本頁說明如何建立、更新及撤銷使用者同意聲明。
應用程式會分別記錄同意聲明構件和同意聲明。
Consent Management API 會將與使用者同意聲明相關的私密資料儲存為 ConsentArtifact。ConsentArtifact 可能包含簽名時間戳記,以及簽名或其他文件的圖片,做為同意聲明的「證明」。
Consent Management API 會將非私密同意聲明資料儲存為 Consent 物件。Consent 包含不透明的使用者 ID、使用者授予的同意聲明政策,以及同意聲明政策的狀態。
由於同意聲明和同意聲明構件有不同的資源路徑,因此可以獨立設定權限,盡量減少對同意聲明構件中敏感同意聲明資料的存取。
同意聲明支援到期時間長度,可讓您設定同意聲明的到期時間,以及何時失效。到期時間可以設為特定日期或一段時間,例如一年。
建立同意聲明記錄儲存庫時,您可以為該儲存庫設定預設到期時間。建立同意聲明時,您可以設定同意聲明的到期時間。同意聲明建立期間設定的到期時間會覆寫同意聲明記錄儲存庫的預設時間。
同意聲明可處於 ACTIVE 或 DRAFT 狀態。同意聲明管理 API 會使用 ACTIVE 狀態的同意聲明,判斷是否授予存取權。只有在存取權判斷要求中指定時,系統才會在判斷存取權時使用 DRAFT 狀態的同意聲明。您可以更新同意聲明,將狀態從 DRAFT 變更為 ACTIVE 或 REJECTED。
如要記錄使用者同意聲明,請使用 projects.locations.datasets.consentStores.consentArtifacts.create 方法建立同意聲明構件,然後使用 projects.locations.datasets.consentStores.consents.create 方法建立同意聲明,並將同意聲明構件連結至該同意聲明。
本頁的範例假設您已建立同意聲明記錄儲存庫,並設定同意聲明政策。
建立同意聲明構件
同意聲明構件會儲存與使用者同意聲明相關的敏感資料。同意聲明構件可包含使用者的聯絡資訊、簽名時間戳記,以及簽名或其他文件的圖片,做為同意聲明的「證明」。
如要建立同意聲明構件,請使用 projects.locations.datasets.consentStores.consentArtifacts.create 方法。提出 POST 要求,並在要求中指定下列資訊:
- 父項同意商店的名稱。
- 代表提供同意聲明使用者的專屬不透明使用者 ID。
- 使用者的簽名,可選擇是否要加入簽名圖片、時間戳記和其他中繼資料。這張圖片可以指定為 Cloud Storage 中的圖片位置,或是原始位元組的字串。
- 監護人或見證人簽名 (選填)。
- 可選用的圖片或文件,做為同意聲明的「證明」,例如簽名圖片、擷取行動裝置同意聲明流程畫面的圖片,或是簽署的 PDF 文件。這些圖片可以指定為 Cloud Storage 中的位置,或是原始位元組的字串。
- 向使用者顯示的同意聲明資訊 ID。
- 與使用者同意聲明相關的選用中繼資料。
- 存取權杖。
curl
以下範例顯示使用 curl 的 POST 要求:
curl -X POST \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "Content-Type: application/consent+json; charset=utf-8" \ --data "{ 'user_id': 'USER_ID', 'user_signature' : { 'user_id': 'USER_ID', 'image': { 'gcs_uri': 'gs://IMG_URI' }, 'signature_time': { 'seconds': EPOCH_SECONDS }, }, 'consent_content_screenshots': [ { 'raw_bytes': 'BASE_64_IMAGE' }], 'consent_content_version': 'v1', 'metadata': {'client': 'mobile'} }" \ "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consentArtifacts"
如果要求成功,伺服器會以 JSON 格式傳回類似以下範例的回應:
{
"name": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consentArtifacts/CONSENT_ARTIFACT_RESOURCE_ID",
"userId": "USER_ID",
"userSignature": {
"userId": "USER_ID",
"signatureTime": "SIGNATURE_TIME"
},
"consentContentVersion": "v1",
"metadata": {
"client": "mobile"
}
}
PowerShell
下列範例顯示如何使用 Windows PowerShell 提出 POST 要求:
$cred = gcloud auth application-default print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-WebRequest ` -Method Post ` -Headers $headers ` -ContentType: "application/consent+json; charset=utf-8" ` -Body "{ 'user_id': 'USER_ID', 'user_signature' : { 'user_id': 'USER_ID', 'image': { 'gcs_uri': 'gs://IMG_URI' }, 'signature_time': { 'seconds': EPOCH_SECONDS } }, 'consent_content_screenshots': [ { 'raw_bytes': 'BASE_64_IMAGE' }], 'consent_content_version': 'v1', 'metadata': {'client': 'mobile'} }" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consentArtifacts" | Select-Object -Expand Content
如果要求成功,伺服器會以 JSON 格式傳回下列回應:
{
"name": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consentArtifacts/CONSENT_ARTIFACT_RESOURCE_ID",
"userId": "USER_ID",
"userSignature": {
"userId": "USER_ID",
"signatureTime": "SIGNATURE_TIME"
},
"consentContentVersion": "v1",
"metadata": {
"client": "mobile"
}
}
建立同意聲明
同意聲明會儲存非私密資料,包括不透明的使用者 ID、使用者授予的同意聲明政策,以及同意聲明政策目前是否有效。
如要建立同意聲明,請使用 projects.locations.datasets.consentStores.consents.create 方法。提出 POST 要求,並在要求中指定下列資訊:
- 父項同意商店的名稱。
- 代表提供同意聲明使用者的專屬不透明使用者 ID。
- 最多 10 項同意聲明政策,每項政策都有一組
RESOURCE屬性值,以及以一般運算語言 (CEL) 表示的授權規則,可根據先前建立的屬性定義,說明使用者的意圖。CEL 適用下列限制:- 每個政策最多只能定義 10 個邏輯運算子。
- 您只能使用 AND (&&)、OR (||) 和 IN 運算子。
- 對應同意聲明構件的 REST 路徑 (建立同意聲明構件時傳回)。
- 選用的同意聲明狀態,可以是
DRAFT或ACTIVE。如未指定狀態,系統會以ACTIVE狀態建立同意聲明。 - 同意聲明的選填到期時間,可定義為日期或時間範圍。這個值必須以秒為單位,並加上後置字串「s」。例如,
86000s。這個值會覆寫為同意聲明記錄儲存庫設定的到期時間長度。如未設定到期時間,資源會沿用同意聲明記錄儲存庫的預設到期時間長度。如果未指定資源或商店的有效期限,同意聲明資源就不會過期。 - 存取權杖。
curl
以下範例顯示使用 curl 的 POST 要求:
curl -X POST \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "Content-Type: application/consent+json; charset=utf-8" \ --data "{ \"user_id\": \"USER_ID\", \"policies\": [{ \"resource_attributes\": [{ \"attribute_definition_id\": \"data_identifiable\", \"values\": [\"identifiable\"] }], \"authorization_rule\": { \"expression\": \"requester_identity == 'clinical-admin'\", } }, { \"resource_attributes\": [{ \"attribute_definition_id\": \"data_identifiable\", \"values\": [\"de-identified\"] }], \"authorization_rule\": { \"expression\": \"requester_identity in ['internal-researcher', 'external-researcher']\" } }], \"consent_artifact\": \"projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consentArtifacts/CONSENT_ARTIFACT_ID\", \"ttl\": \"EXPIRATION_DURATION\" }" \ "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consents"
如果要求成功,伺服器會傳回類似以下範例的回應:
{
"name": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consents/CONSENT_ID",
"userId": "USER_ID",
"policies": [
{
"resourceAttributes": [
{
"attributeDefinitionId": "data_identifiable",
"values": [
"identifiable"
]
}
],
"authorizationRule": {
"expression": "requester_identity == 'clinical-admin'"
}
},
{
"resourceAttributes": [
{
"attributeDefinitionId": "data_identifiable",
"values": [
"de-identified"
]
}
],
"authorizationRule": {
"expression": "requester_identity in ['internal-researcher', 'external-researcher']"
}
}
],
"consentArtifact": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consentArtifacts/CONSENT_ARTIFACT_ID",
"state": "CONSENT_STATE",
"stateChangeTime": "STATE_CHANGE_TIME",
"expireTime": "EXPIRE_TIME"
}
PowerShell
下列範例顯示如何使用 Windows PowerShell 提出 POST 要求:
$cred = gcloud auth application-default print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-WebRequest ` -Method Post ` -Headers $headers ` -ContentType: "application/consent+json; charset=utf-8" ` -Body "{ 'user_id': 'USER_ID', 'policies': [{ 'resource_attributes': [{ 'attribute_definition_id': 'data_identifiable', 'values': ['identifiable'] }], 'authorization_rule': { 'expression': 'requester_identity == \'clinical-admin\'', } },{ 'resource_attributes': [{ 'attribute_definition_id': 'data_identifiable', 'values': ['de-identified'] }], 'authorization_rule': { 'expression': 'requester_identity in [\'internal-researcher\', \'external-researcher\']' } }], 'consent_artifact': 'projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consentArtifacts/CONSENT_ARTIFACT_ID', 'ttl': 'EXPIRATION_DURATION' }" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consents" | Select-Object -Expand Content
如果要求成功,伺服器會傳回類似以下範例的回應:
{
"name": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consents/CONSENT_ID",
"userId": "USER_ID",
"policies": [
{
"resourceAttributes": [
{
"attributeDefinitionId": "data_identifiable",
"values": [
"identifiable"
]
}
],
"authorizationRule": {
"expression": "requester_identity == 'clinical-admin'"
}
},
{
"resourceAttributes": [
{
"attributeDefinitionId": "data_identifiable",
"values": [
"de-identified"
]
}
],
"authorizationRule": {
"expression": "requester_identity in ['internal-researcher', 'external-researcher']"
}
}
],
"consentArtifact": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consentArtifacts/CONSENT_ARTIFACT_ID",
"state": "CONSENT_STATE",
"stateChangeTime": "STATE_CHANGE_TIME",
"expireTime": "EXPIRE_TIME"
}
取得同意聲明
下列範例說明如何取得同意聲明。詳情請參閱 projects.locations.datasets.consentStores.consents.get。
如要取得同意聲明,請提出 GET 要求,並在要求中指定下列資訊:
- 父項資料集的名稱
- 同意商店的名稱
- 同意聲明名稱
- 存取權杖
curl
以下範例顯示使用 curl 的 GET 要求:
curl -X GET \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consents/CONSENT_ID"
如果要求成功,伺服器會以 JSON 格式傳回回應:
{
"name": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consents/CONSENT_ID",
"userId": "USER_ID",
"policies": [
{
"resourceAttributes": [
{
"attributeDefinitionId": "data_identifiable",
"values": [
"identifiable"
]
}
],
"authorizationRule": {
"expression": "requester_identity == 'clinical-admin'"
}
},
{
"resourceAttributes": [
{
"attributeDefinitionId": "data_identifiable",
"values": [
"de-identified"
]
}
],
"authorizationRule": {
"expression": "requester_identity in ['internal-researcher', 'external-researcher']"
}
}
],
"consentArtifact": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consentArtifacts/CONSENT_ARTIFACT_ID",
"state": "CONSENT_STATE",
"stateChangeTime": "STATE_CHANGE_TIME",
"revisionCreateTime": "REVISION_CREATE_TIME",
"expireTime": "EXPIRE_TIME"
}
PowerShell
下列範例顯示如何使用 Windows PowerShell 提出 GET 要求:
$cred = gcloud auth application-default print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-RestMethod ` -Method Get ` -Headers $headers ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consents/CONSENT_ID" | ConvertTo-Json
如果要求成功,伺服器會以 JSON 格式傳回回應:
{
"name": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consents/CONSENT_ID",
"userId": "USER_ID",
"policies": [
{
"resourceAttributes": "",
"authorizationRule": "@{expression=requester_identity == 'clinical-admin'}"
},
{
"resourceAttributes": "",
"authorizationRule": "@{expression=requester_identity in ['internal-researcher', 'external-researcher']}"
}
],
"consentArtifact": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consentArtifacts/CONSENT_ARTIFACT_ID",
"state": "CONSENT_STATE",
"stateChangeTime": "STATE_CHANGE_TIME",
"revisionCreateTime": "REVISION_CREATE_TIME",
"expireTime": "EXPIRE_TIME"
}
列出同意聲明存放區中的同意聲明
下列範例說明如何列出同意聲明商店中的同意聲明。
如要列出同意聲明存放區中的同意聲明,請使用 projects.locations.datasets.consentStores.consents.list 方法。
curl
如要列出同意聲明存放區中的同意聲明,請發出 GET 要求並指定下列資訊:
- 父項同意商店的名稱
- 選用搜尋篩選器,可根據使用者 ID、狀態、建立時間或同意聲明構件擷取同意聲明
- 存取權杖
以下範例顯示如何使用 curl 發出 GET 要求。
curl -X GET \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consents"
如果要求成功,伺服器會以 JSON 格式傳回回應:
{
"consents": [
{
"name": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consents/CONSENT_ID",
"userId": "USER_ID",
"policies": [
{
"resourceAttributes": [
{
"attributeDefinitionId": "data_identifiable",
"values": [
"identifiable"
]
}
],
"authorizationRule": {
"expression": "requester_identity == 'clinical-admin'"
}
},
{
"resourceAttributes": [
{
"attributeDefinitionId": "data_identifiable",
"values": [
"de-identified"
]
}
],
"authorizationRule": {
"expression": "requester_identity in ['internal-researcher', 'external-researcher']"
}
}
],
"consentArtifact": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consentArtifacts/CONSENT_ARTIFACT_ID",
"state": "CONSENT_STATE",
"stateChangeTime": "STATE_CHANGE_TIME",
"revisionCreateTime": "REVISION_CREATE_TIME",
"expireTime": "EXPIRE_TIME"
},
{
...
}
]
}
PowerShell
如要列出同意聲明存放區中的同意聲明,請發出 GET 要求並指定下列資訊:
- 父項資料集的名稱
- 選用搜尋篩選器,可根據使用者 ID、狀態、建立時間或同意聲明構件擷取同意聲明
- 存取權杖
下列範例顯示如何使用 Windows PowerShell 提出 GET 要求。
$cred = gcloud auth application-default print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-WebRequest ` -Method Get ` -Headers $headers ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consents" | Select-Object -Expand Content
如果要求成功,伺服器會以 JSON 格式傳回回應:
{
"consents": [
{
"name": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consents/CONSENT_ID",
"userId": "USER_ID",
"policies": [
{
"resourceAttributes": [
{
"attributeDefinitionId": "data_identifiable",
"values": [
"identifiable"
]
}
],
"authorizationRule": {
"expression": "requester_identity == 'clinical-admin'"
}
},
{
"resourceAttributes": [
{
"attributeDefinitionId": "data_identifiable",
"values": [
"de-identified"
]
}
],
"authorizationRule": {
"expression": "requester_identity in ['internal-researcher', 'external-researcher']"
}
}
],
"consentArtifact": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consentArtifacts/CONSENT_ARTIFACT_ID",
"state": "CONSENT_STATE",
"stateChangeTime": "STATE_CHANGE_TIME",
"revisionCreateTime": "REVISION_CREATE_TIME",
"expireTime": "EXPIRE_TIME"
},
{
...
}
]
}
您也可以使用 projects.locations.datasets.consentStores.consents.listRevisions 方法,列出特定同意聲明的修訂版本。
更新同意聲明
您可能需要不時更新同意聲明狀態。如要這麼做,請變更同意聲明狀態。每次更新和變更同意聲明狀態時,系統都會產生新的修訂版本。如要存取先前的修訂版本,請在同意聲明的資源名稱後方加上 @{revision_id}。
更新同意聲明
如要更新有效或草稿同意聲明的 userId、policies、consentArtifact 或 revokeConsentArtifact 欄位,請使用 projects.locations.datasets.consentStores.consents.patch 方法。系統會提交新修訂版本並套用變更,然後設為目前狀態。
如要更新同意聲明,請提出 PATCH 要求,並在要求中指定下列資訊:
- 要更新的同意聲明 REST 路徑
- 要更新的欄位
- 更新遮罩
- 存取權杖
curl
下列範例顯示使用 curl 的 PATCH 要求,用於更新同意聲明構件:
curl -X PATCH \ -H "Authorization: Bearer "$(gcloud auth application-default print-access-token) \ -H "Content-Type: application/consent+json; charset=utf-8" \ --data "{ \"consentArtifact\": \"projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consentArtifacts/CONSENT_ARTIFACT_ID\" }" \ "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consents/CONSENT_ID?updateMask=consentArtifact"
如果要求成功,伺服器會以 JSON 格式傳回類似以下範例的回應:
{
"name": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consents/CONSENT_ID",
"userId": "USER_ID",
"policies": [
{
"resourceAttributes": [
{
"attributeDefinitionId": "data_identifiable",
"values": [
"identifiable"
]
}
],
"authorizationRule": {
"expression": "requester_identity == 'clinical-admin'"
}
},
{
"resourceAttributes": [
{
"attributeDefinitionId": "data_identifiable",
"values": [
"de-identified"
]
}
],
"authorizationRule": {
"expression": "requester_identity in ['internal-researcher', 'external-researcher']"
}
}
],
"consentArtifact": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consentArtifacts/CONSENT_ARTIFACT_ID",
"state": "ACTIVE",
"stateChangeTime": "STATE_CHANGE_TIME",
"revisionCreateTime": "REVISION_CREATE_TIME",
"expireTime": "EXPIRE_TIME"
}
PowerShell
下列範例顯示如何使用 Windows PowerShell 提出 PATCH 要求,更新同意聲明構件:
$cred = gcloud auth application-default print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-WebRequest ` -Method Patch ` -Headers $headers ` -ContentType: "application/consent+json; charset=utf-8" ` -Body "{ 'consentArtifact': 'projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consentArtifacts/CONSENT_ARTIFACT_ID' }" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consents/CONSENT_ID?updateMask=consentArtifact" | Select-Object -Expand Content
如果要求成功,伺服器會以 JSON 格式傳回類似以下範例的回應:
{
"name": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consents/CONSENT_ID",
"userId": "USER_ID",
"policies": [
{
"resourceAttributes": [
{
"attributeDefinitionId": "data_identifiable",
"values": [
"identifiable"
]
}
],
"authorizationRule": {
"expression": "requester_identity == 'clinical-admin'"
}
},
{
"resourceAttributes": [
{
"attributeDefinitionId": "data_identifiable",
"values": [
"de-identified"
]
}
],
"authorizationRule": {
"expression": "requester_identity in ['internal-researcher', 'external-researcher']"
}
}
],
"consentArtifact": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consentArtifacts/CONSENT_ARTIFACT_ID",
"state": "ACTIVE",
"stateChangeTime": "STATE_CHANGE_TIME",
"revisionCreateTime": "REVISION_CREATE_TIME",
"expireTime": "EXPIRE_TIME"
}
啟用同意聲明
如要在使用者接受同意聲明後,將同意聲明狀態從 DRAFT 變更為 ACTIVE,請使用 projects.locations.datasets.consentStores.consents.activateConsent 方法。系統會提交狀態為 ACTIVE 的新修訂版本。如果同意聲明狀態為 ACTIVE,系統就會將同意聲明納入存取決議要求。
如要啟用同意聲明,請發出 POST 要求,並在要求中指定下列資訊:
- 啟用同意聲明的 REST 路徑
- 選用構件的 REST 路徑,用於記錄同意聲明啟用的原因
- 存取權杖
curl
以下範例顯示使用 curl 的 POST 要求:
curl -X POST \ -H "Authorization: Bearer "$(gcloud auth application-default print-access-token) \ -H "Content-Type: application/consent+json; charset=utf-8" \ --data "{ 'consent_artifact': 'projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/userConsentArtifacts/CONSENT_ARTIFACT_RESOURCE_ID' \ }" \ "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consents/CONSENT_ID:activate"
如果要求成功,伺服器會以 JSON 格式傳回類似以下範例的回應:
{
"name": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consents/CONSENT_ID",
"userId": "USER_ID",
"policies": [
{
"resourceAttributes": [
{
"attributeDefinitionId": "data_identifiable",
"values": [
"identifiable"
]
}
],
"authorizationRule": {
"expression": "requester_identity == 'clinical-admin'"
}
},
{
"resourceAttributes": [
{
"attributeDefinitionId": "data_identifiable",
"values": [
"de-identified"
]
}
],
"authorizationRule": {
"expression": "requester_identity in ['internal-researcher', 'external-researcher']"
}
}
],
"consentArtifact": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consentArtifacts/CONSENT_ARTIFACT_ID",
"state": "ACTIVE",
"stateChangeTime": "STATE_CHANGE_TIME",
"expireTime": "EXPIRE_TIME"
}
PowerShell
下列範例顯示如何使用 Windows PowerShell 提出 POST 要求:
$cred = gcloud auth application-default print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-WebRequest ` -Method Post ` -Headers $headers ` -ContentType: "application/consent+json; charset=utf-8" ` -Body "{ 'consent_artifact': '/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/userConsentArtifacts/CONSENT_ARTIFACT_ID' }" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consents/CONSENT_ID:activate" | Select-Object -Expand Content
如果要求成功,伺服器會以 JSON 格式傳回類似以下範例的回應:
{
"name": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consents/CONSENT_ID",
"userId": "USER_ID",
"policies": [
{
"resourceAttributes": [
{
"attributeDefinitionId": "data_identifiable",
"values": [
"identifiable"
]
}
],
"authorizationRule": {
"expression": "requester_identity == 'clinical-admin'"
}
},
{
"resourceAttributes": [
{
"attributeDefinitionId": "data_identifiable",
"values": [
"de-identified"
]
}
],
"authorizationRule": {
"expression": "requester_identity in ['internal-researcher', 'external-researcher']"
}
}
],
"consentArtifact": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consentArtifacts/CONSENT_ARTIFACT_ID",
"state": "ACTIVE",
"stateChangeTime": "STATE_CHANGE_TIME",
"expireTime": "EXPIRE_TIME"
}
撤銷及拒絕同意聲明
如要將同意聲明狀態從 DRAFT 變更為 REJECTED,例如使用者表示不同意,請使用 projects.locations.datasets.consentStores.consents.reject 方法。如果同意聲明狀態為 REJECTED,存取權判斷要求就不會納入同意聲明。
如要將同意聲明狀態從 ACTIVE 變更為 REVOKED,例如使用者要求撤銷先前授予的同意聲明,請使用 projects.locations.datasets.consentStores.consents.revoke 方法。系統會提交狀態為 REVOKED 的新修訂版本。狀態為 REVOKED 的同意聲明不會納入存取權判斷要求。您可以建立與同意聲明相關聯的選用構件,記錄同意聲明遭撤銷的原因。撤銷同意聲明不會刪除同意聲明。
如要撤銷同意聲明,請發出 POST 要求,並在要求中指定下列資訊:
- 要撤銷的同意聲明 REST 路徑
- REST 路徑,可選用構件,用於記錄同意聲明遭撤銷的原因
- 存取權杖
curl
以下範例顯示使用 curl 的 POST 要求:
curl -X POST \ -H "Authorization: Bearer "$(gcloud auth application-default print-access-token) \ -H "Content-Type: application/consent+json; charset=utf-8" \ --data "{}" \ "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consents/CONSENT_ID:revoke"
如果要求成功,伺服器會以 JSON 格式傳回類似以下範例的回應:
{
"name": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consents/CONSENT_ID",
"userId": "USER_ID",
"policies": [
{
"resourceAttributes": [
{
"attributeDefinitionId": "data_identifiable",
"values": [
"identifiable"
]
}
],
"authorizationRule": {
"expression": "requester_identity == 'clinical-admin'"
}
},
{
"resourceAttributes": [
{
"attributeDefinitionId": "data_identifiable",
"values": [
"de-identified"
]
}
],
"authorizationRule": {
"expression": "requester_identity in ['internal-researcher', 'external-researcher']"
}
}
],
"consentArtifact": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consentArtifacts/CONSENT_ARTIFACT_ID",
"state": "REVOKED",
"stateChangeTime": "STATE_CHANGE_TIME",
"expireTime": "EXPIRE_TIME"
}
PowerShell
下列範例顯示如何使用 Windows PowerShell 提出 POST 要求:
$cred = gcloud auth application-default print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-WebRequest ` -Method Post ` -Headers $headers ` -ContentType: "application/consent+json; charset=utf-8" ` -Body "{}" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consents/CONSENT_ID:revoke" | Select-Object -Expand Content
如果要求成功,伺服器會以 JSON 格式傳回類似以下範例的回應:
{
"name": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consents/CONSENT_ID",
"userId": "USER_ID",
"policies": [
{
"resourceAttributes": [
{
"attributeDefinitionId": "data_identifiable",
"values": [
"identifiable"
]
}
],
"authorizationRule": {
"expression": "requester_identity == 'clinical-admin'"
}
},
{
"resourceAttributes": [
{
"attributeDefinitionId": "data_identifiable",
"values": [
"de-identified"
]
}
],
"authorizationRule": {
"expression": "requester_identity in ['internal-researcher', 'external-researcher']"
}
}
],
"consentArtifact": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/consentArtifacts/CONSENT_ARTIFACT_ID",
"state": "REVOKED",
"stateChangeTime": "STATE_CHANGE_TIME",
"expireTime": "EXPIRE_TIME"
}