Package google.cloud.healthcare.v1beta1.consent

Index

ConsentService

A service for managing end users consents.

ActivateConsent

rpc ActivateConsent(ActivateConsentRequest) returns (Consent)

Activates the latest revision of the specified Consent by committing a new revision with state updated to ACTIVE. If the latest revision of the given consent is in the ACTIVE state, no new revision is committed. A google.rpc.Code.FAILED_PRECONDITION error occurs if the latest revision of the given consent is in the REJECTED or REVOKED state.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ArchiveUserDataMapping

rpc ArchiveUserDataMapping(ArchiveUserDataMappingRequest) returns (ArchiveUserDataMappingResponse)

Archives the specified User data mapping.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

CheckDataAccess

rpc CheckDataAccess(CheckDataAccessRequest) returns (CheckDataAccessResponse)

Checks if a particular data_id of a User data mapping in the given Consent store is consented for a given use.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

CreateAttributeDefinition

rpc CreateAttributeDefinition(CreateAttributeDefinitionRequest) returns (AttributeDefinition)

Creates a new Attribute definition in the parent Consent store.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

CreateConsent

rpc CreateConsent(CreateConsentRequest) returns (Consent)

Creates a new Consent in the parent Consent store.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

CreateConsentArtifact

rpc CreateConsentArtifact(CreateConsentArtifactRequest) returns (ConsentArtifact)

Creates a new Consent artifact in the parent Consent store.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

CreateConsentStore

rpc CreateConsentStore(CreateConsentStoreRequest) returns (ConsentStore)

Creates a new Consent store in the parent dataset. Attempting to create a consent store with the same ID as an existing store fails with an ALREADY_EXISTS error.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

CreateUserDataMapping

rpc CreateUserDataMapping(CreateUserDataMappingRequest) returns (UserDataMapping)

Creates a new User data mapping in the parent Consent store.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

DeleteAttributeDefinition

rpc DeleteAttributeDefinition(DeleteAttributeDefinitionRequest) returns (Empty)

Deletes the specified Attribute definition. Fails if it is referenced by the latest revision of any Consent or User data mapping.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

DeleteConsent

rpc DeleteConsent(DeleteConsentRequest) returns (Empty)

Deletes the Consent and its revisions. To keep a record of the Consent but mark it inactive, see [RevokeConsent]. To delete a revision of a Consent, see [DeleteConsentRevision]. This operation does not delete the related consent artifact.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

DeleteConsentArtifact

rpc DeleteConsentArtifact(DeleteConsentArtifactRequest) returns (Empty)

Deletes the specified Consent artifact. Fails if it is referenced by the latest revision of any Consent.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

DeleteConsentRevision

rpc DeleteConsentRevision(DeleteConsentRevisionRequest) returns (Empty)

Deletes the specified revision of a Consent. An google.rpc.Code.INVALID_ARGUMENT error occurs if the specified revision is the latest revision.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

DeleteConsentStore

rpc DeleteConsentStore(DeleteConsentStoreRequest) returns (Empty)

Deletes the specified Consent store and removes all consent data in the specified consent store.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

DeleteUserDataMapping

rpc DeleteUserDataMapping(DeleteUserDataMappingRequest) returns (Empty)

Deletes the specified User data mapping.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

EvaluateUserConsents

rpc EvaluateUserConsents(EvaluateUserConsentsRequest) returns (EvaluateUserConsentsResponse)

Evaluates the end user's Consents for all matching User data mappings.

Note: User data mappings are indexed asynchronously, so there might be a slight delay between the time a mapping is created or updated and when it is included in the results of EvaluateUserConsents.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GetAttributeDefinition

rpc GetAttributeDefinition(GetAttributeDefinitionRequest) returns (AttributeDefinition)

Gets the specified Attribute definition.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GetConsent

rpc GetConsent(GetConsentRequest) returns (Consent)

Gets the specified revision of a Consent, or the latest revision if revision_id is not specified in the resource name.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GetConsentArtifact

rpc GetConsentArtifact(GetConsentArtifactRequest) returns (ConsentArtifact)

Gets the specified Consent artifact.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GetConsentStore

rpc GetConsentStore(GetConsentStoreRequest) returns (ConsentStore)

Gets the specified Consent store.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GetUserDataMapping

rpc GetUserDataMapping(GetUserDataMappingRequest) returns (UserDataMapping)

Gets the specified User data mapping.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ListAttributeDefinitions

rpc ListAttributeDefinitions(ListAttributeDefinitionsRequest) returns (ListAttributeDefinitionsResponse)

Lists the Attribute definitions in the given Consent store.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ListConsentArtifacts

rpc ListConsentArtifacts(ListConsentArtifactsRequest) returns (ListConsentArtifactsResponse)

Lists the Consent artifacts in the given Consent store.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ListConsentRevisions

rpc ListConsentRevisions(ListConsentRevisionsRequest) returns (ListConsentRevisionsResponse)

Lists the revisions of the given Consent in reverse chronological order.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ListConsentStores

rpc ListConsentStores(ListConsentStoresRequest) returns (ListConsentStoresResponse)

Lists the Consent stores in the given dataset.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ListConsents

rpc ListConsents(ListConsentsRequest) returns (ListConsentsResponse)

Lists the Consent in the given Consent store, returning each consent's latest revision.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ListUserDataMappings

rpc ListUserDataMappings(ListUserDataMappingsRequest) returns (ListUserDataMappingsResponse)

Lists the User data mappings in the given Consent store.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

QueryAccessibleData

rpc QueryAccessibleData(QueryAccessibleDataRequest) returns (Operation)

Queries all data_ids that are consented for a given use in the given Consent store and writes them to a specified destination.

The returned Operation includes a progress counter for the number of User data mappings processed.

Errors are logged to Cloud Logging (see Viewing logs). For example, the following sample log entry shows a failed to evaluate consent policy error that occurred during a QueryAccessibleData call to consent store projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}.

jsonPayload: {
  @type:
  "type.googleapis.com/google.cloud.healthcare.logging.QueryAccessibleDataLogEntry"
  error: {
    code:  9
    message:  "failed to evaluate consent policy"
  }
  resourceName:
  "projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id}"
}
logName:
"projects/{project_id}/logs/healthcare.googleapis.com%2Fquery_accessible_data"
operation: {
  id:
  "projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/operations/{operation_id}"
  producer:  "healthcare.googleapis.com/QueryAccessibleData"
}
receiveTimestamp:  "TIMESTAMP"
resource: {
  labels: {
    consent_store_id:  "{consent_store_id}"
    dataset_id:  "{dataset_id}"
    location:  "{location_id}"
    project_id:  "{project_id}"
  }
  type:  "healthcare_consent_store"
}
severity:  "ERROR"
timestamp:  "TIMESTAMP"
Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

RejectConsent

rpc RejectConsent(RejectConsentRequest) returns (Consent)

Rejects the latest revision of the specified Consent by committing a new revision with state updated to REJECTED. If the latest revision of the given consent is in the REJECTED state, no new revision is committed. A google.rpc.Code.FAILED_PRECONDITION error occurs if the latest revision of the given consent is in the ACTIVE or REVOKED state.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

RevokeConsent

rpc RevokeConsent(RevokeConsentRequest) returns (Consent)

Revokes the latest revision of the specified Consent by committing a new revision with state updated to REVOKED. If the latest revision of the given consent is in the REVOKED state, no new revision is committed. A google.rpc.Code.FAILED_PRECONDITION error occurs if the latest revision of the given consent is in DRAFT or REJECTED state.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

UpdateAttributeDefinition

rpc UpdateAttributeDefinition(UpdateAttributeDefinitionRequest) returns (AttributeDefinition)

Updates the specified Attribute definition.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

UpdateConsent

rpc UpdateConsent(UpdateConsentRequest) returns (Consent)

Updates the latest revision of the specified Consent by committing a new revision with the changes. A google.rpc.Code.FAILED_PRECONDITION error occurs if the latest revision of the given consent is in the REJECTED or REVOKED state.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

UpdateConsentStore

rpc UpdateConsentStore(UpdateConsentStoreRequest) returns (ConsentStore)

Updates the specified Consent store.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

UpdateUserDataMapping

rpc UpdateUserDataMapping(UpdateUserDataMappingRequest) returns (UserDataMapping)

Updates the specified User data mapping.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ActivateConsentRequest

Activates the latest revision of the specified Consent by committing a new revision with state updated to ACTIVE. If the latest revision of the given consent is in the ACTIVE state, no new revision is committed.

Fields
name

string

Required. The resource name of the consent to activate, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id}. An google.rpc.Code.INVALID_ARGUMENT error occurs if revision_id is specified in the name.

Authorization requires the following IAM permission on the specified resource name:

  • healthcare.consents.activate
consent_artifact

string

Required. The resource name of the consent artifact that contains proof of the end user's consent, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consentArtifacts/{consent_artifact_id}. If the draft consent had a consent artifact, this consent artifact overwrites it.

Authorization requires the following IAM permission on the specified resource consentArtifact:

  • healthcare.consentArtifacts.get
Union field expiration. Allows setting expiration time for Consents. Expired consents are ignored in access determination methods such as [CheckDataAccess]. This value overrides the expiration duration configured for the consent store. expiration can be only one of the following:
expire_time

Timestamp

Timestamp in UTC of when this consent is considered expired.

ttl

Duration

The time to live for this consent from when it is marked as active.

ArchiveUserDataMappingRequest

Archives the specified User data mapping.

Fields
name

string

The resource name of the user data mapping to archive.

Authorization requires the following IAM permission on the specified resource name:

  • healthcare.userDataMappings.archive

ArchiveUserDataMappingResponse

Archives the specified User data mapping.

Attribute

An attribute value for a consent or data mapping. Each Attribute must have a corresponding AttributeDefinition in the consent store that defines the default and allowed values.

Fields
attribute_definition_id

string

Indicates the name of an attribute defined at the consent store.

values[]

string

The value of the attribute. Must be an acceptable value as defined in the consent store. For example, if the consent store defines "data type" with acceptable values "questionnaire" and "step-count", when the attribute name is data type, this field must contain one of those values.

AttributeDefinition

A client-defined consent attribute.

Fields
name

string

Resource name of the attribute definition, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/attributeDefinitions/{attribute_definition_id}.

description

string

A description of the attribute.

category

Category

Required. The category of the attribute. The value of this field cannot be changed after creation.

allowed_values[]

string

Required. Possible values for the attribute. The number of allowed values must not exceed 100. An empty list is invalid. The list can only be expanded after creation.

consent_default_values[]

string

Default values of the attribute in consents. If no default values are specified, it defaults to an empty value.

data_mapping_default_value

string

Default value of the attribute in user data mappings. If no default value is specified, it defaults to an empty value. This field is only applicable to attributes of the category RESOURCE.

Category

The category of an attribute.

Enums
CATEGORY_UNSPECIFIED No category specified. This option is invalid.
RESOURCE Specify when this attribute captures properties of data resources. For example, data anonymity or data type.
REQUEST Specify when this attribute captures properties of access requests. For example, requester's role or requester's organization.

CheckDataAccessRequest

Checks if a particular data_id of a User data mapping in the given Consent store is consented for a given use.

Fields
consent_store

string

Name of the Consent store where the requested data_id is stored, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}.

Authorization requires the following IAM permission on the specified resource consentStore:

  • healthcare.consentStores.checkDataAccess
data_id

string

The unique identifier of the data to check access for. It must exist in the given consent_store.

request_attributes

map<string, string>

The values of request attributes associated with this access request.

response_view

ResponseView

The view for CheckDataAccessResponse.

consent_list

ConsentList

The Consents to evaluate the access request against. They must have the same user_id as the data to check access for, exist in the current consent_store, and can have a state of either ACTIVE or DRAFT. A maximum of 100 consents can be provided here.

ResponseView

The supported views for CheckDataAccessResponse.

Enums
RESPONSE_VIEW_UNSPECIFIED No response view specified. The API will default to the BASIC view.
BASIC Only the consented field is populated in CheckDataAccessResponse.
FULL All fields within CheckDataAccessResponse are populated. When set to FULL, all ACTIVE consents are evaluated even if a matching policy is found during evaluation.

CheckDataAccessResponse

Checks if a particular data_id of a User data mapping in the given Consent store is consented for a given use.

Fields
consented

bool

Whether the requested data is consented for the given use.

consent_details

map<string, ConsentEvaluation>

The resource names of all evaluated Consents mapped to their evaluation.

Represents an end user's consent.

Fields
name

string

Resource name of the Consent, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id}.

revision_id

string

Output only. The revision ID of the consent. The format is an 8-character hexadecimal string. Refer to a specific revision of a Consent by appending @{revision_id} to the Consent's resource name.

revision_create_time

Timestamp

Output only. The timestamp that the revision was created.

user_id

string

Required. User's UUID provided by the client.

policies[]

Policy

Represents an end user's consent in terms of the resources that can be accessed and under what conditions.

consent_artifact

string

Required. The resource name of the consent artifact that contains proof of the end user's consent, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consentArtifacts/{consent_artifact_id}.

state

State

Indicates the current state of this consent.

Union field expiration. Allows setting expiration time for Consents. Expired consents are ignored in access determination methods such as [CheckDataAccess]. This value overrides the expiration duration configured for the consent store. expiration can be only one of the following:
expire_time

Timestamp

Timestamp in UTC of when this consent is considered expired.

ttl

Duration

Input only. The time to live for this consent from when it is created.

State

The state of the consent resource.

Enums
STATE_UNSPECIFIED No state specified.
ACTIVE The consent is active and is considered when evaluating user's consent on resources.
ARCHIVED When a consent is updated, the current version is archived and a new one is created with active state.
REVOKED A revoked consent is not considered when evaluating user's consent on resources.
DRAFT A draft consent is not considered when evaluating user's consent on resources unless explicitly asked.
REJECTED When a draft consent is rejected by end user, it should be stored back with rejected state. A rejected consent is not considered when evaluating user's consent on resources.

ConsentArtifact

Proof of an end user's consent.

Fields
name

string

Resource name of the Consent artifact, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consentArtifacts/{consent_artifact_id}.

user_id

string

Required. User's UUID provided by the client.

user_signature

Signature

User's signature.

guardian_signature

Signature

A signature from guardian.

witness_signature

Signature

A signature from a witness.

consent_content_screenshots[]

Image

Screenshots of the consent content.

consent_content_version

string

An string indicating the version of the consent content.

metadata

map<string, string>

Metadata associated with the consent artifact. For example, the consent locale or user agent version.

ConsentEvaluation

The detailed evaluation of a particular Consent.

Fields
evaluation_result

EvaluationResult

The evaluation result.

EvaluationResult

Indicates the evaluation result of a particular Consent.

Enums
EVALUATION_RESULT_UNSPECIFIED No evaluation result specified. This option is invalid.
NOT_APPLICABLE The consent is not applicable to the requested access determination. For example, it does not belong to the end user who owns the data for which the access determination is requested, or it has a state of REVOKED.
NO_MATCHING_POLICY The consent does not have a policy with matching resource_attributes as the data.
NO_SATISFIED_POLICY The consent has at least one policy with matching resource_attributes as the data, but none with a satisfied authorization_rule.
HAS_SATISFIED_POLICY The consent has at least one policy with matching resource_attributes as the data and a satisfied authorization_rule.

ConsentList

List of resource names of Consent resources.

Fields
consents[]

string

The resource names of the Consents to evaluate against, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id}.

ConsentStore

Represents a Consent store.

Fields
name

string

Resource name of the Consent store, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}.

labels

map<string, string>

User-supplied key-value pairs used to organize Consent stores.

Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}][\p{Ll}\p{Lo}\p{N}_-]{0,62}

Label values must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}\p{N}_-]{0,63}

No more than 64 labels can be associated with a given store.

CreateAttributeDefinitionRequest

Creates a new Attribute definition.

Fields
parent

string

Required. The name of the consent store that this Attribute definition belongs to.

Authorization requires the following IAM permission on the specified resource parent:

  • healthcare.attributeDefinitions.create
attribute_definition_id

string

Required. The ID of the Attribute definition to create. The string must match the following regex: [_a-zA-Z][_a-zA-Z0-9]{0,255} and must not be a reserved keyword within the Common Expression Language as listed on https://github.com/google/cel-spec/blob/master/doc/langdef.md.

attribute_definition

AttributeDefinition

Required. Attribute definition to create.

CreateConsentArtifactRequest

Creates a new Consent artifact.

Fields
parent

string

Required. The name of the Consent store this consent artifact belongs to.

Authorization requires the following IAM permission on the specified resource parent:

  • healthcare.consentArtifacts.create
consent_artifact

ConsentArtifact

Required. Consent artifact to create.

CreateConsentRequest

Creates a new Consent.

Fields
parent

string

Required. Name of the consent store.

Authorization requires the following IAM permission on the specified resource parent:

  • healthcare.consents.create
consent

Consent

Required. Consent to create.

CreateConsentStoreRequest

Creates a new Consent store.

Fields
parent

string

Required. The name of the dataset this Consent store belongs to.

Authorization requires the following IAM permission on the specified resource parent:

  • healthcare.consentStores.create
consent_store_id

string

The ID of the consent store to create. The string must match the following regex: [\p{L}\p{N}_\-\.]{1,256}.

consent_store

ConsentStore

Required. Configuration info for this Consent store.

CreateUserDataMappingRequest

Creates a new User data mapping.

Fields
parent

string

Required. Name of the consent store.

Authorization requires the following IAM permission on the specified resource parent:

  • healthcare.userDataMappings.create
user_data_mapping

UserDataMapping

Required. User data mapping to create.

DeleteAttributeDefinitionRequest

Deletes the specified Attribute definition.

Fields
name

string

Required. The resource name of the Attribute definition to delete.

Authorization requires the following IAM permission on the specified resource name:

  • healthcare.attributeDefinitions.delete

DeleteConsentArtifactRequest

Deletes the specified Consent artifact.

Fields
name

string

Required. The resource name of the consent artifact to delete.

Authorization requires the following IAM permission on the specified resource name:

  • healthcare.consentArtifacts.delete

DeleteConsentRequest

Deletes the Consent and its revisions. To keep a record of the Consent but mark it inactive, see [RevokeConsent]. To delete a revision of a Consent, see [DeleteConsentRevision].

Fields
name

string

Required. The resource name of the consent to delete, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id}. An google.rpc.Code.INVALID_ARGUMENT error occurs if revision_id is specified in the name.

Authorization requires the following IAM permission on the specified resource name:

  • healthcare.consents.delete

DeleteConsentRevisionRequest

Deletes the specified revision of a Consent. An google.rpc.Code.INVALID_ARGUMENT error occurs if the specified revision is the latest revision.

Fields
name

string

Required. The resource name of the consent revision to delete, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id}@{revision_id}. An google.rpc.Code.INVALID_ARGUMENT error occurs if revision_id is not specified in the name.

Authorization requires the following IAM permission on the specified resource name:

  • healthcare.consents.delete

DeleteConsentStoreRequest

Deletes the specified Consent store.

Fields
name

string

Required. The resource name of the Consent store to delete.

Authorization requires the following IAM permission on the specified resource name:

  • healthcare.consentStores.delete

DeleteUserDataMappingRequest

Deletes the specified User data mapping.

Fields
name

string

Required. The resource name of the user data mapping to delete.

Authorization requires the following IAM permission on the specified resource name:

  • healthcare.userDataMappings.delete

EvaluateUserConsentsRequest

Evaluate an end user's Consents for all matching User data mappings.

Fields
consent_store

string

Name of the Consent store to retrieve user data mappings from.

Authorization requires the following IAM permission on the specified resource consentStore:

  • healthcare.consentStores.evaluateUserConsents
user_id

string

Required. User ID to evaluate consents for.

resource_attributes

map<string, string>

The values of resources attributes associated with the type of data being requested. If no values are specified, then all data types are queried.

request_attributes

map<string, string>

The values of request attributes associated with this access request.

response_view

ResponseView

The view for EvaluateUserConsentsResponse.

page_size

int32

Limit on the number of user data mappings to return in a single response. If zero the default page size of 100 is used.

page_token

string

Token to retrieve the next page of results to get the first page.

consent_list

ConsentList

The resource names of the consents to evaluate against. Consents must be in the current consent_store and belong to the current user_id. Consents can be either active or draft.

If this field is empty, the default behavior is to use all active consents that belong to user_id. A maximum of 100 consents can be provided here.

ResponseView

The supported views for EvaluateUserConsentsResponse.

Enums
RESPONSE_VIEW_UNSPECIFIED No response view specified. The API will default to the BASIC view.
BASIC Only the consented field is populated in the response.
FULL All fields within the response are populated. When set to FULL, all ACTIVE consents are evaluated even if a matching policy is found during evaluation.

EvaluateUserConsentsResponse

Evaluate an end user's Consents for all matching User data mappings.

Fields
results[]

Result

The consent evaluation result for each data_id.

next_page_token

string

Token to retrieve the next page of results or empty if there are no more results in the list. This token is valid for 72 hours after it is created.

Result

The consent evaluation result for a single data_id.

Fields
data_id

string

The unique identifier of the data the consents were checked for.

consented

bool

Whether the requested data is consented for the given use.

consent_details

map<string, ConsentEvaluation>

The resource names of all evaluated Consents mapped to their evaluation.

GcsDestination

The Cloud Storage location for export.

Fields
uri_prefix

string

URI for a Cloud Storage directory where the server writes result files, in the format gs://{bucket-id}/{path/to/destination/dir}. If there is no trailing slash, the service appends one when composing the object path. The user is responsible for creating the Cloud Storage bucket and directory referenced in uri_prefix.

GetAttributeDefinitionRequest

Gets an Attribute definition.

Fields
name

string

Required. The resource name of the Attribute definition to get.

Authorization requires the following IAM permission on the specified resource name:

  • healthcare.attributeDefinitions.get

GetConsentArtifactRequest

Gets a Consent artifact.

Fields
name

string

Required. The resource name of the consent artifact to retrieve.

Authorization requires the following IAM permission on the specified resource name:

  • healthcare.consentArtifacts.get

GetConsentRequest

Gets the specified revision of a Consent, or the latest revision if revision_id is not specified in the resource name.

Fields
name

string

Required. The resource name of the consent to retrieve, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id}.

In order to retrieve a previous revision of the consent, also provide the revision ID: projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id}@{revision_id}

Authorization requires the following IAM permission on the specified resource name:

  • healthcare.consents.get

GetConsentStoreRequest

Gets a Consent store.

Fields
name

string

Required. The resource name of the Consent store to get.

Authorization requires the following IAM permission on the specified resource name:

  • healthcare.consentStores.get

GetUserDataMappingRequest

Gets the User data mapping.

Fields
name

string

Required. The resource name of the user data mapping to retrieve.

Authorization requires the following IAM permission on the specified resource name:

  • healthcare.userDataMappings.get

Image

An image.

Fields

Union field data.

data can be only one of the following:

raw_bytes

bytes

Image content represented as a stream of bytes. This field is populated when returned in GetConsentArtifact response, but not included in CreateConsentArtifact and ListConsentArtifact response.

gcs_uri

string

Input only. Points to a Cloud Storage URI containing the image. The URI must be in the following format: gs://{bucket_id}/{object_id}. The Cloud Healthcare API service account must have the roles/storage.objectViewer Cloud IAM role for this Cloud Storage location. The image at this URI is copied to a Cloud Storage location managed by the Cloud Healthcare API. Responses to image fetching requests return the image in raw_bytes.

ListAttributeDefinitionsRequest

Lists the Attribute definitions in the given Consent store.

Fields
parent

string

Required. Name of the Consent store to retrieve attribute definitions from.

Authorization requires the following IAM permission on the specified resource parent:

  • healthcare.attributeDefinitions.list
page_size

int32

Limit on the number of attribute definitions to return in a single response. If zero the default page size of 100 is used.

page_token

string

Token to retrieve the next page of results or empty to get the first page.

filter

string

Restricts the attributes returned to those matching a filter. Syntax: https://cloud.google.com/appengine/docs/standard/python/search/query_strings. The only field available for filtering is category.

ListAttributeDefinitionsResponse

Lists the Attribute definitions in the given Consent store.

Fields
attribute_definitions[]

AttributeDefinition

The returned attribute definitions. The maximum number of attributes returned is determined by the value of page_size in the ListAttributeDefinitionsRequest.

next_page_token

string

Token to retrieve the next page of results or empty if there are no more results in the list.

ListConsentArtifactsRequest

Lists the Consent artifacts in the given Consent store.

Fields
parent

string

Required. Name of the Consent store to retrieve consent artifacts from.

Authorization requires the following IAM permission on the specified resource parent:

  • healthcare.consentArtifacts.list
page_size

int32

Limit on the number of consent artifacts to return in a single response. If zero the default page size of 100 is used.

page_token

string

The next_page_token value returned from the previous List request, if any.

filter

string

Restricts the artifacts returned to those matching a filter. Syntax: https://cloud.google.com/appengine/docs/standard/python/search/query_strings The fields available for filtering are:

  • user_id
  • consent_content_version

ListConsentArtifactsResponse

Lists the Consent artifacts in the given Consent store.

Fields
consent_artifacts[]

ConsentArtifact

The returned consent artifacts. The maximum number of artifacts returned is determined by the value of page_size in the ListConsentArtifactsRequest.

next_page_token

string

Token to retrieve the next page of results or empty if there are no more results in the list.

ListConsentRevisionsRequest

Lists the revisions of the given Consent in reverse chronological order.

Fields
name

string

Required. The resource name of the consent to retrieve revisions for.

Authorization requires the following IAM permission on the specified resource name:

  • healthcare.consents.get
page_size

int32

Limit on the number of revisions to return in a single response. If zero the default page size of 100 is used.

page_token

string

Token to retrieve the next page of results or empty if there are no more results in the list.

filter

string

Restricts the revisions returned to those matching a filter. Syntax: https://cloud.google.com/appengine/docs/standard/python/search/query_strings. Fields/functions available for filtering are:

  • user_id
  • consent_artifact
  • state
  • revision_create_time

ListConsentRevisionsResponse

Lists the revisions of the given Consent in reverse chronological order.

Fields
consents[]

Consent

The returned consent revisions. The maximum number of revisions returned is determined by the value of page_size in the ListConsentRevisionsRequest.

next_page_token

string

Token to retrieve the next page of results or empty if there are no more results in the list.

ListConsentStoresRequest

Lists the Consent stores in the given dataset.

Fields
parent

string

Required. Name of the dataset.

Authorization requires the following IAM permission on the specified resource parent:

  • healthcare.consentStores.list
page_size

int32

Limit on the number of Consent stores to return in a single response. If zero the default page size of 100 is used.

page_token

string

Token to retrieve the next page of results or empty to get the first page.

filter

string

Restricts the stores returned to those matching a filter. Syntax: https://cloud.google.com/appengine/docs/standard/python/search/query_strings. Only filtering on labels is supported. For example, labels.key=value.

ListConsentStoresResponse

Lists the Consent stores in the given dataset.

Fields
consent_stores[]

ConsentStore

The returned Consent stores. The maximum number of stores returned is determined by the value of page_size in the ListConsentStoresRequest.

next_page_token

string

Token to retrieve the next page of results or empty if there are no more results in the list.

ListConsentsRequest

Lists all the Consents in the given Consent store, returning each consent's latest revision.

Fields
parent

string

Required. Name of the Consent store to retrieve consents from.

Authorization requires the following IAM permission on the specified resource parent:

  • healthcare.consents.list
page_size

int32

Limit on the number of consents to return in a single response. If zero the default page size of 100 is used.

page_token

string

The next_page_token value returned from the previous List request, if any.

filter

string

Restricts the consents returned to those matching a filter. Syntax: https://cloud.google.com/appengine/docs/standard/python/search/query_strings The fields available for filtering are:

  • user_id
  • consent_artifact
  • state
  • revision_create_time

ListConsentsResponse

Lists the [Consents][google.cloud.healthcare.v1beta1.consent.Consents] in the given Consent store.

Fields
consents[]

Consent

The returned consents. The maximum number of consents returned is determined by the value of page_size in the ListConsentsRequest.

next_page_token

string

Token to retrieve the next page of results or empty if there are no more results in the list.

ListUserDataMappingsRequest

Lists the User data mappings in the given Consent store.

Fields
parent

string

Required. Name of the Consent store to retrieve user data mappings from.

Authorization requires the following IAM permission on the specified resource parent:

  • healthcare.userDataMappings.list
page_size

int32

Limit on the number of user data mappings to return in a single response. If zero the default page size of 100 is used.

page_token

string

Token to retrieve the next page of results or empty to get the first page.

filter

string

Restricts the user data mappings returned to those matching a filter. Syntax: https://cloud.google.com/appengine/docs/standard/python/search/query_strings The fields available for filtering are:

  • data_id
  • user_id
  • archived
  • archive_time

ListUserDataMappingsResponse

Lists the [User data mappings] [google.cloud.healthcare.v1beta1.consent.UserDataMappings] in the given Consent store.

Fields
user_data_mappings[]

UserDataMapping

The returned user data mappings. The maximum number of user data mappings returned is determined by the value of page_size in the ListUserDataMappingsRequest.

next_page_token

string

Token to retrieve the next page of results or empty if there are no more results in the list.

Policy

Represents an end user's consent in terms of the resources that can be accessed and under what conditions.

Fields
resource_attributes[]

Attribute

The data resources that this policy applies to. A data resource is a match if it matches all the attributes listed here.

authorization_rule

Expr

The request conditions to meet to grant access. In addition to any supported comparison operators, authorization rules may have IN operator as well as at most 10 logical operators that are limited to AND (&&), OR (||).

QueryAccessibleDataRequest

Queries all data_ids that are consented for a given use in the given Consent store and writes them to a specified destination.

The returned Operation includes a progress counter for the number of User data mappings processed.

Errors are logged to Cloud Logging (see Viewing logs and [QueryAccessibleData] for a sample log entry).

Fields
consent_store

string

Name of the Consent store to retrieve user data mappings from.

Authorization requires the following IAM permission on the specified resource consentStore:

  • healthcare.consentStores.queryAccessibleData
resource_attributes

map<string, string>

The values of resources attributes associated with the type of data being requested. If no values are specified, then all data types are included in the output.

request_attributes

map<string, string>

The values of request attributes associated with this access request.

gcs_destination

GcsDestination

The Cloud Storage destination. The Cloud Healthcare API service account must have the roles/storage.objectAdmin Cloud IAM role for this Cloud Storage location.

RejectConsentRequest

Rejects the latest revision of the specified Consent by committing a new revision with state updated to REJECTED. If the latest revision of the given consent is in the REJECTED state, no new revision is committed.

Fields
name

string

Required. The resource name of the consent to reject, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id}. An google.rpc.Code.INVALID_ARGUMENT error occurs if revision_id is specified in the name.

Authorization requires the following IAM permission on the specified resource name:

  • healthcare.consents.reject
consent_artifact

string

The resource name of the consent artifact that contains proof of the end user's rejection of the draft consent, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consentArtifacts/{consent_artifact_id}. If the draft consent had a consent artifact, this consent artifact overwrites it.

Authorization requires the following IAM permission on the specified resource consentArtifact:

  • healthcare.consentArtifacts.get

RevokeConsentRequest

Revokes the latest revision of the specified Consent by committing a new revision with state updated to REVOKED. If the latest revision of the given consent is in the REVOKED state, no new revision is committed.

Fields
name

string

Required. The resource name of the consent to revoke, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id}. An google.rpc.Code.INVALID_ARGUMENT error occurs if revision_id is specified in the name.

Authorization requires the following IAM permission on the specified resource name:

  • healthcare.consents.revoke
consent_artifact

string

The resource name of the consent artifact that contains proof of the end user's revocation of the consent, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consentArtifacts/{consent_artifact_id}.

Authorization requires the following IAM permission on the specified resource consentArtifact:

  • healthcare.consentArtifacts.get

Signature

User signature.

Fields
user_id

string

User's UUID provided by the client.

image

Image

An image of the user's signature.

metadata

map<string, string>

Metadata associated with the user's signature. For example, the user's name or the user's title.

signature_time

Timestamp

Timestamp of the signature.

UpdateAttributeDefinitionRequest

Updates the Attribute definition.

Fields
attribute_definition

AttributeDefinition

The Attribute definition resource that updates the resource on the server. Only the fields listed in update_mask are applied.

Authorization requires the following IAM permission on the specified resource attributeDefinition:

  • healthcare.attributeDefinitions.update
update_mask

FieldMask

The update mask that applies to the resource. For the FieldMask definition, see https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask. The description, allowed_values, consent_default_values, and data_mapping_default_value fields are allowed to be updated. The updated allowed_values must contain all values from the previous allowed_values.

UpdateConsentRequest

Updates the latest revision of the specified Consent by committing a new revision with the changes. A google.rpc.Code.FAILED_PRECONDITION error occurs if the latest revision of the given consent is in the REJECTED or REVOKED state.

Fields
consent

Consent

The consent resource that updates the resource on the server. Only the fields listed in update_mask are applied. An google.rpc.Code.INVALID_ARGUMENT error occurs if revision_id is specified as part of the Consent's name.

Authorization requires the following IAM permission on the specified resource consent:

  • healthcare.consents.update
update_mask

FieldMask

The update mask to apply to the resource. For the FieldMask definition, see https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask. The user_id, policies, and consent_artifact fields can be updated.

UpdateConsentStoreRequest

Updates the Consent store.

Fields
consent_store

ConsentStore

The Consent store resource that updates the resource on the server. Only the fields listed in update_mask are applied.

Authorization requires the following IAM permission on the specified resource consentStore:

  • healthcare.consentStores.update
update_mask

FieldMask

The update mask that applies to the resource. For the FieldMask definition, see https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask. The labels field is allowed to be updated.

UpdateUserDataMappingRequest

Updates the User data mapping.

Fields
user_data_mapping

UserDataMapping

The user data mapping resource that updates the resource on the server. Only the fields listed in update_mask are applied.

Authorization requires the following IAM permission on the specified resource userDataMapping:

  • healthcare.userDataMappings.update
update_mask

FieldMask

The update mask that applies to the resource. For the FieldMask definition, see https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask.

UserDataMapping

Maps a user data entry to its end user and Attributes.

Fields
name

string

Resource name of the User data mapping, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/userDataMappings/{user_data_mapping_id}.

data_id

string

Required. A unique identifier for the mapped data.

user_id

string

Required. User's UUID provided by the client.

resource_attributes[]

Attribute

Attributes of end user data. Each attribute can have exactly one value specified. Only explicitly set attributes are displayed here. Attribute definitions with defaults set implicitly apply to these [User data mappings] [google.cloud.healthcare.v1beta1.consent.UserDataMappings]. Attributes listed here must be single valued, that is, exactly one value is specified for the field "values" in each Attribute.

archived

bool

Output only. Indicates whether this data mapping is archived.

archive_time

Timestamp

Output only. Indicates the time when this data mapping was archived.