REST Resource: projects.locations.datasets.consentStores.consents

Policy

Represents a user's consent in terms of the resources that can be accessed and under what conditions.

JSON representation
{
  "resourceAttributes": [
    {
      object(Attribute)
    }
  ],
  "authorizationRule": {
    object(Expr)
  }
}
Fields
resourceAttributes[]

object(Attribute)

The resources that this policy applies to. A resource is a match if it matches all the attributes listed here. If empty, this policy applies to all User data mappings for the given user.

authorizationRule

object(Expr)

Required. The request conditions to meet to grant access. In addition to any supported comparison operators, authorization rules may have IN operator as well as at most 10 logical operators that are limited to AND(&&), OR(||).

Expr

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec.

Example (Comparison):

title: "Summary size limit"
description: "Determines if a summary is less than 100 chars"
expression: "document.summary.size() < 100"

Example (Equality):

title: "Requestor is owner"
description: "Determines if requestor is the document owner"
expression: "document.owner == request.auth.claims.email"

Example (Logic):

title: "Public documents"
description: "Determine whether the document should be publicly visible"
expression: "document.type != 'private' && document.type != 'internal'"

Example (Data Manipulation):

title: "Notification string"
description: "Create a notification string with a timestamp."
expression: "'New message received at ' + string(document.create_time)"

The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.

JSON representation
{
  "expression": string,
  "title": string,
  "description": string,
  "location": string
}
Fields
expression

string

Textual representation of an expression in Common Expression Language syntax.

title

string

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description

string

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

location

string

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

State

The state of the Consent resource.

Enums
STATE_UNSPECIFIED No state specified. Treated as ACTIVE only at the time of resource creation.
ACTIVE The Consent is active and is considered when evaluating a user's consent on resources.
ARCHIVED The archived state is currently not being used.
REVOKED A revoked Consent is not considered when evaluating a user's consent on resources.
DRAFT A draft Consent is not considered when evaluating a user's consent on resources unless explicitly specified.
REJECTED When a draft Consent is rejected by a user, it is set to a rejected state. A rejected Consent is not considered when evaluating a user's consent on resources.

Methods

activate

Activates the latest revision of the specified Consent by committing a new revision with state updated to ACTIVE.

create

Creates a new Consent in the parent consent store.

delete

Deletes the Consent and its revisions.

deleteRevision

Deletes the specified revision of a Consent.

get

Gets the specified revision of a Consent, or the latest revision if revision_id is not specified in the resource name.

list

Lists the Consent in the given consent store, returning each Consent's latest revision.

listRevisions

Lists the revisions of the specified Consent in reverse chronological order.

patch

Updates the latest revision of the specified Consent by committing a new revision with the changes.

reject

Rejects the latest revision of the specified Consent by committing a new revision with state updated to REJECTED.

revoke

Revokes the latest revision of the specified Consent by committing a new revision with state updated to REVOKED.