Package google.cloud.healthcare.v1beta1.consent

Index

ConsentService

A service for managing user consents.

ActivateConsent

rpc ActivateConsent(ActivateConsentRequest) returns (Consent)

Activates the latest revision of the specified Consent by committing a new revision with state updated to ACTIVE. If the latest revision of the specified Consent is in the ACTIVE state, no new revision is committed. A FAILED_PRECONDITION error occurs if the latest revision of the specified consent is in the REJECTED or REVOKED state.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ArchiveUserDataMapping

rpc ArchiveUserDataMapping(ArchiveUserDataMappingRequest) returns (ArchiveUserDataMappingResponse)

Archives the specified User data mapping.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

CheckDataAccess

rpc CheckDataAccess(CheckDataAccessRequest) returns (CheckDataAccessResponse)

Checks if a particular data_id of a User data mapping in the specified consent store is consented for the specified use.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

CreateAttributeDefinition

rpc CreateAttributeDefinition(CreateAttributeDefinitionRequest) returns (AttributeDefinition)

Creates a new Attribute definition in the parent consent store.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

CreateConsent

rpc CreateConsent(CreateConsentRequest) returns (Consent)

Creates a new Consent in the parent consent store.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

CreateConsentArtifact

rpc CreateConsentArtifact(CreateConsentArtifactRequest) returns (ConsentArtifact)

Creates a new Consent artifact in the parent consent store.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

CreateConsentStore

rpc CreateConsentStore(CreateConsentStoreRequest) returns (ConsentStore)

Creates a new consent store in the parent dataset. Attempting to create a consent store with the same ID as an existing store fails with an ALREADY_EXISTS error.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

CreateUserDataMapping

rpc CreateUserDataMapping(CreateUserDataMappingRequest) returns (UserDataMapping)

Creates a new User data mapping in the parent consent store.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

DeleteAttributeDefinition

rpc DeleteAttributeDefinition(DeleteAttributeDefinitionRequest) returns (Empty)

Deletes the specified Attribute definition. Fails if the Attribute definition is referenced by any User data mapping, or the latest revision of any Consent.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

DeleteConsent

rpc DeleteConsent(DeleteConsentRequest) returns (Empty)

Deletes the Consent and its revisions. To keep a record of the Consent but mark it inactive, see [RevokeConsent]. To delete a revision of a Consent, see [DeleteConsentRevision]. This operation does not delete the related Consent artifact.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

DeleteConsentArtifact

rpc DeleteConsentArtifact(DeleteConsentArtifactRequest) returns (Empty)

Deletes the specified Consent artifact. Fails if the artifact is referenced by the latest revision of any Consent.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

DeleteConsentRevision

rpc DeleteConsentRevision(DeleteConsentRevisionRequest) returns (Empty)

Deletes the specified revision of a Consent. An INVALID_ARGUMENT error occurs if the specified revision is the latest revision.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

DeleteConsentStore

rpc DeleteConsentStore(DeleteConsentStoreRequest) returns (Empty)

Deletes the specified consent store and removes all the consent store's data.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

DeleteUserDataMapping

rpc DeleteUserDataMapping(DeleteUserDataMappingRequest) returns (Empty)

Deletes the specified User data mapping.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

EvaluateUserConsents

rpc EvaluateUserConsents(EvaluateUserConsentsRequest) returns (EvaluateUserConsentsResponse)

Evaluates the user's Consents for all matching User data mappings.

Note: User data mappings are indexed asynchronously, which can cause a slight delay between the time mappings are created or updated and when they are included in EvaluateUserConsents results.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GetAttributeDefinition

rpc GetAttributeDefinition(GetAttributeDefinitionRequest) returns (AttributeDefinition)

Gets the specified Attribute definition.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GetConsent

rpc GetConsent(GetConsentRequest) returns (Consent)

Gets the specified revision of a Consent, or the latest revision if revision_id is not specified in the resource name.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GetConsentArtifact

rpc GetConsentArtifact(GetConsentArtifactRequest) returns (ConsentArtifact)

Gets the specified Consent artifact.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GetConsentStore

rpc GetConsentStore(GetConsentStoreRequest) returns (ConsentStore)

Gets the specified consent store.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GetUserDataMapping

rpc GetUserDataMapping(GetUserDataMappingRequest) returns (UserDataMapping)

Gets the specified User data mapping.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ListAttributeDefinitions

rpc ListAttributeDefinitions(ListAttributeDefinitionsRequest) returns (ListAttributeDefinitionsResponse)

Lists the Attribute definitions in the specified consent store.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ListConsentArtifacts

rpc ListConsentArtifacts(ListConsentArtifactsRequest) returns (ListConsentArtifactsResponse)

Lists the Consent artifacts in the specified consent store.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ListConsentRevisions

rpc ListConsentRevisions(ListConsentRevisionsRequest) returns (ListConsentRevisionsResponse)

Lists the revisions of the specified Consent in reverse chronological order.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ListConsentStores

rpc ListConsentStores(ListConsentStoresRequest) returns (ListConsentStoresResponse)

Lists the consent stores in the specified dataset.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ListConsents

rpc ListConsents(ListConsentsRequest) returns (ListConsentsResponse)

Lists the Consent in the given consent store, returning each Consent's latest revision.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ListUserDataMappings

rpc ListUserDataMappings(ListUserDataMappingsRequest) returns (ListUserDataMappingsResponse)

Lists the User data mappings in the specified consent store.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

QueryAccessibleData

rpc QueryAccessibleData(QueryAccessibleDataRequest) returns (Operation)

Queries all data_ids that are consented for a specified use in the given consent store and writes them to a specified destination.

The returned Operation includes a progress counter for the number of User data mappings processed.

If the request is successful, a detailed response is returned of type QueryAccessibleDataResponse, contained in the [response][google.longrunning.Operation.result.response] field when the operation finishes. The metadata field type is OperationMetadata.

Errors are logged to Cloud Logging (see Viewing error logs in Cloud Logging). For example, the following sample log entry shows a failed to evaluate consent policy error that occurred during a QueryAccessibleData call to consent store projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}.

jsonPayload: {
  @type:
  "type.googleapis.com/google.cloud.healthcare.logging.QueryAccessibleDataLogEntry"
  error: {
    code:  9
    message:  "failed to evaluate consent policy"
  }
  resourceName:
  "projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id}"
}
logName:
"projects/{project_id}/logs/healthcare.googleapis.com%2Fquery_accessible_data"
operation: {
  id:
  "projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/operations/{operation_id}"
  producer:  "healthcare.googleapis.com/QueryAccessibleData"
}
receiveTimestamp:  "TIMESTAMP"
resource: {
  labels: {
    consent_store_id:  "{consent_store_id}"
    dataset_id:  "{dataset_id}"
    location:  "{location_id}"
    project_id:  "{project_id}"
  }
  type:  "healthcare_consent_store"
}
severity:  "ERROR"
timestamp:  "TIMESTAMP"
Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

RejectConsent

rpc RejectConsent(RejectConsentRequest) returns (Consent)

Rejects the latest revision of the specified Consent by committing a new revision with state updated to REJECTED. If the latest revision of the specified Consent is in the REJECTED state, no new revision is committed. A FAILED_PRECONDITION error occurs if the latest revision of the specified Consent is in the ACTIVE or REVOKED state.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

RevokeConsent

rpc RevokeConsent(RevokeConsentRequest) returns (Consent)

Revokes the latest revision of the specified Consent by committing a new revision with state updated to REVOKED. If the latest revision of the specified Consent is in the REVOKED state, no new revision is committed. A FAILED_PRECONDITION error occurs if the latest revision of the given consent is in DRAFT or REJECTED state.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

UpdateAttributeDefinition

rpc UpdateAttributeDefinition(UpdateAttributeDefinitionRequest) returns (AttributeDefinition)

Updates the specified Attribute definition.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

UpdateConsent

rpc UpdateConsent(UpdateConsentRequest) returns (Consent)

Updates the latest revision of the specified Consent by committing a new revision with the changes. A FAILED_PRECONDITION error occurs if the latest revision of the specified Consent is in the REJECTED or REVOKED state.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

UpdateConsentStore

rpc UpdateConsentStore(UpdateConsentStoreRequest) returns (ConsentStore)

Updates the specified consent store.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

UpdateUserDataMapping

rpc UpdateUserDataMapping(UpdateUserDataMappingRequest) returns (UserDataMapping)

Updates the specified User data mapping.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ActivateConsentRequest

Activates the latest revision of the specified Consent by committing a new revision with state updated to ACTIVE. If the latest revision of the given Consent is in the ACTIVE state, no new revision is committed. A FAILED_PRECONDITION error occurs if the latest revision of the given consent is in the REJECTED or REVOKED state.

Fields
name

string

Required. The resource name of the Consent to activate, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id}. An INVALID_ARGUMENT error occurs if revision_id is specified in the name.

Authorization requires the following IAM permission on the specified resource name:

  • healthcare.consents.activate
consent_artifact

string

Required. The resource name of the Consent artifact that contains documentation of the user's consent, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consentArtifacts/{consent_artifact_id}. If the draft Consent had a Consent artifact, this Consent artifact overwrites it.

Authorization requires the following IAM permission on the specified resource consentArtifact:

  • healthcare.consentArtifacts.get
Union field expiration. Optional. Allows setting expiration time for Consents. Expired consents are ignored in access determination methods such as [CheckDataAccess]. This value overrides the expiration duration configured for the consent store. expiration can be only one of the following:
expire_time

Timestamp

Timestamp in UTC of when this Consent is considered expired.

ttl

Duration

The time to live for this Consent from when it is marked as active.

ArchiveUserDataMappingRequest

Archives the specified User data mapping.

Fields
name

string

Required. The resource name of the User data mapping to archive.

Authorization requires the following IAM permission on the specified resource name:

  • healthcare.userDataMappings.archive

ArchiveUserDataMappingResponse

This type has no fields.

Archives the specified User data mapping.

Attribute

An attribute value for a Consent or User data mapping. Each Attribute must have a corresponding AttributeDefinition in the consent store that defines the default and allowed values.

Fields
attribute_definition_id

string

Indicates the name of an attribute defined in the consent store.

values[]

string

The value of the attribute. Must be an acceptable value as defined in the consent store. For example, if the consent store defines "data type" with acceptable values "questionnaire" and "step-count", when the attribute name is data type, this field must contain one of those values.

AttributeDefinition

A client-defined consent attribute.

Fields
name

string

Identifier. Resource name of the Attribute definition, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/attributeDefinitions/{attribute_definition_id}. Cannot be changed after creation.

description

string

Optional. A description of the attribute.

category

Category

Required. The category of the attribute. The value of this field cannot be changed after creation.

allowed_values[]

string

Required. Possible values for the attribute. The number of allowed values must not exceed 500. An empty list is invalid. The list can only be expanded after creation.

consent_default_values[]

string

Optional. Default values of the attribute in Consents. If no default values are specified, it defaults to an empty value.

data_mapping_default_value

string

Optional. Default value of the attribute in User data mappings. If no default value is specified, it defaults to an empty value. This field is only applicable to attributes of the category RESOURCE.

Category

The category of the attribute.

Enums
CATEGORY_UNSPECIFIED No category specified. This option is invalid.
RESOURCE Specify this category when this attribute describes the properties of resources. For example, data anonymity or data type.
REQUEST Specify this category when this attribute describes the properties of requests. For example, requester's role or requester's organization.

CheckDataAccessRequest

Checks if a particular data_id of a User data mapping in the given consent store is consented for a given use.

Fields
consent_store

string

Required. Name of the consent store where the requested data_id is stored, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}.

Authorization requires the following IAM permission on the specified resource consentStore:

  • healthcare.consentStores.checkDataAccess
data_id

string

Required. The unique identifier of the resource to check access for. This identifier must correspond to a User data mapping in the given consent store.

request_attributes

map<string, string>

The values of request attributes associated with this access request.

response_view

ResponseView

Optional. The view for CheckDataAccessResponse. If unspecified, defaults to BASIC and returns consented as TRUE or FALSE.

consent_list

ConsentList

Optional. Specific Consents to evaluate the access request against. These Consents must have the same user_id as the evaluated User data mapping, must exist in the current consent_store, and have a state of either ACTIVE or DRAFT. A maximum of 100 Consents can be provided here. If no selection is specified, the access request is evaluated against all ACTIVE unexpired Consents with the same user_id as the evaluated User data mapping.

ResponseView

The supported views for CheckDataAccessResponse.

Enums
RESPONSE_VIEW_UNSPECIFIED No response view specified. The API will default to the BASIC view.
BASIC Only the consented field is populated in CheckDataAccessResponse.
FULL All fields within CheckDataAccessResponse are populated. When set to FULL, all ACTIVE Consents are evaluated even if a matching policy is found during evaluation.

CheckDataAccessResponse

Checks if a particular data_id of a User data mapping in the given consent store is consented for a given use.

Fields
consented

bool

Whether the requested resource is consented for the given use.

consent_details

map<string, ConsentEvaluation>

The resource names of all evaluated Consents mapped to their evaluation.

Represents a user's consent.

Fields
name

string

Identifier. Resource name of the Consent, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id}. Cannot be changed after creation.

revision_id

string

Output only. The revision ID of the Consent. The format is an 8-character hexadecimal string. Refer to a specific revision of a Consent by appending @{revision_id} to the Consent's resource name.

revision_create_time

Timestamp

Output only. The timestamp that the revision was created.

user_id

string

Required. User's UUID provided by the client.

policies[]

Policy

Optional. Represents a user's consent in terms of the resources that can be accessed and under what conditions.

consent_artifact

string

Required. The resource name of the Consent artifact that contains proof of the end user's consent, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consentArtifacts/{consent_artifact_id}.

state

State

Required. Indicates the current state of this Consent.

metadata

map<string, string>

Optional. User-supplied key-value pairs used to organize Consent resources.

Metadata keys must:

  • be between 1 and 63 characters long
  • have a UTF-8 encoding of maximum 128 bytes
  • begin with a letter
  • consist of up to 63 characters including lowercase letters, numeric characters, underscores, and dashes

Metadata values must be: - be between 1 and 63 characters long - have a UTF-8 encoding of maximum 128 bytes - consist of up to 63 characters including lowercase letters, numeric characters, underscores, and dashes

No more than 64 metadata entries can be associated with a given consent.

Union field expiration. Optional. Allows setting expiration time for Consents. Expired Consents are ignored in access determination methods such as [CheckDataAccess]. This value replaces any default expiration duration configured for the Consent store. expiration can be only one of the following:
expire_time

Timestamp

Timestamp in UTC of when this Consent is considered expired.

ttl

Duration

Input only. The time to live for this Consent from when it is created.

State

The state of the Consent resource.

Enums
STATE_UNSPECIFIED No state specified. Treated as ACTIVE only at the time of resource creation.
ACTIVE The Consent is active and is considered when evaluating a user's consent on resources.
ARCHIVED The archived state is currently not being used.
REVOKED A revoked Consent is not considered when evaluating a user's consent on resources.
DRAFT A draft Consent is not considered when evaluating a user's consent on resources unless explicitly specified.
REJECTED When a draft Consent is rejected by a user, it is set to a rejected state. A rejected Consent is not considered when evaluating a user's consent on resources.

ConsentArtifact

Documentation of a user's consent.

Fields
name

string

Identifier. Resource name of the Consent artifact, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consentArtifacts/{consent_artifact_id}. Cannot be changed after creation.

user_id

string

Required. User's UUID provided by the client.

user_signature

Signature

Optional. User's signature.

guardian_signature

Signature

Optional. A signature from a guardian.

witness_signature

Signature

Optional. A signature from a witness.

consent_content_screenshots[]

Image

Optional. Screenshots, PDFs, or other binary information documenting the user's consent.

consent_content_version

string

Optional. An string indicating the version of the consent information shown to the user.

metadata

map<string, string>

Optional. Metadata associated with the Consent artifact. For example, the consent locale or user agent version.

ConsentEvaluation

The detailed evaluation of a particular Consent.

Fields
evaluation_result

EvaluationResult

The evaluation result.

EvaluationResult

Indicates the evaluation result of a particular Consent.

Enums
EVALUATION_RESULT_UNSPECIFIED No evaluation result specified. This option is invalid.
NOT_APPLICABLE The Consent is not applicable to the requested access determination. For example, the Consent does not apply to the user for which the access determination is requested, or it has a state of REVOKED, or it has expired.
NO_MATCHING_POLICY The Consent does not have a policy that matches the resource_attributes of the evaluated resource.
NO_SATISFIED_POLICY The Consent has at least one policy that matches the resource_attributes of the evaluated resource, but no authorization_rule was satisfied.
HAS_SATISFIED_POLICY The Consent has at least one policy that matches the resource_attributes of the evaluated resource, and at least one authorization_rule was satisfied.

ConsentList

List of resource names of Consent resources.

Fields
consents[]

string

The resource names of the Consents to evaluate against, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id}.

ConsentStore

Represents a consent store.

Fields
name

string

Resource name of the consent store, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}. Cannot be changed after creation.

labels

map<string, string>

Optional. User-supplied key-value pairs used to organize consent stores.

Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}][\p{Ll}\p{Lo}\p{N}_-]{0,62}.

Label values must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}\p{N}_-]{0,63}.

No more than 64 labels can be associated with a given store. For more information: https://cloud.google.com/healthcare/docs/how-tos/labeling-resources

CreateAttributeDefinitionRequest

Creates a new Attribute definition.

Fields
parent

string

Required. The name of the consent store that this Attribute definition belongs to.

Authorization requires the following IAM permission on the specified resource parent:

  • healthcare.attributeDefinitions.create
attribute_definition_id

string

Required. The ID of the Attribute definition to create. The string must match the following regex: [_a-zA-Z][_a-zA-Z0-9]{0,255} and must not be a reserved keyword within the Common Expression Language as listed on https://github.com/google/cel-spec/blob/master/doc/langdef.md.

attribute_definition

AttributeDefinition

Required. Attribute definition to create.

CreateConsentArtifactRequest

Creates a new Consent artifact. Cannot be updated after creation.

Fields
parent

string

Required. The name of the consent store this Consent artifact belongs to.

Authorization requires the following IAM permission on the specified resource parent:

  • healthcare.consentArtifacts.create
consent_artifact

ConsentArtifact

Required. Consent artifact to create.

CreateConsentRequest

Creates a new Consent.

Fields
parent

string

Required. Name of the consent store.

Authorization requires the following IAM permission on the specified resource parent:

  • healthcare.consents.create
consent

Consent

Required. Consent to create.

CreateConsentStoreRequest

Creates a new consent store.

Fields
parent

string

Required. The name of the dataset this consent store belongs to.

Authorization requires the following IAM permission on the specified resource parent:

  • healthcare.consentStores.create
consent_store_id

string

Required. The ID of the consent store to create. The string must match the following regex: [\p{L}\p{N}_\-\.]{1,256}. Cannot be changed after creation.

consent_store

ConsentStore

Required. Configuration info for this consent store.

CreateUserDataMappingRequest

Creates a new User data mapping.

Fields
parent

string

Required. Name of the consent store.

Authorization requires the following IAM permission on the specified resource parent:

  • healthcare.userDataMappings.create
user_data_mapping

UserDataMapping

Required. User data mapping to create.

DeleteAttributeDefinitionRequest

Deletes the specified Attribute definition.

Fields
name

string

Required. The resource name of the Attribute definition to delete. To preserve referential integrity, Attribute definitions referenced by a User data mapping or the latest revision of a Consent cannot be deleted.

Authorization requires the following IAM permission on the specified resource name:

  • healthcare.attributeDefinitions.delete

DeleteConsentArtifactRequest

Deletes the specified Consent artifact.

Fields
name

string

Required. The resource name of the Consent artifact to delete. To preserve referential integrity, Consent artifacts referenced by the latest revision of a Consent cannot be deleted.

Authorization requires the following IAM permission on the specified resource name:

  • healthcare.consentArtifacts.delete

DeleteConsentRequest

Deletes the Consent and its revisions. To keep a record of the Consent but mark it inactive, see [RevokeConsent]. To delete a revision of a Consent, see [DeleteConsentRevision]. This operation does not delete the related Consent artifact.

Fields
name

string

Required. The resource name of the Consent to delete, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id}. An INVALID_ARGUMENT error occurs if revision_id is specified in the name.

Authorization requires the following IAM permission on the specified resource name:

  • healthcare.consents.delete

DeleteConsentRevisionRequest

Deletes the specified revision of a Consent. An INVALID_ARGUMENT error occurs if the specified revision is the latest revision.

Fields
name

string

Required. The resource name of the Consent revision to delete, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id}@{revision_id}. An INVALID_ARGUMENT error occurs if revision_id is not specified in the name.

Authorization requires the following IAM permission on the specified resource name:

  • healthcare.consents.delete

DeleteConsentStoreRequest

Deletes the specified consent store.

Fields
name

string

Required. The resource name of the consent store to delete.

Authorization requires the following IAM permission on the specified resource name:

  • healthcare.consentStores.delete

DeleteUserDataMappingRequest

Deletes the specified User data mapping.

Fields
name

string

Required. The resource name of the User data mapping to delete.

Authorization requires the following IAM permission on the specified resource name:

  • healthcare.userDataMappings.delete

EvaluateUserConsentsRequest

Evaluate a user's Consents for all matching User data mappings.

Note: User data mappings are indexed asynchronously, causing slight delays between the time mappings are created or updated and when they are included in EvaluateUserConsents results.

Fields
consent_store

string

Required. Name of the consent store to retrieve User data mappings from.

Authorization requires the following IAM permission on the specified resource consentStore:

  • healthcare.consentStores.evaluateUserConsents
user_id

string

Required. User ID to evaluate consents for.

resource_attributes

map<string, string>

Optional. The values of resource attributes associated with the resources being requested. If no values are specified, then all resources are queried.

request_attributes

map<string, string>

Required. The values of request attributes associated with this access request.

response_view

ResponseView

Optional. The view for EvaluateUserConsentsResponse. If unspecified, defaults to BASIC and returns consented as TRUE or FALSE.

page_size

int32

Optional. Limit on the number of User data mappings to return in a single response. If not specified, 100 is used. May not be larger than 1000.

page_token

string

Optional. Token to retrieve the next page of results, or empty to get the first page.

consent_list

ConsentList

Optional. Specific Consents to evaluate the access request against. These Consents must have the same user_id as the User data mappings being evalauted, must exist in the current consent_store, and must have a state of either ACTIVE or DRAFT. A maximum of 100 Consents can be provided here. If unspecified, all ACTIVE unexpired Consents in the current consent_store will be evaluated.

ResponseView

The supported views for EvaluateUserConsentsResponse.

Enums
RESPONSE_VIEW_UNSPECIFIED No response view specified. The API will default to the BASIC view.
BASIC Only the data_id and consented fields are populated in the response.
FULL All fields within the response are populated. When set to FULL, all ACTIVE Consents are evaluated even if a matching policy is found during evaluation.

EvaluateUserConsentsResponse

Fields
results[]

Result

The consent evaluation result for each data_id.

next_page_token

string

Token to retrieve the next page of results, or empty if there are no more results in the list. This token is valid for 72 hours after it is created.

Result

The consent evaluation result for a single data_id.

Fields
data_id

string

The unique identifier of the evaluated resource.

consented

bool

Whether the resource is consented for the given use.

consent_details

map<string, ConsentEvaluation>

The resource names of all evaluated Consents mapped to their evaluation.

GcsDestination

The Cloud Storage location for export.

Fields
uri_prefix

string

URI for a Cloud Storage directory where the server writes result files, in the format gs://{bucket-id}/{path/to/destination/dir}. If there is no trailing slash, the service appends one when composing the object path. The user is responsible for creating the Cloud Storage bucket and directory referenced in uri_prefix.

GetAttributeDefinitionRequest

Gets an Attribute definition.

Fields
name

string

Required. The resource name of the Attribute definition to get.

Authorization requires the following IAM permission on the specified resource name:

  • healthcare.attributeDefinitions.get

GetConsentArtifactRequest

Gets a Consent artifact.

Fields
name

string

Required. The resource name of the Consent artifact to retrieve.

Authorization requires the following IAM permission on the specified resource name:

  • healthcare.consentArtifacts.get

GetConsentRequest

Gets the specified revision of a Consent, or the latest revision if revision_id is not specified in the resource name.

Fields
name

string

Required. The resource name of the Consent to retrieve, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id}.

In order to retrieve a previous revision of the Consent, also provide the revision ID: projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id}@{revision_id}

Authorization requires the following IAM permission on the specified resource name:

  • healthcare.consents.get

GetConsentStoreRequest

Gets a consent store.

Fields
name

string

Required. The resource name of the consent store to get.

Authorization requires the following IAM permission on the specified resource name:

  • healthcare.consentStores.get

GetUserDataMappingRequest

Gets the User data mapping.

Fields
name

string

Required. The resource name of the User data mapping to retrieve.

Authorization requires the following IAM permission on the specified resource name:

  • healthcare.userDataMappings.get

Image

Raw bytes representing consent artifact content.

Fields

Union field data.

data can be only one of the following:

raw_bytes

bytes

Consent artifact content represented as a stream of bytes. This field is populated when returned in GetConsentArtifact response, but not included in CreateConsentArtifact and ListConsentArtifact response.

gcs_uri

string

Input only. Points to a Cloud Storage URI containing the consent artifact content. The URI must be in the following format: gs://{bucket_id}/{object_id}. The Cloud Healthcare API service account must have the roles/storage.objectViewer Cloud IAM role for this Cloud Storage location. The consent artifact content at this URI is copied to a Cloud Storage location managed by the Cloud Healthcare API. Responses to fetching requests return the consent artifact content in raw_bytes.

ListAttributeDefinitionsRequest

Lists the Attribute definitions in the given consent store.

Fields
parent

string

Required. Name of the consent store to retrieve Attribute definitions from.

Authorization requires the following IAM permission on the specified resource parent:

  • healthcare.attributeDefinitions.list
page_size

int32

Optional. Limit on the number of Attribute definitions to return in a single response. If not specified, 100 is used. May not be larger than 1000.

page_token

string

Optional. Token to retrieve the next page of results or empty to get the first page.

filter

string

Optional. Restricts the attributes returned to those matching a filter. The following syntax is available:

  • A string field value can be written as text inside quotation marks, for example "query text". The only valid relational operation for text fields is equality (=), where text is searched within the field, rather than having the field be equal to the text. For example, "Comment = great" returns messages with great in the comment field.
  • A number field value can be written as an integer, a decimal, or an exponential. The valid relational operators for number fields are the equality operator (=), along with the less than/greater than operators (<, <=, >, >=). Note that there is no inequality (!=) operator. You can prepend the NOT operator to an expression to negate it.
  • A date field value must be written in yyyy-mm-dd form. Fields with date and time use the RFC3339 time format. Leading zeros are required for one-digit months and days. The valid relational operators for date fields are the equality operator (=) , along with the less than/greater than operators (<, <=, >, >=). Note that there is no inequality (!=) operator. You can prepend the NOT operator to an expression to negate it.
  • Multiple field query expressions can be combined in one query by adding AND or OR operators between the expressions. If a boolean operator appears within a quoted string, it is not treated as special, it's just another part of the character string to be matched. You can prepend the NOT operator to an expression to negate it.

The only field available for filtering is category.

For example, filter=category=\"REQUEST\".

ListAttributeDefinitionsResponse

Fields
attribute_definitions[]

AttributeDefinition

The returned Attribute definitions. The maximum number of attributes returned is determined by the value of page_size in the ListAttributeDefinitionsRequest.

next_page_token

string

Token to retrieve the next page of results, or empty if there are no more results in the list.

ListConsentArtifactsRequest

Lists the Consent artifacts in the given consent store.

Fields
parent

string

Required. Name of the consent store to retrieve consent artifacts from.

Authorization requires the following IAM permission on the specified resource parent:

  • healthcare.consentArtifacts.list
page_size

int32

Optional. Limit on the number of consent artifacts to return in a single response. If not specified, 100 is used. May not be larger than 1000.

page_token

string

Optional. The next_page_token value returned from the previous List request, if any.

filter

string

Optional. Restricts the artifacts returned to those matching a filter. The following syntax is available:

  • A string field value can be written as text inside quotation marks, for example "query text". The only valid relational operation for text fields is equality (=), where text is searched within the field, rather than having the field be equal to the text. For example, "Comment = great" returns messages with great in the comment field.
  • A number field value can be written as an integer, a decimal, or an exponential. The valid relational operators for number fields are the equality operator (=), along with the less than/greater than operators (<, <=, >, >=). Note that there is no inequality (!=) operator. You can prepend the NOT operator to an expression to negate it.
  • A date field value must be written in yyyy-mm-dd form. Fields with date and time use the RFC3339 time format. Leading zeros are required for one-digit months and days. The valid relational operators for date fields are the equality operator (=) , along with the less than/greater than operators (<, <=, >, >=). Note that there is no inequality (!=) operator. You can prepend the NOT operator to an expression to negate it.
  • Multiple field query expressions can be combined in one query by adding AND or OR operators between the expressions. If a boolean operator appears within a quoted string, it is not treated as special, it's just another part of the character string to be matched. You can prepend the NOT operator to an expression to negate it.

The fields available for filtering are:

  • user_id. For example, filter=user_id=\"user123\".
  • consent_content_version
  • metadata. For example, filter=Metadata(\"testkey\")=\"value\" or filter=HasMetadata(\"testkey\").

ListConsentArtifactsResponse

Fields
consent_artifacts[]

ConsentArtifact

The returned Consent artifacts. The maximum number of artifacts returned is determined by the value of page_size in the ListConsentArtifactsRequest.

next_page_token

string

Token to retrieve the next page of results, or empty if there are no more results in the list.

ListConsentRevisionsRequest

Lists the revisions of the given Consent in reverse chronological order.

Fields
name

string

Required. The resource name of the Consent to retrieve revisions for.

Authorization requires the following IAM permission on the specified resource name:

  • healthcare.consents.get
page_size

int32

Optional. Limit on the number of revisions to return in a single response. If not specified, 100 is used. May not be larger than 1000.

page_token

string

Optional. Token to retrieve the next page of results or empty if there are no more results in the list.

filter

string

Optional. Restricts the revisions returned to those matching a filter. The following syntax is available:

  • A string field value can be written as text inside quotation marks, for example "query text". The only valid relational operation for text fields is equality (=), where text is searched within the field, rather than having the field be equal to the text. For example, "Comment = great" returns messages with great in the comment field.
  • A number field value can be written as an integer, a decimal, or an exponential. The valid relational operators for number fields are the equality operator (=), along with the less than/greater than operators (<, <=, >, >=). Note that there is no inequality (!=) operator. You can prepend the NOT operator to an expression to negate it.
  • A date field value must be written in yyyy-mm-dd form. Fields with date and time use the RFC3339 time format. Leading zeros are required for one-digit months and days. The valid relational operators for date fields are the equality operator (=) , along with the less than/greater than operators (<, <=, >, >=). Note that there is no inequality (!=) operator. You can prepend the NOT operator to an expression to negate it.
  • Multiple field query expressions can be combined in one query by adding AND or OR operators between the expressions. If a boolean operator appears within a quoted string, it is not treated as special, it's just another part of the character string to be matched. You can prepend the NOT operator to an expression to negate it.

Fields/functions available for filtering are:

  • user_id. For example, filter='user_id="user123"'.
  • consent_artifact
  • state
  • revision_create_time
  • metadata. For example, filter=Metadata(\"testkey\")=\"value\" or filter=HasMetadata(\"testkey\").

ListConsentRevisionsResponse

Fields
consents[]

Consent

The returned Consent revisions. The maximum number of revisions returned is determined by the value of page_size in the ListConsentRevisionsRequest.

next_page_token

string

Token to retrieve the next page of results, or empty if there are no more results in the list.

ListConsentStoresRequest

Lists the consent stores in the given dataset.

Fields
parent

string

Required. Name of the dataset.

Authorization requires the following IAM permission on the specified resource parent:

  • healthcare.consentStores.list
page_size

int32

Optional. Limit on the number of consent stores to return in a single response. If not specified, 100 is used. May not be larger than 1000.

page_token

string

Optional. Token to retrieve the next page of results, or empty to get the first page.

filter

string

Optional. Restricts the stores returned to those matching a filter. The following syntax is available:

  • A string field value can be written as text inside quotation marks, for example "query text". The only valid relational operation for text fields is equality (=), where text is searched within the field, rather than having the field be equal to the text. For example, "Comment = great" returns messages with great in the comment field.
  • A number field value can be written as an integer, a decimal, or an exponential. The valid relational operators for number fields are the equality operator (=), along with the less than/greater than operators (<, <=, >, >=). Note that there is no inequality (!=) operator. You can prepend the NOT operator to an expression to negate it.
  • A date field value must be written in yyyy-mm-dd form. Fields with date and time use the RFC3339 time format. Leading zeros are required for one-digit months and days. The valid relational operators for date fields are the equality operator (=) , along with the less than/greater than operators (<, <=, >, >=). Note that there is no inequality (!=) operator. You can prepend the NOT operator to an expression to negate it.
  • Multiple field query expressions can be combined in one query by adding AND or OR operators between the expressions. If a boolean operator appears within a quoted string, it is not treated as special, it's just another part of the character string to be matched. You can prepend the NOT operator to an expression to negate it.

Only filtering on labels is supported. For example, filter=labels.key=value.

ListConsentStoresResponse

Fields
consent_stores[]

ConsentStore

The returned consent stores. The maximum number of stores returned is determined by the value of page_size in the ListConsentStoresRequest.

next_page_token

string

Token to retrieve the next page of results, or empty if there are no more results in the list.

ListConsentsRequest

Lists all the Consents in the given consent store, returning each Consent's latest revision.

Fields
parent

string

Required. Name of the consent store to retrieve Consents from.

Authorization requires the following IAM permission on the specified resource parent:

  • healthcare.consents.list
page_size

int32

Optional. Limit on the number of Consents to return in a single response. If not specified, 100 is used. May not be larger than 1000.

page_token

string

Optional. The next_page_token value returned from the previous List request, if any.

filter

string

Optional. Restricts the consents returned to those matching a filter. The following syntax is available:

  • A string field value can be written as text inside quotation marks, for example "query text". The only valid relational operation for text fields is equality (=), where text is searched within the field, rather than having the field be equal to the text. For example, "Comment = great" returns messages with great in the comment field.
  • A number field value can be written as an integer, a decimal, or an exponential. The valid relational operators for number fields are the equality operator (=), along with the less than/greater than operators (<, <=, >, >=). Note that there is no inequality (!=) operator. You can prepend the NOT operator to an expression to negate it.
  • A date field value must be written in yyyy-mm-dd form. Fields with date and time use the RFC3339 time format. Leading zeros are required for one-digit months and days. The valid relational operators for date fields are the equality operator (=) , along with the less than/greater than operators (<, <=, >, >=). Note that there is no inequality (!=) operator. You can prepend the NOT operator to an expression to negate it.
  • Multiple field query expressions can be combined in one query by adding AND or OR operators between the expressions. If a boolean operator appears within a quoted string, it is not treated as special, it's just another part of the character string to be matched. You can prepend the NOT operator to an expression to negate it.

The fields available for filtering are:

  • user_id. For example, filter='user_id="user123"'.
  • consent_artifact
  • state
  • revision_create_time
  • metadata. For example, filter=Metadata(\"testkey\")=\"value\" or filter=HasMetadata(\"testkey\").

ListConsentsResponse

Fields
consents[]

Consent

The returned Consents. The maximum number of Consents returned is determined by the value of page_size in the ListConsentsRequest.

next_page_token

string

Token to retrieve the next page of results, or empty if there are no more results in the list.

ListUserDataMappingsRequest

Lists the User data mappings in the given consent store.

Fields
parent

string

Required. Name of the consent store to retrieve User data mappings from.

Authorization requires the following IAM permission on the specified resource parent:

  • healthcare.userDataMappings.list
page_size

int32

Optional. Limit on the number of User data mappings to return in a single response. If not specified, 100 is used. May not be larger than 1000.

page_token

string

Optional. Token to retrieve the next page of results, or empty to get the first page.

filter

string

Optional. Restricts the user data mappings returned to those matching a filter. The following syntax is available:

  • A string field value can be written as text inside quotation marks, for example "query text". The only valid relational operation for text fields is equality (=), where text is searched within the field, rather than having the field be equal to the text. For example, "Comment = great" returns messages with great in the comment field.
  • A number field value can be written as an integer, a decimal, or an exponential. The valid relational operators for number fields are the equality operator (=), along with the less than/greater than operators (<, <=, >, >=). Note that there is no inequality (!=) operator. You can prepend the NOT operator to an expression to negate it.
  • A date field value must be written in yyyy-mm-dd form. Fields with date and time use the RFC3339 time format. Leading zeros are required for one-digit months and days. The valid relational operators for date fields are the equality operator (=) , along with the less than/greater than operators (<, <=, >, >=). Note that there is no inequality (!=) operator. You can prepend the NOT operator to an expression to negate it.
  • Multiple field query expressions can be combined in one query by adding AND or OR operators between the expressions. If a boolean operator appears within a quoted string, it is not treated as special, it's just another part of the character string to be matched. You can prepend the NOT operator to an expression to negate it.

The fields available for filtering are:

  • data_id
  • user_id. For example, filter=user_id=\"user123\".
  • archived
  • archive_time

ListUserDataMappingsResponse

Fields
user_data_mappings[]

UserDataMapping

The returned User data mappings. The maximum number of User data mappings returned is determined by the value of page_size in the ListUserDataMappingsRequest.

next_page_token

string

Token to retrieve the next page of results, or empty if there are no more results in the list.

Policy

Represents a user's consent in terms of the resources that can be accessed and under what conditions.

Fields
resource_attributes[]

Attribute

The resources that this policy applies to. A resource is a match if it matches all the attributes listed here. If empty, this policy applies to all User data mappings for the given user.

authorization_rule

Expr

Required. The request conditions to meet to grant access. In addition to any supported comparison operators, authorization rules may have IN operator as well as at most 10 logical operators that are limited to AND (&&), OR (||).

QueryAccessibleDataRequest

Queries all data_ids that are consented for a given use in the given consent store and writes them to a specified destination.

The returned Operation includes a progress counter for the number of User data mappings processed.

Errors are logged to Cloud Logging (see Viewing error logs in Cloud Logging and [QueryAccessibleData] for a sample log entry).

Fields
consent_store

string

Required. Name of the consent store to retrieve User data mappings from.

Authorization requires the following IAM permission on the specified resource consentStore:

  • healthcare.consentStores.queryAccessibleData
resource_attributes

map<string, string>

Optional. The values of resource attributes associated with the type of resources being requested. If no values are specified, then all resource types are included in the output.

request_attributes

map<string, string>

The values of request attributes associated with this access request.

Union field destination. Required. The output destination of the result file. destination can be only one of the following:
gcs_destination

GcsDestination

The Cloud Storage destination. The Cloud Healthcare API service account must have the roles/storage.objectAdmin Cloud IAM role for this Cloud Storage location.

The object name is in the following format:

query-accessible-data-result-{operation_id}.txt

where each line contains a single data_id.

QueryAccessibleDataResponse

Response for successful QueryAccessibleData operations. This structure is included in the response upon operation completion.

Fields
gcs_uris[]

string

List of files, each of which contains a list of data_id(s) that are consented for a specified use in the request.

RejectConsentRequest

Rejects the latest revision of the specified Consent by committing a new revision with state updated to REJECTED. If the latest revision of the given Consent is in the REJECTED state, no new revision is committed.

Fields
name

string

Required. The resource name of the Consent to reject, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id}. An INVALID_ARGUMENT error occurs if revision_id is specified in the name.

Authorization requires the following IAM permission on the specified resource name:

  • healthcare.consents.reject
consent_artifact

string

Optional. The resource name of the Consent artifact that contains documentation of the user's rejection of the draft Consent, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consentArtifacts/{consent_artifact_id}. If the draft Consent had a Consent artifact, this Consent artifact overwrites it.

Authorization requires the following IAM permission on the specified resource consentArtifact:

  • healthcare.consentArtifacts.get

RevokeConsentRequest

Revokes the latest revision of the specified Consent by committing a new revision with state updated to REVOKED. If the latest revision of the given Consent is in the REVOKED state, no new revision is committed.

Fields
name

string

Required. The resource name of the Consent to revoke, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consents/{consent_id}. An INVALID_ARGUMENT error occurs if revision_id is specified in the name.

Authorization requires the following IAM permission on the specified resource name:

  • healthcare.consents.revoke
consent_artifact

string

Optional. The resource name of the Consent artifact that contains proof of the user's revocation of the Consent, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/consentArtifacts/{consent_artifact_id}.

Authorization requires the following IAM permission on the specified resource consentArtifact:

  • healthcare.consentArtifacts.get

Signature

User signature.

Fields
user_id

string

Required. User's UUID provided by the client.

image

Image

Optional. An image of the user's signature.

metadata

map<string, string>

Optional. Metadata associated with the user's signature. For example, the user's name or the user's title.

signature_time

Timestamp

Optional. Timestamp of the signature.

UpdateAttributeDefinitionRequest

Updates the Attribute definition.

Fields
attribute_definition

AttributeDefinition

Required. The Attribute definition resource that updates the resource on the server. Only the fields listed in update_mask are applied.

Authorization requires the following IAM permission on the specified resource attributeDefinition:

  • healthcare.attributeDefinitions.update
update_mask

FieldMask

Required. The update mask that applies to the resource. For the FieldMask definition, see https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask. Only the description, allowed_values, consent_default_values and data_mapping_default_value fields can be updated. The updated allowed_values must contain all values from the previous allowed_values.

UpdateConsentRequest

Updates the latest revision of the specified Consent by committing a new revision with the changes. A FAILED_PRECONDITION error occurs if the latest revision of the given consent is in the REJECTED or REVOKED state.

Fields
consent

Consent

Required. The Consent resource that updates the resource on the server. Only the fields listed in update_mask are applied. An INVALID_ARGUMENT error occurs if revision_id is specified as part of the Consent's name.

Authorization requires the following IAM permission on the specified resource consent:

  • healthcare.consents.update
update_mask

FieldMask

Required. The update mask to apply to the resource. For the FieldMask definition, see https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask. Only the user_id, policies, consent_artifact, and metadata fields can be updated.

UpdateConsentStoreRequest

Updates the consent store.

Fields
consent_store

ConsentStore

Required. The consent store resource that updates the resource on the server. Only the fields listed in update_mask are applied.

Authorization requires the following IAM permission on the specified resource consentStore:

  • healthcare.consentStores.update
update_mask

FieldMask

Required. The update mask that applies to the resource. For the FieldMask definition, see https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask. Only the labels, default_consent_ttl, and enable_consent_create_on_update fields are allowed to be updated.

UpdateUserDataMappingRequest

Updates the User data mapping.

Fields
user_data_mapping

UserDataMapping

Required. The User data mapping resource that updates the resource on the server. Only the fields listed in update_mask are applied.

Authorization requires the following IAM permission on the specified resource userDataMapping:

  • healthcare.userDataMappings.update
update_mask

FieldMask

Required. The update mask that applies to the resource. For the FieldMask definition, see https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask. Only the data_id, user_id and resource_attributes fields can be updated.

UserDataMapping

Maps a resource to the associated user and Attributes.

Fields
name

string

Resource name of the User data mapping, of the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/consentStores/{consent_store_id}/userDataMappings/{user_data_mapping_id}.

data_id

string

Required. A unique identifier for the mapped resource.

user_id

string

Required. User's UUID provided by the client.

resource_attributes[]

Attribute

Attributes of the resource. Only explicitly set attributes are displayed here. Attribute definitions with defaults set implicitly apply to these [User data mappings] [google.cloud.healthcare.v1beta1.consent.UserDataMappings]. Attributes listed here must be single valued, that is, exactly one value is specified for the field "values" in each Attribute.

archived

bool

Output only. Indicates whether this mapping is archived.

archive_time

Timestamp

Output only. Indicates the time when this mapping was archived.