Method: consentStores.checkDataAccess

Full name: projects.locations.datasets.consentStores.checkDataAccess

Checks if a particular dataId of a User data mapping in the specified consent store is consented for the specified use.

HTTP request

POST https://healthcare.googleapis.com/v1beta1/{consentStore=projects/*/locations/*/datasets/*/consentStores/*}:checkDataAccess

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters
consentStore

string

Required. Name of the consent store where the requested dataId is stored, of the form projects/{projectId}/locations/{locationId}/datasets/{datasetId}/consentStores/{consentStoreId}.

Authorization requires the following IAM permission on the specified resource consentStore:

  • healthcare.consentStores.checkDataAccess

Request body

The request body contains data with the following structure:

JSON representation
{
  "dataId": string,
  "requestAttributes": {
    string: string,
    ...
  },
  "responseView": enum(ResponseView),

  // Union field consent_selection can be only one of the following:
  "consentList": {
    object(ConsentList)
  }
  // End of list of possible types for union field consent_selection.
}
Fields
dataId

string

Required. The unique identifier of the resource to check access for. This identifier must correspond to a User data mapping in the given consent store.

requestAttributes

map (key: string, value: string)

The values of request attributes associated with this access request.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.

responseView

enum(ResponseView)

Optional. The view for CheckDataAccessResponse. If unspecified, defaults to BASIC and returns consented as TRUE or FALSE.

consentList

object(ConsentList)

Optional. Specific Consents to evaluate the access request against. These Consents must have the same userId as the evaluated User data mapping, must exist in the current consentStore, and have a state of either ACTIVE or DRAFT. A maximum of 100 Consents can be provided here. If no selection is specified, the access request is evaluated against all ACTIVE unexpired Consents with the same userId as the evaluated User data mapping.

Response body

Checks if a particular dataId of a User data mapping in the given consent store is consented for a given use.

If successful, the response body contains data with the following structure:

JSON representation
{
  "consented": boolean,
  "consentDetails": {
    string: {
      object(ConsentEvaluation)
    },
    ...
  }
}
Fields
consented

boolean

Whether the requested resource is consented for the given use.

consentDetails

map (key: string, value: object(ConsentEvaluation))

The resource names of all evaluated Consents mapped to their evaluation.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-healthcare
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ResponseView

The supported views for CheckDataAccessResponse.

Enums
RESPONSE_VIEW_UNSPECIFIED No response view specified. The API will default to the BASIC view.
BASIC Only the consented field is populated in CheckDataAccessResponse.
FULL All fields within CheckDataAccessResponse are populated. When set to FULL, all ACTIVE Consents are evaluated even if a matching policy is found during evaluation.