Index
ConsentService
(interface)ActivateConsentRequest
(message)ArchiveUserDataMappingRequest
(message)ArchiveUserDataMappingResponse
(message)Attribute
(message)AttributeDefinition
(message)AttributeDefinition.Category
(enum)CheckDataAccessRequest
(message)CheckDataAccessRequest.ResponseView
(enum)CheckDataAccessResponse
(message)Consent
(message)Consent.State
(enum)ConsentArtifact
(message)ConsentEvaluation
(message)ConsentEvaluation.EvaluationResult
(enum)ConsentList
(message)ConsentStore
(message)CreateAttributeDefinitionRequest
(message)CreateConsentArtifactRequest
(message)CreateConsentRequest
(message)CreateConsentStoreRequest
(message)CreateUserDataMappingRequest
(message)DeleteAttributeDefinitionRequest
(message)DeleteConsentArtifactRequest
(message)DeleteConsentRequest
(message)DeleteConsentRevisionRequest
(message)DeleteConsentStoreRequest
(message)DeleteUserDataMappingRequest
(message)EvaluateUserConsentsRequest
(message)EvaluateUserConsentsRequest.ResponseView
(enum)EvaluateUserConsentsResponse
(message)EvaluateUserConsentsResponse.Result
(message)GcsDestination
(message)GetAttributeDefinitionRequest
(message)GetConsentArtifactRequest
(message)GetConsentRequest
(message)GetConsentStoreRequest
(message)GetUserDataMappingRequest
(message)Image
(message)ListAttributeDefinitionsRequest
(message)ListAttributeDefinitionsResponse
(message)ListConsentArtifactsRequest
(message)ListConsentArtifactsResponse
(message)ListConsentRevisionsRequest
(message)ListConsentRevisionsResponse
(message)ListConsentStoresRequest
(message)ListConsentStoresResponse
(message)ListConsentsRequest
(message)ListConsentsResponse
(message)ListUserDataMappingsRequest
(message)ListUserDataMappingsResponse
(message)Policy
(message)QueryAccessibleDataRequest
(message)QueryAccessibleDataResponse
(message)RejectConsentRequest
(message)RevokeConsentRequest
(message)Signature
(message)UpdateAttributeDefinitionRequest
(message)UpdateConsentRequest
(message)UpdateConsentStoreRequest
(message)UpdateUserDataMappingRequest
(message)UserDataMapping
(message)
ConsentService
A service for managing user consents.
ActivateConsent |
---|
Activates the latest revision of the specified
|
ArchiveUserDataMapping |
---|
Archives the specified
|
CheckDataAccess |
---|
Checks if a particular data_id of a
|
CreateAttributeDefinition |
---|
Creates a new
|
CreateConsent |
---|
Creates a new
|
CreateConsentArtifact |
---|
Creates a new
|
CreateConsentStore |
---|
Creates a new
|
CreateUserDataMapping |
---|
Creates a new
|
DeleteAttributeDefinition |
---|
Deletes the specified
|
DeleteConsent |
---|
Deletes the
|
DeleteConsentArtifact |
---|
Deletes the specified
|
DeleteConsentRevision |
---|
Deletes the specified revision of a
|
DeleteConsentStore |
---|
Deletes the specified
|
DeleteUserDataMapping |
---|
Deletes the specified
|
EvaluateUserConsents |
---|
Evaluates the user's Note: User data mappings are indexed asynchronously, which can cause a slight delay between the time mappings are created or updated and when they are included in EvaluateUserConsents results.
|
GetAttributeDefinition |
---|
Gets the specified
|
GetConsent |
---|
Gets the specified revision of a
|
GetConsentArtifact |
---|
Gets the specified
|
GetConsentStore |
---|
Gets the specified
|
GetUserDataMapping |
---|
Gets the specified
|
ListAttributeDefinitions |
---|
Lists the
|
ListConsentArtifacts |
---|
Lists the
|
ListConsentRevisions |
---|
Lists the revisions of the specified
|
ListConsentStores |
---|
Lists the
|
ListConsents |
---|
Lists the
|
ListUserDataMappings |
---|
Lists the
|
QueryAccessibleData |
---|
Queries all data_ids that are consented for a specified use in the given The returned If the request is successful, a detailed response is returned of type Errors are logged to Cloud Logging (see Viewing error logs in Cloud Logging). For example, the following sample log entry shows a
|
RejectConsent |
---|
Rejects the latest revision of the specified
|
RevokeConsent |
---|
Revokes the latest revision of the specified
|
UpdateAttributeDefinition |
---|
Updates the specified
|
UpdateConsent |
---|
Updates the latest revision of the specified
|
UpdateConsentStore |
---|
Updates the specified
|
UpdateUserDataMapping |
---|
Updates the specified
|
ActivateConsentRequest
Activates the latest revision of the specified Consent
by committing a new revision with state
updated to ACTIVE
. If the latest revision of the given Consent is in the ACTIVE
state, no new revision is committed. A FAILED_PRECONDITION
error occurs if the latest revision of the given consent is in the REJECTED
or REVOKED
state.
Fields | |
---|---|
name |
Required. The resource name of the Consent to activate, of the form Authorization requires the following IAM permission on the specified resource
|
consent_artifact |
Required. The resource name of the Consent artifact that contains documentation of the user's consent, of the form Authorization requires the following IAM permission on the specified resource
|
Union field expiration . Optional. Allows setting expiration time for Consents. Expired consents are ignored in access determination methods such as [CheckDataAccess]. This value overrides the expiration duration configured for the consent store. expiration can be only one of the following: |
|
expire_time |
Timestamp in UTC of when this Consent is considered expired. |
ttl |
The time to live for this Consent from when it is marked as active. |
ArchiveUserDataMappingRequest
Archives the specified User data mapping
.
Fields | |
---|---|
name |
Required. The resource name of the User data mapping to archive. Authorization requires the following IAM permission on the specified resource
|
ArchiveUserDataMappingResponse
This type has no fields.
Archives the specified User data mapping
.
Attribute
An attribute value for a Consent or User data mapping. Each Attribute must have a corresponding AttributeDefinition
in the consent store that defines the default and allowed values.
Fields | |
---|---|
attribute_definition_id |
Indicates the name of an attribute defined in the consent store. |
values[] |
The value of the attribute. Must be an acceptable value as defined in the consent store. For example, if the consent store defines "data type" with acceptable values "questionnaire" and "step-count", when the attribute name is data type, this field must contain one of those values. |
AttributeDefinition
A client-defined consent attribute.
Fields | |
---|---|
name |
Identifier. Resource name of the Attribute definition, of the form |
description |
Optional. A description of the attribute. |
category |
Required. The category of the attribute. The value of this field cannot be changed after creation. |
allowed_values[] |
Required. Possible values for the attribute. The number of allowed values must not exceed 500. An empty list is invalid. The list can only be expanded after creation. |
consent_default_values[] |
Optional. Default values of the attribute in Consents. If no default values are specified, it defaults to an empty value. |
data_mapping_default_value |
Optional. Default value of the attribute in User data mappings. If no default value is specified, it defaults to an empty value. This field is only applicable to attributes of the category |
Category
The category of the attribute.
Enums | |
---|---|
CATEGORY_UNSPECIFIED |
No category specified. This option is invalid. |
RESOURCE |
Specify this category when this attribute describes the properties of resources. For example, data anonymity or data type. |
REQUEST |
Specify this category when this attribute describes the properties of requests. For example, requester's role or requester's organization. |
CheckDataAccessRequest
Checks if a particular data_id of a User data mapping
in the given consent store
is consented for a given use.
Fields | |
---|---|
consent_store |
Required. Name of the consent store where the requested data_id is stored, of the form Authorization requires the following IAM permission on the specified resource
|
data_id |
Required. The unique identifier of the resource to check access for. This identifier must correspond to a User data mapping in the given consent store. |
request_attributes |
The values of request attributes associated with this access request. |
response_view |
Optional. The view for |
Union field consent_selection . The selection of Consents to evaluate the access request against. If no selection is specified, the access request is evaluated against all ACTIVE unexpired Consents with the same user_id as the data to check access for. consent_selection can be only one of the following: |
|
consent_list |
Optional. Specific |
ResponseView
The supported views for CheckDataAccessResponse
.
Enums | |
---|---|
RESPONSE_VIEW_UNSPECIFIED |
No response view specified. The API will default to the BASIC view. |
BASIC |
Only the consented field is populated in CheckDataAccessResponse . |
FULL |
All fields within CheckDataAccessResponse are populated. When set to FULL , all ACTIVE Consents are evaluated even if a matching policy is found during evaluation. |
CheckDataAccessResponse
Checks if a particular data_id of a User data mapping
in the given consent store
is consented for a given use.
Fields | |
---|---|
consented |
Whether the requested resource is consented for the given use. |
consent_details |
The resource names of all evaluated |
Consent
Represents a user's consent.
Fields | |
---|---|
name |
Identifier. Resource name of the Consent, of the form |
revision_id |
Output only. The revision ID of the Consent. The format is an 8-character hexadecimal string. Refer to a specific revision of a Consent by appending |
revision_create_time |
Output only. The timestamp that the revision was created. |
user_id |
Required. User's UUID provided by the client. |
policies[] |
Optional. Represents a user's consent in terms of the resources that can be accessed and under what conditions. |
consent_artifact |
Required. The resource name of the Consent artifact that contains proof of the end user's consent, of the form |
state |
Required. Indicates the current state of this Consent. |
metadata |
Optional. User-supplied key-value pairs used to organize Consent resources. Metadata keys must:
Metadata values must be: - be between 1 and 63 characters long - have a UTF-8 encoding of maximum 128 bytes - consist of up to 63 characters including lowercase letters, numeric characters, underscores, and dashes No more than 64 metadata entries can be associated with a given consent. |
Union field expiration . Optional. Allows setting expiration time for Consents. Expired Consents are ignored in access determination methods such as [CheckDataAccess]. This value replaces any default expiration duration configured for the Consent store. expiration can be only one of the following: |
|
expire_time |
Timestamp in UTC of when this Consent is considered expired. |
ttl |
Input only. The time to live for this Consent from when it is created. |
State
The state of the Consent resource.
Enums | |
---|---|
STATE_UNSPECIFIED |
No state specified. Treated as ACTIVE only at the time of resource creation. |
ACTIVE |
The Consent is active and is considered when evaluating a user's consent on resources. |
ARCHIVED |
The archived state is currently not being used. |
REVOKED |
A revoked Consent is not considered when evaluating a user's consent on resources. |
DRAFT |
A draft Consent is not considered when evaluating a user's consent on resources unless explicitly specified. |
REJECTED |
When a draft Consent is rejected by a user, it is set to a rejected state. A rejected Consent is not considered when evaluating a user's consent on resources. |
ConsentArtifact
Documentation of a user's consent.
Fields | |
---|---|
name |
Identifier. Resource name of the Consent artifact, of the form |
user_id |
Required. User's UUID provided by the client. |
user_signature |
Optional. User's signature. |
guardian_signature |
Optional. A signature from a guardian. |
witness_signature |
Optional. A signature from a witness. |
consent_content_screenshots[] |
Optional. Screenshots, PDFs, or other binary information documenting the user's consent. |
consent_content_version |
Optional. An string indicating the version of the consent information shown to the user. |
metadata |
Optional. Metadata associated with the Consent artifact. For example, the consent locale or user agent version. |
ConsentEvaluation
The detailed evaluation of a particular Consent
.
Fields | |
---|---|
evaluation_result |
The evaluation result. |
EvaluationResult
Indicates the evaluation result of a particular Consent
.
Enums | |
---|---|
EVALUATION_RESULT_UNSPECIFIED |
No evaluation result specified. This option is invalid. |
NOT_APPLICABLE |
The Consent is not applicable to the requested access determination. For example, the Consent does not apply to the user for which the access determination is requested, or it has a state of REVOKED , or it has expired. |
NO_MATCHING_POLICY |
The Consent does not have a policy that matches the resource_attributes of the evaluated resource. |
NO_SATISFIED_POLICY |
The Consent has at least one policy that matches the resource_attributes of the evaluated resource, but no authorization_rule was satisfied. |
HAS_SATISFIED_POLICY |
The Consent has at least one policy that matches the resource_attributes of the evaluated resource, and at least one authorization_rule was satisfied. |
ConsentList
List of resource names of Consent
resources.
Fields | |
---|---|
consents[] |
The resource names of the |
ConsentStore
Represents a consent store.
Fields | |
---|---|
name |
Resource name of the consent store, of the form |
default_consent_ttl |
Optional. Default time to live for Consents created in this store. Must be at least 24 hours. Updating this field will not affect the expiration time of existing consents. |
labels |
Optional. User-supplied key-value pairs used to organize consent stores. Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}][\p{Ll}\p{Lo}\p{N}_-]{0,62}. Label values must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}\p{N}_-]{0,63}. No more than 64 labels can be associated with a given store. For more information: https://cloud.google.com/healthcare/docs/how-tos/labeling-resources |
enable_consent_create_on_update |
Optional. If |
CreateAttributeDefinitionRequest
Creates a new Attribute definition
.
Fields | |
---|---|
parent |
Required. The name of the consent store that this Attribute definition belongs to. Authorization requires the following IAM permission on the specified resource
|
attribute_definition_id |
Required. The ID of the Attribute definition to create. The string must match the following regex: |
attribute_definition |
Required. Attribute definition to create. |
CreateConsentArtifactRequest
Creates a new Consent artifact
. Cannot be updated after creation.
Fields | |
---|---|
parent |
Required. The name of the consent store this Consent artifact belongs to. Authorization requires the following IAM permission on the specified resource
|
consent_artifact |
Required. Consent artifact to create. |
CreateConsentRequest
Creates a new Consent
.
Fields | |
---|---|
parent |
Required. Name of the consent store. Authorization requires the following IAM permission on the specified resource
|
consent |
Required. Consent to create. |
CreateConsentStoreRequest
Creates a new consent store
.
Fields | |
---|---|
parent |
Required. The name of the dataset this consent store belongs to. Authorization requires the following IAM permission on the specified resource
|
consent_store_id |
Required. The ID of the consent store to create. The string must match the following regex: |
consent_store |
Required. Configuration info for this consent store. |
CreateUserDataMappingRequest
Creates a new User data mapping
.
Fields | |
---|---|
parent |
Required. Name of the consent store. Authorization requires the following IAM permission on the specified resource
|
user_data_mapping |
Required. User data mapping to create. |
DeleteAttributeDefinitionRequest
Deletes the specified Attribute definition
.
Fields | |
---|---|
name |
Required. The resource name of the Attribute definition to delete. To preserve referential integrity, Attribute definitions referenced by a User data mapping or the latest revision of a Consent cannot be deleted. Authorization requires the following IAM permission on the specified resource
|
DeleteConsentArtifactRequest
Deletes the specified Consent artifact
.
Fields | |
---|---|
name |
Required. The resource name of the Consent artifact to delete. To preserve referential integrity, Consent artifacts referenced by the latest revision of a Consent cannot be deleted. Authorization requires the following IAM permission on the specified resource
|
DeleteConsentRequest
Deletes the Consent
and its revisions. To keep a record of the Consent but mark it inactive, see [RevokeConsent]. To delete a revision of a Consent, see [DeleteConsentRevision]. This operation does not delete the related Consent artifact.
Fields | |
---|---|
name |
Required. The resource name of the Consent to delete, of the form Authorization requires the following IAM permission on the specified resource
|
DeleteConsentRevisionRequest
Deletes the specified revision of a Consent
. An INVALID_ARGUMENT
error occurs if the specified revision is the latest revision.
Fields | |
---|---|
name |
Required. The resource name of the Consent revision to delete, of the form Authorization requires the following IAM permission on the specified resource
|
DeleteConsentStoreRequest
Deletes the specified consent store
.
Fields | |
---|---|
name |
Required. The resource name of the consent store to delete. Authorization requires the following IAM permission on the specified resource
|
DeleteUserDataMappingRequest
Deletes the specified User data mapping
.
Fields | |
---|---|
name |
Required. The resource name of the User data mapping to delete. Authorization requires the following IAM permission on the specified resource
|
EvaluateUserConsentsRequest
Evaluate a user's Consents
for all matching User data mappings
.
Note: User data mappings are indexed asynchronously, causing slight delays between the time mappings are created or updated and when they are included in EvaluateUserConsents results.
Fields | |
---|---|
consent_store |
Required. Name of the consent store to retrieve User data mappings from. Authorization requires the following IAM permission on the specified resource
|
user_id |
Required. User ID to evaluate consents for. |
resource_attributes |
Optional. The values of resource attributes associated with the resources being requested. If no values are specified, then all resources are queried. |
request_attributes |
Required. The values of request attributes associated with this access request. |
response_view |
Optional. The view for |
page_size |
Optional. Limit on the number of User data mappings to return in a single response. If not specified, 100 is used. May not be larger than 1000. |
page_token |
Optional. Token to retrieve the next page of results, or empty to get the first page. |
Union field
|
|
consent_list |
Optional. Specific |
ResponseView
The supported views for EvaluateUserConsentsResponse
.
Enums | |
---|---|
RESPONSE_VIEW_UNSPECIFIED |
No response view specified. The API will default to the BASIC view. |
BASIC |
Only the data_id and consented fields are populated in the response. |
FULL |
All fields within the response are populated. When set to FULL , all ACTIVE Consents are evaluated even if a matching policy is found during evaluation. |
EvaluateUserConsentsResponse
Fields | |
---|---|
results[] |
The consent evaluation result for each |
next_page_token |
Token to retrieve the next page of results, or empty if there are no more results in the list. This token is valid for 72 hours after it is created. |
Result
The consent evaluation result for a single data_id
.
Fields | |
---|---|
data_id |
The unique identifier of the evaluated resource. |
consented |
Whether the resource is consented for the given use. |
consent_details |
The resource names of all evaluated |
GcsDestination
The Cloud Storage location for export.
Fields | |
---|---|
uri_prefix |
URI for a Cloud Storage directory where the server writes result files, in the format |
GetAttributeDefinitionRequest
Gets an Attribute definition
.
Fields | |
---|---|
name |
Required. The resource name of the Attribute definition to get. Authorization requires the following IAM permission on the specified resource
|
GetConsentArtifactRequest
Gets a Consent artifact
.
Fields | |
---|---|
name |
Required. The resource name of the Consent artifact to retrieve. Authorization requires the following IAM permission on the specified resource
|
GetConsentRequest
Gets the specified revision of a Consent
, or the latest revision if revision_id
is not specified in the resource name.
Fields | |
---|---|
name |
Required. The resource name of the Consent to retrieve, of the form In order to retrieve a previous revision of the Consent, also provide the revision ID: Authorization requires the following IAM permission on the specified resource
|
GetConsentStoreRequest
Gets a consent store
.
Fields | |
---|---|
name |
Required. The resource name of the consent store to get. Authorization requires the following IAM permission on the specified resource
|
GetUserDataMappingRequest
Gets the User data mapping
.
Fields | |
---|---|
name |
Required. The resource name of the User data mapping to retrieve. Authorization requires the following IAM permission on the specified resource
|
Image
Raw bytes representing consent artifact content.
Fields | |
---|---|
Union field
|
|
raw_bytes |
Consent artifact content represented as a stream of bytes. This field is populated when returned in GetConsentArtifact response, but not included in CreateConsentArtifact and ListConsentArtifact response. |
gcs_uri |
Input only. Points to a Cloud Storage URI containing the consent artifact content. The URI must be in the following format: |
ListAttributeDefinitionsRequest
Lists the Attribute definitions
in the given consent store
.
Fields | |
---|---|
parent |
Required. Name of the consent store to retrieve Attribute definitions from. Authorization requires the following IAM permission on the specified resource
|
page_size |
Optional. Limit on the number of Attribute definitions to return in a single response. If not specified, 100 is used. May not be larger than 1000. |
page_token |
Optional. Token to retrieve the next page of results or empty to get the first page. |
filter |
Optional. Restricts the attributes returned to those matching a filter. The following syntax is available:
The only field available for filtering is For example, |
ListAttributeDefinitionsResponse
Fields | |
---|---|
attribute_definitions[] |
The returned Attribute definitions. The maximum number of attributes returned is determined by the value of page_size in the ListAttributeDefinitionsRequest. |
next_page_token |
Token to retrieve the next page of results, or empty if there are no more results in the list. |
ListConsentArtifactsRequest
Lists the Consent artifacts
in the given consent store
.
Fields | |
---|---|
parent |
Required. Name of the consent store to retrieve consent artifacts from. Authorization requires the following IAM permission on the specified resource
|
page_size |
Optional. Limit on the number of consent artifacts to return in a single response. If not specified, 100 is used. May not be larger than 1000. |
page_token |
Optional. The next_page_token value returned from the previous List request, if any. |
filter |
Optional. Restricts the artifacts returned to those matching a filter. The following syntax is available:
The fields available for filtering are:
|
ListConsentArtifactsResponse
Fields | |
---|---|
consent_artifacts[] |
The returned Consent artifacts. The maximum number of artifacts returned is determined by the value of page_size in the ListConsentArtifactsRequest. |
next_page_token |
Token to retrieve the next page of results, or empty if there are no more results in the list. |
ListConsentRevisionsRequest
Lists the revisions of the given Consent
in reverse chronological order.
Fields | |
---|---|
name |
Required. The resource name of the Consent to retrieve revisions for. Authorization requires the following IAM permission on the specified resource
|
page_size |
Optional. Limit on the number of revisions to return in a single response. If not specified, 100 is used. May not be larger than 1000. |
page_token |
Optional. Token to retrieve the next page of results or empty if there are no more results in the list. |
filter |
Optional. Restricts the revisions returned to those matching a filter. The following syntax is available:
Fields/functions available for filtering are:
|
ListConsentRevisionsResponse
Fields | |
---|---|
consents[] |
The returned Consent revisions. The maximum number of revisions returned is determined by the value of |
next_page_token |
Token to retrieve the next page of results, or empty if there are no more results in the list. |
ListConsentStoresRequest
Lists the consent stores
in the given dataset.
Fields | |
---|---|
parent |
Required. Name of the dataset. Authorization requires the following IAM permission on the specified resource
|
page_size |
Optional. Limit on the number of consent stores to return in a single response. If not specified, 100 is used. May not be larger than 1000. |
page_token |
Optional. Token to retrieve the next page of results, or empty to get the first page. |
filter |
Optional. Restricts the stores returned to those matching a filter. The following syntax is available:
Only filtering on labels is supported. For example, |
ListConsentStoresResponse
Fields | |
---|---|
consent_stores[] |
The returned consent stores. The maximum number of stores returned is determined by the value of page_size in the ListConsentStoresRequest. |
next_page_token |
Token to retrieve the next page of results, or empty if there are no more results in the list. |
ListConsentsRequest
Lists all the Consents
in the given consent store
, returning each Consent's latest revision.
Fields | |
---|---|
parent |
Required. Name of the consent store to retrieve Consents from. Authorization requires the following IAM permission on the specified resource
|
page_size |
Optional. Limit on the number of Consents to return in a single response. If not specified, 100 is used. May not be larger than 1000. |
page_token |
Optional. The next_page_token value returned from the previous List request, if any. |
filter |
Optional. Restricts the consents returned to those matching a filter. The following syntax is available:
The fields available for filtering are:
|
ListConsentsResponse
Fields | |
---|---|
consents[] |
The returned Consents. The maximum number of Consents returned is determined by the value of page_size in the ListConsentsRequest. |
next_page_token |
Token to retrieve the next page of results, or empty if there are no more results in the list. |
ListUserDataMappingsRequest
Lists the User data mappings
in the given consent store
.
Fields | |
---|---|
parent |
Required. Name of the consent store to retrieve User data mappings from. Authorization requires the following IAM permission on the specified resource
|
page_size |
Optional. Limit on the number of User data mappings to return in a single response. If not specified, 100 is used. May not be larger than 1000. |
page_token |
Optional. Token to retrieve the next page of results, or empty to get the first page. |
filter |
Optional. Restricts the user data mappings returned to those matching a filter. The following syntax is available:
The fields available for filtering are:
|
ListUserDataMappingsResponse
Fields | |
---|---|
user_data_mappings[] |
The returned User data mappings. The maximum number of User data mappings returned is determined by the value of page_size in the ListUserDataMappingsRequest. |
next_page_token |
Token to retrieve the next page of results, or empty if there are no more results in the list. |
Policy
Represents a user's consent in terms of the resources that can be accessed and under what conditions.
Fields | |
---|---|
resource_attributes[] |
The resources that this policy applies to. A resource is a match if it matches all the attributes listed here. If empty, this policy applies to all User data mappings for the given user. |
authorization_rule |
Required. The request conditions to meet to grant access. In addition to any supported comparison operators, authorization rules may have |
QueryAccessibleDataRequest
Queries all data_ids that are consented for a given use in the given consent store
and writes them to a specified destination.
The returned Operation
includes a progress counter for the number of User data mappings
processed.
Errors are logged to Cloud Logging (see Viewing error logs in Cloud Logging and [QueryAccessibleData] for a sample log entry).
Fields | |
---|---|
consent_store |
Required. Name of the consent store to retrieve User data mappings from. Authorization requires the following IAM permission on the specified resource
|
resource_attributes |
Optional. The values of resource attributes associated with the type of resources being requested. If no values are specified, then all resource types are included in the output. |
request_attributes |
The values of request attributes associated with this access request. |
Union field destination . Required. The output destination of the result file. destination can be only one of the following: |
|
gcs_destination |
The Cloud Storage destination. The Cloud Healthcare API service account must have the The object name is in the following format: query-accessible-data-result-{operation_id}.txt where each line contains a single data_id. |
QueryAccessibleDataResponse
Response for successful QueryAccessibleData operations. This structure is included in the response
upon operation completion.
Fields | |
---|---|
gcs_uris[] |
List of files, each of which contains a list of data_id(s) that are consented for a specified use in the request. |
RejectConsentRequest
Rejects the latest revision of the specified Consent
by committing a new revision with state
updated to REJECTED
. If the latest revision of the given Consent is in the REJECTED
state, no new revision is committed.
Fields | |
---|---|
name |
Required. The resource name of the Consent to reject, of the form Authorization requires the following IAM permission on the specified resource
|
consent_artifact |
Optional. The resource name of the Consent artifact that contains documentation of the user's rejection of the draft Consent, of the form Authorization requires the following IAM permission on the specified resource
|
RevokeConsentRequest
Revokes the latest revision of the specified Consent
by committing a new revision with state
updated to REVOKED
. If the latest revision of the given Consent is in the REVOKED
state, no new revision is committed.
Fields | |
---|---|
name |
Required. The resource name of the Consent to revoke, of the form Authorization requires the following IAM permission on the specified resource
|
consent_artifact |
Optional. The resource name of the Consent artifact that contains proof of the user's revocation of the Consent, of the form Authorization requires the following IAM permission on the specified resource
|
Signature
User signature.
Fields | |
---|---|
user_id |
Required. User's UUID provided by the client. |
image |
Optional. An image of the user's signature. |
metadata |
Optional. Metadata associated with the user's signature. For example, the user's name or the user's title. |
signature_time |
Optional. Timestamp of the signature. |
UpdateAttributeDefinitionRequest
Updates the Attribute definition
.
Fields | |
---|---|
attribute_definition |
Required. The Attribute definition resource that updates the resource on the server. Only the fields listed in Authorization requires the following IAM permission on the specified resource
|
update_mask |
Required. The update mask that applies to the resource. For the |
UpdateConsentRequest
Updates the latest revision of the specified Consent
by committing a new revision with the changes. A FAILED_PRECONDITION
error occurs if the latest revision of the given consent is in the REJECTED
or REVOKED
state.
Fields | |
---|---|
consent |
Required. The Consent resource that updates the resource on the server. Only the fields listed in Authorization requires the following IAM permission on the specified resource
|
update_mask |
Required. The update mask to apply to the resource. For the |
UpdateConsentStoreRequest
Updates the consent store
.
Fields | |
---|---|
consent_store |
Required. The consent store resource that updates the resource on the server. Only the fields listed in Authorization requires the following IAM permission on the specified resource
|
update_mask |
Required. The update mask that applies to the resource. For the |
UpdateUserDataMappingRequest
Updates the User data mapping
.
Fields | |
---|---|
user_data_mapping |
Required. The User data mapping resource that updates the resource on the server. Only the fields listed in Authorization requires the following IAM permission on the specified resource
|
update_mask |
Required. The update mask that applies to the resource. For the |
UserDataMapping
Maps a resource to the associated user and Attributes
.
Fields | |
---|---|
name |
Resource name of the User data mapping, of the form |
data_id |
Required. A unique identifier for the mapped resource. |
user_id |
Required. User's UUID provided by the client. |
resource_attributes[] |
Attributes of the resource. Only explicitly set attributes are displayed here. |
archived |
Output only. Indicates whether this mapping is archived. |
archive_time |
Output only. Indicates the time when this mapping was archived. |