If the request is successful, a detailed response is returned of type QueryAccessibleDataResponse, contained in the [response][google.longrunning.Operation.result.response] field when the operation finishes. The metadata field type is OperationMetadata.
Errors are logged to Cloud Logging (see Viewing error logs in Cloud Logging). For example, the following sample log entry shows a failed to evaluate consent
policy error that occurred during a consentStores.queryAccessibleData call to consent store projects/{projectId}/locations/{locationId}/datasets/{datasetId}/consentStores/{consentStoreId}.
Required. Name of the consent store to retrieve User data mappings from.
Authorization requires the following IAM permission on the specified resource consentStore:
healthcare.consentStores.queryAccessibleData
Request body
The request body contains data with the following structure:
JSON representation
{"resourceAttributes": {string: string,...},"requestAttributes": {string: string,...},// Union field destination can be only one of the following:"gcsDestination": {object(GcsDestination)}// End of list of possible types for union field destination.}
Fields
resourceAttributes
map (key: string, value: string)
Optional. The values of resource attributes associated with the type of resources being requested. If no values are specified, then all resource types are included in the output.
An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.
requestAttributes
map (key: string, value: string)
The values of request attributes associated with this access request.
An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.
Union field destination. Required. The output destination of the result file which contains a single data_id on each line. destination can be only one of the following:
The Cloud Storage destination. The Cloud Healthcare API service account must have the roles/storage.objectAdmin Cloud IAM role for this Cloud Storage location.
Response body
If successful, the response body contains an instance of Operation.
URI for a Cloud Storage directory where the server writes result files, in the format gs://{bucket-id}/{path/to/destination/dir}. If there is no trailing slash, the service appends one when composing the object path. The user is responsible for creating the Cloud Storage bucket and directory referenced in uriPrefix.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-07-23 UTC."],[[["\u003cp\u003eThis function, \u003ccode\u003eprojects.locations.datasets.consentStores.queryAccessibleData\u003c/code\u003e, retrieves all data IDs that are consented for a specific use within a given consent store.\u003c/p\u003e\n"],["\u003cp\u003eThe operation's progress, measured by the number of user data mappings processed, is tracked and included in the returned \u003ccode\u003eOperation\u003c/code\u003e object.\u003c/p\u003e\n"],["\u003cp\u003eThe successful execution of this request returns a \u003ccode\u003eQueryAccessibleDataResponse\u003c/code\u003e, while errors are logged in Cloud Logging and detailed examples are provided to understand potential issues.\u003c/p\u003e\n"],["\u003cp\u003eThe request requires a specified consent store, resource and request attributes, and a destination (specifically a Cloud Storage location for storing the results) to function, and necessary IAM permissions.\u003c/p\u003e\n"],["\u003cp\u003eThe destination for the result is specified as \u003ccode\u003eGcsDestination\u003c/code\u003e object, which needs a \u003ccode\u003euriPrefix\u003c/code\u003e that points to a Cloud Storage directory where the server will write the result files, the user will have to make sure the bucket and directory exists.\u003c/p\u003e\n"]]],[],null,["# Method: consentStores.queryAccessibleData\n\n**Full name**: projects.locations.datasets.consentStores.queryAccessibleData\n\nQueries all data_ids that are consented for a specified use in the given [consent store](/healthcare-api/docs/reference/rest/v1/projects.locations.datasets.consentStores#ConsentStore) and writes them to a specified destination.\n\nThe returned [Operation](/healthcare-api/docs/reference/rest/Shared.Types/ListOperationsResponse#Operation) includes a progress counter for the number of [User data mappings](/healthcare-api/docs/reference/rest/v1/projects.locations.datasets.consentStores.userDataMappings#UserDataMapping) processed.\n\nIf the request is successful, a detailed response is returned of type [QueryAccessibleDataResponse](/healthcare-api/docs/reference/rest/Shared.Types/QueryAccessibleDataResponse), contained in the \\[response\\]\\[google.longrunning.Operation.result.response\\] field when the operation finishes. The [metadata](/healthcare-api/docs/reference/rest/Shared.Types/ListOperationsResponse#Operation.FIELDS.metadata) field type is [OperationMetadata](/healthcare-api/docs/reference/rest/v1/OperationMetadata).\n\nErrors are logged to Cloud Logging (see [Viewing error logs in Cloud Logging](https://cloud.google.com/healthcare/docs/how-tos/logging)). For example, the following sample log entry shows a `failed to evaluate consent\npolicy` error that occurred during a consentStores.queryAccessibleData call to consent store `projects/{projectId}/locations/{locationId}/datasets/{datasetId}/consentStores/{consentStoreId}`. \n\n jsonPayload: {\n @type:\n \"type.googleapis.com/google.cloud.healthcare.logging.QueryAccessibleDataLogEntry\"\n error: {\n code: 9\n message: \"failed to evaluate consent policy\"\n }\n resourceName:\n \"projects/{projectId}/locations/{locationId}/datasets/{datasetId}/consentStores/{consentStoreId}/consents/{consent_id}\"\n }\n logName:\n \"projects/{projectId}/logs/healthcare.googleapis.com%2Fquery_accessible_data\"\n operation: {\n id:\n \"projects/{projectId}/locations/{locationId}/datasets/{datasetId}/operations/{operation_id}\"\n producer: \"healthcare.googleapis.com/consentStores.queryAccessibleData\"\n }\n receiveTimestamp: \"TIMESTAMP\"\n resource: {\n labels: {\n consentStoreId: \"{consentStoreId}\"\n datasetId: \"{datasetId}\"\n location: \"{locationId}\"\n projectId: \"{projectId}\"\n }\n type: \"healthcare_consent_store\"\n }\n severity: \"ERROR\"\n timestamp: \"TIMESTAMP\"\n\n### HTTP request\n\n`POST https://healthcare.googleapis.com/v1/{consentStore=projects/*/locations/*/datasets/*/consentStores/*}:queryAccessibleData`\n\nThe URL uses [gRPC Transcoding](https://google.aip.dev/127) syntax.\n\n### Path parameters\n\n### Request body\n\nThe request body contains data with the following structure:\n\n### Response body\n\nIf successful, the response body contains an instance of [Operation](/healthcare-api/docs/reference/rest/Shared.Types/ListOperationsResponse#Operation).\n\n### Authorization scopes\n\nRequires one of the following OAuth scopes:\n\n- `https://www.googleapis.com/auth/cloud-healthcare`\n- `https://www.googleapis.com/auth/cloud-platform`\n\nFor more information, see the [Authentication Overview](/docs/authentication#authorization-gcp).\n\nGcsDestination\n--------------\n\nThe Cloud Storage location for export."]]
