirStores.searchResources` 权限。请求 FHIR 存储区资源上的 `healthcare.fhirResources.delete` 权限。
`datasets.fhirStores.fhir.conditionalPatch`	父 FHIR 存储区上的 `healthcare.fhirStores.searchResources` 权限。请求 FHIR 存储区资源上的 `healthcare.fhirResources.patch` 权限。
`datasets.fhirStores.fhir.conditionalUpdate`	父 FHIR 存储区上的 `healthcare.fhirStores.searchResources` 权限。请求 FHIR 存储区资源上的 `healthcare.fhirResources.update` 权限。
`datasets.fhirStores.fhir.create`	对于条件创建互动：在父 FHIR 存储区中创建 `healthcare.fhirResources.create` 和 `healthcare.fhirStores.searchResources`。对于创建交互：在父 FHIR 存储区上使用 `healthcare.fhirResources.create`。
`datasets.fhirStores.fhir.delete`	请求 FHIR 存储区资源上的 `healthcare.fhirResources.delete` 权限。
`datasets.fhirStores.fhir.executeBundle`	请求 FHIR 存储区上的 `healthcare.fhirResources.executeBundle` 权限，以及与软件包中的各个操作对应的额外权限（例如 `healthcare.fhirResources.create` 和 `healthcare.fhirResources.update`）。如果 API 调用程序具有 `healthcare.fhirResources.create` 权限，但没有 `healthcare.fhirResources.update` 权限，则调用程序只能执行包含 `healthcare.fhirResources.create` 操作的软件包。
`datasets.fhirStores.fhir.history`	请求 FHIR 存储去资源及其每个版本上的 `healthcare.fhirResources.get` 权限。
`datasets.fhirStores.fhir.patch`	请求 FHIR 存储区资源上的 `healthcare.fhirResources.patch` 权限。
`datasets.fhirStores.fhir.read`	请求 FHIR 存储区资源上的 `healthcare.fhirResources.get` 权限。
`datasets.fhirStores.fhir.search`	父 FHIR 存储区上的 `healthcare.fhirStores.searchResources` 权限。
`datasets.fhirStores.fhir.update`	请求 FHIR 存储区资源上的 `healthcare.fhirResources.update` 权限。
`datasets.fhirStores.fhir.vread`	请求 FHIR 存储区资源版上的 `healthcare.fhirResources.get` 权限。

HL7v2 存储区方法

HL7v2 存储方法	所需权限
`datasets.hl7V2Stores.create`	父数据集上的 `healthcare.hl7V2Stores.create` 权限。
`datasets.hl7V2Stores.delete`	请求 HL7v2 存储区上的 `healthcare.hl7V2Stores.delete` 权限。
`datasets.hl7V2Stores.export`	请求 HL7v2 存储区上的 `healthcare.hl7V2Stores.export` 权限。
`datasets.hl7V2Stores.get`	请求 HL7v2 存储区上的 `healthcare.hl7V2Stores.get` 权限。
`datasets.hl7V2Stores.import`	请求 HL7v2 存储区上的 `healthcare.hl7V2Stores.import` 权限。
`datasets.hl7V2Stores.list`	父数据集上的 `healthcare.hl7V2Stores.list` 权限。
`datasets.hl7V2Stores.patch`	请求 HL7v2 存储区上的 `healthcare.hl7V2Stores.update` 权限。
`datasets.hl7V2Stores.getIamPolicy`	请求 HL7v2 存储区上的 `healthcare.hl7V2Stores.getIamPolicy` 权限。
`datasets.hl7V2Stores.setIamPolicy`	请求 HL7v2 存储区上的 `healthcare.hl7V2Stores.setIamPolicy` 权限。
`datasets.hl7V2Stores.messages.create`	父级 HL7v2 存储区上的 `healthcare.hl7V2Messages.create` 权限。
`datasets.hl7V2Stores.messages.delete`	请求 HL7v2 存储区消息上的 `healthcare.hl7V2Messages.delete` 权限。
`datasets.hl7V2Stores.messages.get`	请求 HL7v2 存储区消息上的 `healthcare.hl7V2Messages.get` 权限。
`datasets.hl7V2Stores.messages.ingest`	请求 HL7v2 存储区消息上的 `healthcare.hl7V2Messages.ingest` 权限。
`datasets.hl7V2Stores.messages.list`	父级 HL7v2 存储区上的 `healthcare.hl7V2Messages.list` 权限。
`datasets.hl7V2Stores.messages.patch`	请求 HL7v2 存储区消息上的 `healthcare.hl7V2Messages.update` 权限。

位置方法

位置方法	所需权限
`locations.get`	针对请求位置的 `healthcare.locations.get` 权限。
`locations.list`	父级 Google Cloud 项目上的 `healthcare.locations.list` 权限。

Healthcare Natural Language API 方法

Healthcare Natural Language API 方法	所需权限
`nlp.analyzeEntities`	`healthcare.nlpservice.analyzeEntities`

操作方法

操作方法	所需权限
`datasets.operations.get`	请求数据集上的 `healthcare.operations.get` 权限。
`datasets.operations.list`	请求数据集上的 `healthcare.operations.list` 权限。
`datasets.operations.cancel`	请求数据集上的 `healthcare.operations.cancel` 权限。

去标识化方法

去标识化方法	所需权限
`services.deidentify.deidentifyDicomInstance`	`healthcare.deidentify.run`
`services.deidentify.deidentifyFhirResource`	`healthcare.deidentify.run`

角色

下表列出了 Cloud Healthcare API IAM 角色，包括与每个角色关联的权限。 roles/owner、roles/editor 和 roles/viewer 角色包含其他 Google Cloud 服务的权限。如需详细了解角色，请参阅了解角色。

注释角色

注释角色权限

注释角色	权限
Healthcare Annotation Administrator (`roles/healthcare.annotationStoreAdmin`) 可以管理注解存储区。	healthcare.annotationStores.* healthcare.annotationStores.create healthcare.annotationStores.delete healthcare.annotationStores.evaluate healthcare.annotationStores.export healthcare.annotationStores.get healthcare.annotationStores.getIamPolicy healthcare.annotationStores.import healthcare.annotationStores.list healthcare.annotationStores.setIamPolicy healthcare.annotationStores.update healthcare.datasets.get healthcare.datasets.list healthcare.locations.* healthcare.locations.get healthcare.locations.list healthcare.operations.get resourcemanager.projects.get resourcemanager.projects.list
Healthcare Annotation Store Viewer (`roles/healthcare.annotationStoreViewer`) 可以列出数据集中的注解存储区。	healthcare.annotationStores.get healthcare.annotationStores.list healthcare.datasets.get healthcare.datasets.list healthcare.locations.* healthcare.locations.get healthcare.locations.list healthcare.operations.get resourcemanager.projects.get resourcemanager.projects.list
Healthcare Annotation Reader (`roles/healthcare.annotationReader`) 可以读取和列出注解存储区中的注解。	healthcare.annotationStores.get healthcare.annotationStores.list healthcare.annotations.get healthcare.annotations.list healthcare.datasets.get healthcare.datasets.list healthcare.locations.* healthcare.locations.get healthcare.locations.list healthcare.operations.get resourcemanager.projects.get resourcemanager.projects.list
Healthcare Annotation Editor (`roles/healthcare.annotationEditor`) 可创建、删除、更新、读取、列出注释。	healthcare.annotationStores.get healthcare.annotationStores.list healthcare.annotations.* healthcare.annotations.create healthcare.annotations.delete healthcare.annotations.get healthcare.annotations.list healthcare.annotations.update healthcare.datasets.get healthcare.datasets.list healthcare.locations.* healthcare.locations.get healthcare.locations.list healthcare.operations.get resourcemanager.projects.get resourcemanager.projects.list

Healthcare Annotation Administrator

(roles/healthcare.annotationStoreAdmin)

可以管理注解存储区。

healthcare.annotationStores.*

healthcare.annotationStores.create
healthcare.annotationStores.delete
healthcare.annotationStores.evaluate
healthcare.annotationStores.export
healthcare.annotationStores.get
healthcare.annotationStores.getIamPolicy
healthcare.annotationStores.import
healthcare.annotationStores.list
healthcare.annotationStores.setIamPolicy
healthcare.annotationStores.update

healthcare.datasets.get

healthcare.datasets.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare Annotation Store Viewer

(roles/healthcare.annotationStoreViewer)

可以列出数据集中的注解存储区。

healthcare.annotationStores.get

healthcare.annotationStores.list

healthcare.datasets.get

healthcare.datasets.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare Annotation Reader

(roles/healthcare.annotationReader)

可以读取和列出注解存储区中的注解。

healthcare.annotationStores.get

healthcare.annotationStores.list

healthcare.annotations.get

healthcare.annotations.list

healthcare.datasets.get

healthcare.datasets.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare Annotation Editor

(roles/healthcare.annotationEditor)

可创建、删除、更新、读取、列出注释。

healthcare.annotationStores.get

healthcare.annotationStores.list

healthcare.annotations.*

healthcare.annotations.create
healthcare.annotations.delete
healthcare.annotations.get
healthcare.annotations.list
healthcare.annotations.update

healthcare.datasets.get

healthcare.datasets.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

许可存储区角色

许可存储区角色权限

许可存储区角色	权限
Healthcare Consent Store Viewer (`roles/healthcare.consentStoreViewer`) 可以列出数据集中的许可存储区。	healthcare.consentStores.checkDataAccess healthcare.consentStores.evaluateUserConsents healthcare.consentStores.get healthcare.consentStores.list healthcare.consentStores.queryAccessibleData healthcare.datasets.get healthcare.datasets.list healthcare.locations.* healthcare.locations.get healthcare.locations.list healthcare.operations.get resourcemanager.projects.get resourcemanager.projects.list
Healthcare Consent Store Administrator (`roles/healthcare.consentStoreAdmin`) 可以管理许可存储区。	healthcare.consentStores.* healthcare.consentStores.checkDataAccess healthcare.consentStores.create healthcare.consentStores.delete healthcare.consentStores.evaluateUserConsents healthcare.consentStores.get healthcare.consentStores.getIamPolicy healthcare.consentStores.list healthcare.consentStores.queryAccessibleData healthcare.consentStores.setIamPolicy healthcare.consentStores.update healthcare.datasets.get healthcare.datasets.list healthcare.locations.* healthcare.locations.get healthcare.locations.list healthcare.operations.get resourcemanager.projects.get resourcemanager.projects.list

Healthcare Consent Store Viewer

(roles/healthcare.consentStoreViewer)

可以列出数据集中的许可存储区。

healthcare.consentStores.checkDataAccess

healthcare.consentStores.evaluateUserConsents

healthcare.consentStores.get

healthcare.consentStores.list

healthcare.consentStores.queryAccessibleData

healthcare.datasets.get

healthcare.datasets.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare Consent Store Administrator

(roles/healthcare.consentStoreAdmin)

可以管理许可存储区。

healthcare.consentStores.*

healthcare.consentStores.checkDataAccess
healthcare.consentStores.create
healthcare.consentStores.delete
healthcare.consentStores.evaluateUserConsents
healthcare.consentStores.get
healthcare.consentStores.getIamPolicy
healthcare.consentStores.list
healthcare.consentStores.queryAccessibleData
healthcare.consentStores.setIamPolicy
healthcare.consentStores.update

healthcare.datasets.get

healthcare.datasets.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

许可角色

许可角色权限

许可角色	权限
Healthcare Attribute Definition Reader (`roles/healthcare.attributeDefinitionReader`) 可以读取许可存储区中的 AttributeDefinition 对象。	healthcare.attributeDefinitions.get healthcare.attributeDefinitions.list healthcare.consentStores.checkDataAccess healthcare.consentStores.evaluateUserConsents healthcare.consentStores.get healthcare.consentStores.list healthcare.consentStores.queryAccessibleData healthcare.datasets.get healthcare.datasets.list healthcare.locations.* healthcare.locations.get healthcare.locations.list healthcare.operations.get resourcemanager.projects.get resourcemanager.projects.list
Healthcare Attribute Definition Editor (`roles/healthcare.attributeDefinitionEditor`) 可以修改 AttributeDefinition 对象。	healthcare.attributeDefinitions.* healthcare.attributeDefinitions.create healthcare.attributeDefinitions.delete healthcare.attributeDefinitions.get healthcare.attributeDefinitions.list healthcare.attributeDefinitions.update healthcare.consentStores.checkDataAccess healthcare.consentStores.evaluateUserConsents healthcare.consentStores.get healthcare.consentStores.list healthcare.consentStores.queryAccessibleData healthcare.datasets.get healthcare.datasets.list healthcare.locations.* healthcare.locations.get healthcare.locations.list healthcare.operations.get resourcemanager.projects.get resourcemanager.projects.list
Healthcare Consent Artifact Reader (`roles/healthcare.consentArtifactReader`) 可以读取许可存储区中的 ConsentArtifact 对象。	healthcare.consentArtifacts.get healthcare.consentArtifacts.list healthcare.consentStores.checkDataAccess healthcare.consentStores.evaluateUserConsents healthcare.consentStores.get healthcare.consentStores.list healthcare.consentStores.queryAccessibleData healthcare.datasets.get healthcare.datasets.list healthcare.locations.* healthcare.locations.get healthcare.locations.list healthcare.operations.get resourcemanager.projects.get resourcemanager.projects.list
Healthcare Consent Artifact Editor (`roles/healthcare.consentArtifactEditor`) 可以修改 ConsentArtifact 对象。	healthcare.consentArtifacts.create healthcare.consentArtifacts.get healthcare.consentArtifacts.list healthcare.consentStores.checkDataAccess healthcare.consentStores.evaluateUserConsents healthcare.consentStores.get healthcare.consentStores.list healthcare.consentStores.queryAccessibleData healthcare.datasets.get healthcare.datasets.list healthcare.locations.* healthcare.locations.get healthcare.locations.list healthcare.operations.get resourcemanager.projects.get resourcemanager.projects.list
Healthcare Consent Artifact Administrator (`roles/healthcare.consentArtifactAdmin`) 可以管理 ConsentArtifact 对象。	healthcare.consentArtifacts.* healthcare.consentArtifacts.create healthcare.consentArtifacts.delete healthcare.consentArtifacts.get healthcare.consentArtifacts.list healthcare.consentStores.checkDataAccess healthcare.consentStores.evaluateUserConsents healthcare.consentStores.get healthcare.consentStores.list healthcare.consentStores.queryAccessibleData healthcare.datasets.get healthcare.datasets.list healthcare.locations.* healthcare.locations.get healthcare.locations.list healthcare.operations.get resourcemanager.projects.get resourcemanager.projects.list
Healthcare Consent Reader (`roles/healthcare.consentReader`) 拥有对许可存储区中 Consent 对象的读取权限。	healthcare.consentStores.checkDataAccess healthcare.consentStores.evaluateUserConsents healthcare.consentStores.get healthcare.consentStores.list healthcare.consentStores.queryAccessibleData healthcare.consents.get healthcare.consents.list healthcare.datasets.get healthcare.datasets.list healthcare.locations.* healthcare.locations.get healthcare.locations.list healthcare.operations.get resourcemanager.projects.get resourcemanager.projects.list
Healthcare Consent Editor (`roles/healthcare.consentEditor`) 修改 Consent 对象。	healthcare.consentStores.checkDataAccess healthcare.consentStores.evaluateUserConsents healthcare.consentStores.get healthcare.consentStores.list healthcare.consentStores.queryAccessibleData healthcare.consents.* healthcare.consents.activate healthcare.consents.create healthcare.consents.delete healthcare.consents.get healthcare.consents.list healthcare.consents.reject healthcare.consents.revoke healthcare.consents.update healthcare.datasets.get healthcare.datasets.list healthcare.locations.* healthcare.locations.get healthcare.locations.list healthcare.operations.get resourcemanager.projects.get resourcemanager.projects.list
Healthcare User Data Mapping Reader (`roles/healthcare.userDataMappingReader`) 可以读取许可存储区中的 UserDataMapping 对象。	healthcare.consentStores.checkDataAccess healthcare.consentStores.evaluateUserConsents healthcare.consentStores.get healthcare.consentStores.list healthcare.consentStores.queryAccessibleData healthcare.datasets.get healthcare.datasets.list healthcare.locations.* healthcare.locations.get healthcare.locations.list healthcare.operations.get healthcare.userDataMappings.get healthcare.userDataMappings.list resourcemanager.projects.get resourcemanager.projects.list
Healthcare User Data Mapping Editor (`roles/healthcare.userDataMappingEditor`) 可以修改 UserDataMapping 对象。	healthcare.consentStores.checkDataAccess healthcare.consentStores.evaluateUserConsents healthcare.consentStores.get healthcare.consentStores.list healthcare.consentStores.queryAccessibleData healthcare.datasets.get healthcare.datasets.list healthcare.locations.* healthcare.locations.get healthcare.locations.list healthcare.operations.get healthcare.userDataMappings.* healthcare.userDataMappings.archive healthcare.userDataMappings.create healthcare.userDataMappings.delete healthcare.userDataMappings.get healthcare.userDataMappings.list healthcare.userDataMappings.update resourcemanager.projects.get resourcemanager.projects.list

Healthcare Attribute Definition Reader

(roles/healthcare.attributeDefinitionReader)

可以读取许可存储区中的 AttributeDefinition 对象。

healthcare.attributeDefinitions.get

healthcare.attributeDefinitions.list

healthcare.consentStores.checkDataAccess

healthcare.consentStores.evaluateUserConsents

healthcare.consentStores.get

healthcare.consentStores.list

healthcare.consentStores.queryAccessibleData

healthcare.datasets.get

healthcare.datasets.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare Attribute Definition Editor

(roles/healthcare.attributeDefinitionEditor)

可以修改 AttributeDefinition 对象。

healthcare.attributeDefinitions.*

healthcare.attributeDefinitions.create
healthcare.attributeDefinitions.delete
healthcare.attributeDefinitions.get
healthcare.attributeDefinitions.list
healthcare.attributeDefinitions.update

healthcare.consentStores.checkDataAccess

healthcare.consentStores.evaluateUserConsents

healthcare.consentStores.get

healthcare.consentStores.list

healthcare.consentStores.queryAccessibleData

healthcare.datasets.get

healthcare.datasets.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare Consent Artifact Reader

(roles/healthcare.consentArtifactReader)

可以读取许可存储区中的 ConsentArtifact 对象。

healthcare.consentArtifacts.get

healthcare.consentArtifacts.list

healthcare.consentStores.checkDataAccess

healthcare.consentStores.evaluateUserConsents

healthcare.consentStores.get

healthcare.consentStores.list

healthcare.consentStores.queryAccessibleData

healthcare.datasets.get

healthcare.datasets.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare Consent Artifact Editor

(roles/healthcare.consentArtifactEditor)

可以修改 ConsentArtifact 对象。

healthcare.consentArtifacts.create

healthcare.consentArtifacts.get

healthcare.consentArtifacts.list

healthcare.consentStores.checkDataAccess

healthcare.consentStores.evaluateUserConsents

healthcare.consentStores.get

healthcare.consentStores.list

healthcare.consentStores.queryAccessibleData

healthcare.datasets.get

healthcare.datasets.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare Consent Artifact Administrator

(roles/healthcare.consentArtifactAdmin)

可以管理 ConsentArtifact 对象。

healthcare.consentArtifacts.*

healthcare.consentArtifacts.create
healthcare.consentArtifacts.delete
healthcare.consentArtifacts.get
healthcare.consentArtifacts.list

healthcare.consentStores.checkDataAccess

healthcare.consentStores.evaluateUserConsents

healthcare.consentStores.get

healthcare.consentStores.list

healthcare.consentStores.queryAccessibleData

healthcare.datasets.get

healthcare.datasets.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare Consent Reader

(roles/healthcare.consentReader)

拥有对许可存储区中 Consent 对象的读取权限。

healthcare.consentStores.checkDataAccess

healthcare.consentStores.evaluateUserConsents

healthcare.consentStores.get

healthcare.consentStores.list

healthcare.consentStores.queryAccessibleData

healthcare.consents.get

healthcare.consents.list

healthcare.datasets.get

healthcare.datasets.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare Consent Editor

(roles/healthcare.consentEditor)

修改 Consent 对象。

healthcare.consentStores.checkDataAccess

healthcare.consentStores.evaluateUserConsents

healthcare.consentStores.get

healthcare.consentStores.list

healthcare.consentStores.queryAccessibleData

healthcare.consents.*

healthcare.consents.activate
healthcare.consents.create
healthcare.consents.delete
healthcare.consents.get
healthcare.consents.list
healthcare.consents.reject
healthcare.consents.revoke
healthcare.consents.update

healthcare.datasets.get

healthcare.datasets.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare User Data Mapping Reader

(roles/healthcare.userDataMappingReader)

可以读取许可存储区中的 UserDataMapping 对象。

healthcare.consentStores.checkDataAccess

healthcare.consentStores.evaluateUserConsents

healthcare.consentStores.get

healthcare.consentStores.list

healthcare.consentStores.queryAccessibleData

healthcare.datasets.get

healthcare.datasets.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.get

healthcare.userDataMappings.get

healthcare.userDataMappings.list

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare User Data Mapping Editor

(roles/healthcare.userDataMappingEditor)

可以修改 UserDataMapping 对象。

healthcare.consentStores.checkDataAccess

healthcare.consentStores.evaluateUserConsents

healthcare.consentStores.get

healthcare.consentStores.list

healthcare.consentStores.queryAccessibleData

healthcare.datasets.get

healthcare.datasets.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.get

healthcare.userDataMappings.*

healthcare.userDataMappings.archive
healthcare.userDataMappings.create
healthcare.userDataMappings.delete
healthcare.userDataMappings.get
healthcare.userDataMappings.list
healthcare.userDataMappings.update

resourcemanager.projects.get

resourcemanager.projects.list

数据集角色

数据集角色权限

数据集角色	权限
Healthcare Dataset Viewer (`roles/healthcare.datasetViewer`) 列出项目中的医疗保健数据集。	healthcare.datasets.get healthcare.datasets.list healthcare.locations.* healthcare.locations.get healthcare.locations.list healthcare.operations.get resourcemanager.projects.get resourcemanager.projects.list
Healthcare Dataset Administrator (`roles/healthcare.datasetAdmin`) 可以管理医疗保健数据集。	healthcare.datasets.* healthcare.datasets.create healthcare.datasets.deidentify healthcare.datasets.delete healthcare.datasets.get healthcare.datasets.getIamPolicy healthcare.datasets.list healthcare.datasets.setIamPolicy healthcare.datasets.update healthcare.locations.* healthcare.locations.get healthcare.locations.list healthcare.operations.* healthcare.operations.cancel healthcare.operations.get healthcare.operations.list resourcemanager.projects.get resourcemanager.projects.list

Healthcare Dataset Viewer

(roles/healthcare.datasetViewer)

列出项目中的医疗保健数据集。

healthcare.datasets.get

healthcare.datasets.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare Dataset Administrator

(roles/healthcare.datasetAdmin)

可以管理医疗保健数据集。

healthcare.datasets.*

healthcare.datasets.create
healthcare.datasets.deidentify
healthcare.datasets.delete
healthcare.datasets.get
healthcare.datasets.getIamPolicy
healthcare.datasets.list
healthcare.datasets.setIamPolicy
healthcare.datasets.update

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.*

healthcare.operations.cancel
healthcare.operations.get
healthcare.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

DICOM 存储区角色

DICOM 存储区角色权限

DICOM 存储区角色	权限
Healthcare DICOM Store Viewer (`roles/healthcare.dicomStoreViewer`) 可以列出数据集中的 DICOM 存储区。	healthcare.datasets.get healthcare.datasets.list healthcare.dicomStores.get healthcare.dicomStores.list healthcare.locations.* healthcare.locations.get healthcare.locations.list healthcare.operations.get resourcemanager.projects.get resourcemanager.projects.list
Healthcare DICOM Store Administrator (`roles/healthcare.dicomStoreAdmin`) 可以管理 DICOM 存储区。	healthcare.datasets.get healthcare.datasets.list healthcare.dicomStores.create healthcare.dicomStores.deidentify healthcare.dicomStores.delete healthcare.dicomStores.dicomWebDelete healthcare.dicomStores.get healthcare.dicomStores.getIamPolicy healthcare.dicomStores.list healthcare.dicomStores.setIamPolicy healthcare.dicomStores.update healthcare.locations.* healthcare.locations.get healthcare.locations.list healthcare.operations.cancel healthcare.operations.get resourcemanager.projects.get resourcemanager.projects.list
Healthcare DICOM Viewer (`roles/healthcare.dicomViewer`) 从 DICOM 存储区检索 DICOM 图片。	healthcare.datasets.get healthcare.datasets.list healthcare.dicomStores.dicomWebRead healthcare.dicomStores.export healthcare.dicomStores.get healthcare.dicomStores.list healthcare.locations.* healthcare.locations.get healthcare.locations.list healthcare.operations.get resourcemanager.projects.get resourcemanager.projects.list
Healthcare DICOM Editor (`roles/healthcare.dicomEditor`) 可逐个及批量修改 DICOM 映像。	healthcare.datasets.get healthcare.datasets.list healthcare.dicomStores.dicomWebDelete healthcare.dicomStores.dicomWebRead healthcare.dicomStores.dicomWebWrite healthcare.dicomStores.export healthcare.dicomStores.get healthcare.dicomStores.import healthcare.dicomStores.list healthcare.locations.* healthcare.locations.get healthcare.locations.list healthcare.operations.cancel healthcare.operations.get resourcemanager.projects.get resourcemanager.projects.list

Healthcare DICOM Store Viewer

(roles/healthcare.dicomStoreViewer)

可以列出数据集中的 DICOM 存储区。

healthcare.datasets.get

healthcare.datasets.list

healthcare.dicomStores.get

healthcare.dicomStores.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare DICOM Store Administrator

(roles/healthcare.dicomStoreAdmin)

可以管理 DICOM 存储区。

healthcare.datasets.get

healthcare.datasets.list

healthcare.dicomStores.create

healthcare.dicomStores.deidentify

healthcare.dicomStores.delete

healthcare.dicomStores.dicomWebDelete

healthcare.dicomStores.get

healthcare.dicomStores.getIamPolicy

healthcare.dicomStores.list

healthcare.dicomStores.setIamPolicy

healthcare.dicomStores.update

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.cancel

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare DICOM Viewer

(roles/healthcare.dicomViewer)

从 DICOM 存储区检索 DICOM 图片。

healthcare.datasets.get

healthcare.datasets.list

healthcare.dicomStores.dicomWebRead

healthcare.dicomStores.export

healthcare.dicomStores.get

healthcare.dicomStores.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare DICOM Editor

(roles/healthcare.dicomEditor)

可逐个及批量修改 DICOM 映像。

healthcare.datasets.get

healthcare.datasets.list

healthcare.dicomStores.dicomWebDelete

healthcare.dicomStores.dicomWebRead

healthcare.dicomStores.dicomWebWrite

healthcare.dicomStores.export

healthcare.dicomStores.get

healthcare.dicomStores.import

healthcare.dicomStores.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.cancel

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

FHIR 存储区角色

FHIR 存储区角色权限

FHIR 存储区角色	权限
Healthcare FHIR Store Viewer (`roles/healthcare.fhirStoreViewer`) 可以列出数据集中的 FHIR 存储区。	healthcare.datasets.get healthcare.datasets.list healthcare.fhirStores.get healthcare.fhirStores.list healthcare.locations.* healthcare.locations.get healthcare.locations.list healthcare.operations.get resourcemanager.projects.get resourcemanager.projects.list
Healthcare FHIR Store Administrator (`roles/healthcare.fhirStoreAdmin`) 可以管理 FHIR 资源存储区。	healthcare.datasets.get healthcare.datasets.list healthcare.fhirResources.purge healthcare.fhirStores.applyConsents healthcare.fhirStores.configureSearch healthcare.fhirStores.create healthcare.fhirStores.deidentify healthcare.fhirStores.delete healthcare.fhirStores.export healthcare.fhirStores.get healthcare.fhirStores.getIamPolicy healthcare.fhirStores.import healthcare.fhirStores.list healthcare.fhirStores.rollback healthcare.fhirStores.setIamPolicy healthcare.fhirStores.update healthcare.locations.* healthcare.locations.get healthcare.locations.list healthcare.operations.cancel healthcare.operations.get resourcemanager.projects.get resourcemanager.projects.list
Healthcare FHIR Resource Reader (`roles/healthcare.fhirResourceReader`) 可以读取和搜索 FHIR 资源。	healthcare.datasets.get healthcare.datasets.list healthcare.fhirResources.get healthcare.fhirResources.translateConceptMap healthcare.fhirStores.executeBundle healthcare.fhirStores.get healthcare.fhirStores.list healthcare.fhirStores.searchResources healthcare.locations.* healthcare.locations.get healthcare.locations.list healthcare.operations.get resourcemanager.projects.get resourcemanager.projects.list
Healthcare FHIR Resource Editor (`roles/healthcare.fhirResourceEditor`) 创建、删除、更新、读取和搜索 FHIR 资源。	healthcare.datasets.get healthcare.datasets.list healthcare.fhirResources.create healthcare.fhirResources.delete healthcare.fhirResources.get healthcare.fhirResources.patch healthcare.fhirResources.translateConceptMap healthcare.fhirResources.update healthcare.fhirStores.executeBundle healthcare.fhirStores.get healthcare.fhirStores.list healthcare.fhirStores.searchResources healthcare.locations.* healthcare.locations.get healthcare.locations.list healthcare.operations.cancel healthcare.operations.get resourcemanager.projects.get resourcemanager.projects.list

Healthcare FHIR Store Viewer

(roles/healthcare.fhirStoreViewer)

可以列出数据集中的 FHIR 存储区。

healthcare.datasets.get

healthcare.datasets.list

healthcare.fhirStores.get

healthcare.fhirStores.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare FHIR Store Administrator

(roles/healthcare.fhirStoreAdmin)

可以管理 FHIR 资源存储区。

healthcare.datasets.get

healthcare.datasets.list

healthcare.fhirResources.purge

healthcare.fhirStores.applyConsents

healthcare.fhirStores.configureSearch

healthcare.fhirStores.create

healthcare.fhirStores.deidentify

healthcare.fhirStores.delete

healthcare.fhirStores.export

healthcare.fhirStores.get

healthcare.fhirStores.getIamPolicy

healthcare.fhirStores.import

healthcare.fhirStores.list

healthcare.fhirStores.rollback

healthcare.fhirStores.setIamPolicy

healthcare.fhirStores.update

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.cancel

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare FHIR Resource Reader

(roles/healthcare.fhirResourceReader)

可以读取和搜索 FHIR 资源。

healthcare.datasets.get

healthcare.datasets.list

healthcare.fhirResources.get

healthcare.fhirResources.translateConceptMap

healthcare.fhirStores.executeBundle

healthcare.fhirStores.get

healthcare.fhirStores.list

healthcare.fhirStores.searchResources

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare FHIR Resource Editor

(roles/healthcare.fhirResourceEditor)

创建、删除、更新、读取和搜索 FHIR 资源。

healthcare.datasets.get

healthcare.datasets.list

healthcare.fhirResources.create

healthcare.fhirResources.delete

healthcare.fhirResources.get

healthcare.fhirResources.patch

healthcare.fhirResources.translateConceptMap

healthcare.fhirResources.update

healthcare.fhirStores.executeBundle

healthcare.fhirStores.get

healthcare.fhirStores.list

healthcare.fhirStores.searchResources

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.cancel

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

HL7v2 存储区角色

HL7v2 存储区角色权限

HL7v2 存储区角色	权限
Healthcare HL7v2 Store Viewer (`roles/healthcare.hl7V2StoreViewer`) 可以查看数据集中的 HL7v2 存储区。	healthcare.datasets.get healthcare.datasets.list healthcare.hl7V2Stores.get healthcare.hl7V2Stores.list healthcare.locations.* healthcare.locations.get healthcare.locations.list healthcare.operations.get resourcemanager.projects.get resourcemanager.projects.list
Healthcare HL7v2 Store Administrator (`roles/healthcare.hl7V2StoreAdmin`) 可以管理 HL7v2 存储区。	healthcare.datasets.get healthcare.datasets.list healthcare.hl7V2Stores.* healthcare.hl7V2Stores.create healthcare.hl7V2Stores.delete healthcare.hl7V2Stores.get healthcare.hl7V2Stores.getIamPolicy healthcare.hl7V2Stores.import healthcare.hl7V2Stores.list healthcare.hl7V2Stores.setIamPolicy healthcare.hl7V2Stores.update healthcare.locations.* healthcare.locations.get healthcare.locations.list healthcare.operations.cancel healthcare.operations.get resourcemanager.projects.get resourcemanager.projects.list
Healthcare HL7v2 Message Ingest (`roles/healthcare.hl7V2Ingest`) 可提取从来源网络接收到的 HL7v2 消息。	healthcare.datasets.get healthcare.datasets.list healthcare.hl7V2Messages.ingest healthcare.hl7V2Stores.get healthcare.hl7V2Stores.list healthcare.locations.* healthcare.locations.get healthcare.locations.list healthcare.operations.get resourcemanager.projects.get resourcemanager.projects.list
Healthcare HL7v2 Message Consumer (`roles/healthcare.hl7V2Consumer`) 可列出和读取 HL7v2 消息，更新消息标签，以及发布新消息。	healthcare.datasets.get healthcare.datasets.list healthcare.hl7V2Messages.create healthcare.hl7V2Messages.get healthcare.hl7V2Messages.list healthcare.hl7V2Messages.update healthcare.hl7V2Stores.get healthcare.hl7V2Stores.list healthcare.locations.* healthcare.locations.get healthcare.locations.list healthcare.operations.get resourcemanager.projects.get resourcemanager.projects.list
Healthcare HL7v2 Message Editor (`roles/healthcare.hl7V2Editor`) 拥有对 HL7v2 消息的读取、写入和删除权限。	healthcare.datasets.get healthcare.datasets.list healthcare.hl7V2Messages.* healthcare.hl7V2Messages.create healthcare.hl7V2Messages.delete healthcare.hl7V2Messages.get healthcare.hl7V2Messages.ingest healthcare.hl7V2Messages.list healthcare.hl7V2Messages.update healthcare.hl7V2Stores.get healthcare.hl7V2Stores.list healthcare.locations.* healthcare.locations.get healthcare.locations.list healthcare.operations.cancel healthcare.operations.get resourcemanager.projects.get resourcemanager.projects.list

Healthcare HL7v2 Store Viewer

(roles/healthcare.hl7V2StoreViewer)

可以查看数据集中的 HL7v2 存储区。

healthcare.datasets.get

healthcare.datasets.list

healthcare.hl7V2Stores.get

healthcare.hl7V2Stores.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare HL7v2 Store Administrator

(roles/healthcare.hl7V2StoreAdmin)

可以管理 HL7v2 存储区。

healthcare.datasets.get

healthcare.datasets.list

healthcare.hl7V2Stores.*

healthcare.hl7V2Stores.create
healthcare.hl7V2Stores.delete
healthcare.hl7V2Stores.get
healthcare.hl7V2Stores.getIamPolicy
healthcare.hl7V2Stores.import
healthcare.hl7V2Stores.list
healthcare.hl7V2Stores.setIamPolicy
healthcare.hl7V2Stores.update

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.cancel

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare HL7v2 Message Ingest

(roles/healthcare.hl7V2Ingest)

可提取从来源网络接收到的 HL7v2 消息。

healthcare.datasets.get

healthcare.datasets.list

healthcare.hl7V2Messages.ingest

healthcare.hl7V2Stores.get

healthcare.hl7V2Stores.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare HL7v2 Message Consumer

(roles/healthcare.hl7V2Consumer)

可列出和读取 HL7v2 消息，更新消息标签，以及发布新消息。

healthcare.datasets.get

healthcare.datasets.list

healthcare.hl7V2Messages.create

healthcare.hl7V2Messages.get

healthcare.hl7V2Messages.list

healthcare.hl7V2Messages.update

healthcare.hl7V2Stores.get

healthcare.hl7V2Stores.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare HL7v2 Message Editor

(roles/healthcare.hl7V2Editor)

拥有对 HL7v2 消息的读取、写入和删除权限。

healthcare.datasets.get

healthcare.datasets.list

healthcare.hl7V2Messages.*

healthcare.hl7V2Messages.create
healthcare.hl7V2Messages.delete
healthcare.hl7V2Messages.get
healthcare.hl7V2Messages.ingest
healthcare.hl7V2Messages.list
healthcare.hl7V2Messages.update

healthcare.hl7V2Stores.get

healthcare.hl7V2Stores.list

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.operations.cancel

healthcare.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Healthcare Natural Language API 角色

Healthcare Natural Language API 角色权限

Healthcare Natural Language API 角色	权限
Healthcare NLP Service Viewer ^{Beta 版} (`roles/healthcare.nlpServiceViewer`) 从给定文字中提取和分析医疗实体。	healthcare.locations.* healthcare.locations.get healthcare.locations.list healthcare.nlpservice.analyzeEntities resourcemanager.projects.get resourcemanager.projects.list

Healthcare NLP Service Viewer ^{Beta 版}

(roles/healthcare.nlpServiceViewer)

从给定文字中提取和分析医疗实体。

healthcare.locations.*

healthcare.locations.get
healthcare.locations.list

healthcare.nlpservice.analyzeEntities

resourcemanager.projects.get

resourcemanager.projects.list

Cloud Healthcare Service Agent

Cloud Healthcare Service Agent 是项目中的一个共享服务账号，供 Cloud Healthcare API 用于与 Google Cloud 中的其他资源进行交互。

例如，此服务代理用于读写 Cloud Storage 存储分区、写入 BigQuery 以及从 Cloud Healthcare API 将消息发布到 Pub/Sub。

如需执行上述任何操作，您必须向 Cloud Healthcare Service Agent 授予对相关 Cloud Storage 存储桶、BigQuery 数据集或 Pub/Sub 主题的访问权限。

为项目创建权限模型时，请记住，授予下列任意角色将允许用户调用作为 Cloud Healthcare Service Agent 运行且有权访问该代理有权访问的任何数据的操作：

roles/healthcare.consentStoreAdmin
roles/healthcare.consentStoreViewer
roles/healthcare.dicomStoreEditor
roles/healthcare.dicomStoreViewer
roles/healthcare.fhirStoreAdmin
roles/healthcare.hl7V2StoreAdmin

同样，为自定义角色分配以下权限也将允许用户调用将作为 Cloud Healthcare Service Agent 运行的操作：

healthcare.consentStores.queryAccessibleData
healthcare.dicomStores.create
healthcare.dicomStores.update
healthcare.dicomStores.import
healthcare.dicomStores.export
healthcare.fhirStores.create
healthcare.fhirStores.update
healthcare.fhirStores.import
healthcare.fhirStores.export
healthcare.hl7V2Stores.create
healthcare.hl7V2Stores.update

例如：

如果用户具有任何导入权限，而操作会访问 Cloud Healthcare Service Agent 拥有读取访问权限的任何 Cloud Storage 存储分区，那么该用户可运行充当 Cloud Healthcare Service Agent 的这些操作。
如果用户具有任何导出权限，而操作会访问服务代理拥有读取访问权限的任何存储桶，那么该用户可运行充当 Cloud Healthcare Service Agent 的这些操作。
具有创建或更新数据存储区权限的用户可以配置 Cloud Healthcare Service Agent 在数据存储区发生更改时发送的 Pub/Sub 通知目标或 BigQuery 流式传输目标。

最佳做法是，利用多个项目进一步隔离授予Cloud Healthcare Service Agent 的权限。

使用 IAM 控制访问权限

概览

权限

注释存储区方法

许可存储区方法

数据集方法

DICOM 存储区方法

FHIR 存储区方法

HL7v2 存储区方法

位置方法

Healthcare Natural Language API 方法

操作方法

去标识化方法

角色

注释角色

Healthcare Annotation Administrator

Healthcare Annotation Store Viewer

Healthcare Annotation Reader

Healthcare Annotation Editor

许可存储区角色

Healthcare Consent Store Viewer

Healthcare Consent Store Administrator

许可角色

Healthcare Attribute Definition Reader

Healthcare Attribute Definition Editor

Healthcare Consent Artifact Reader

Healthcare Consent Artifact Editor

Healthcare Consent Artifact Administrator

Healthcare Consent Reader

Healthcare Consent Editor

Healthcare User Data Mapping Reader

Healthcare User Data Mapping Editor

数据集角色

Healthcare Dataset Viewer

Healthcare Dataset Administrator

DICOM 存储区角色

Healthcare DICOM Store Viewer

Healthcare DICOM Store Administrator

Healthcare DICOM Viewer

Healthcare DICOM Editor

FHIR 存储区角色

Healthcare FHIR Store Viewer

Healthcare FHIR Store Administrator

Healthcare FHIR Resource Reader

Healthcare FHIR Resource Editor

HL7v2 存储区角色

Healthcare HL7v2 Store Viewer

Healthcare HL7v2 Store Administrator

Healthcare HL7v2 Message Ingest

Healthcare HL7v2 Message Consumer

Healthcare HL7v2 Message Editor

Healthcare Natural Language API 角色

Healthcare NLP Service Viewer Beta 版

Cloud Healthcare Service Agent

Healthcare NLP Service Viewer ^{Beta 版}