google-api-python-client 2.155.0__py2.py3-none-any.whl → 2.157.0__py2.py3-none-any.whl

googleapiclient/discovery_cache/documents/healthcare.v1.json

@@ -2942,6 +2942,64 @@
 },
 "fhirStores": {
 "methods": {
+"applyAdminConsents": {
+"description": "Applies the admin Consent resources for the FHIR store and reindexes the underlying resources in the FHIR store according to the aggregate consents. This method also updates the `consent_config.enforced_admin_consents` field of the FhirStore unless `validate_only=true` in ApplyAdminConsentsRequest. Any admin Consent resource change after this operation execution (including deletion) requires you to call ApplyAdminConsents again for the change to take effect. This method returns an Operation that can be used to track the progress of the resources that were reindexed, by calling GetOperation. Upon completion, the ApplyAdminConsentsResponse additionally contains the number of resources that were reindexed. If at least one Consent resource contains an error or fails be be enforced for any reason, the method returns an error instead of an Operation. No resources will be reindexed and the `consent_config.enforced_admin_consents` field will be unchanged. To enforce a consent check for data access, `consent_config.access_enforced` must be set to true for the FhirStore.",
+"flatPath": "v1/projects/{projectsId}/locations/{locationsId}/datasets/{datasetsId}/fhirStores/{fhirStoresId}:applyAdminConsents",
+"httpMethod": "POST",
+"id": "healthcare.projects.locations.datasets.fhirStores.applyAdminConsents",
+"parameterOrder": [
+"name"
+],
+"parameters": {
+"name": {
+"description": "Required. The name of the FHIR store to enforce, in the format `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/fhirStores/{fhir_store_id}`.",
+"location": "path",
+"pattern": "^projects/[^/]+/locations/[^/]+/datasets/[^/]+/fhirStores/[^/]+$",
+"required": true,
+"type": "string"
+}
+},
+"path": "v1/{+name}:applyAdminConsents",
+"request": {
+"$ref": "ApplyAdminConsentsRequest"
+},
+"response": {
+"$ref": "Operation"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-healthcare",
+"https://www.googleapis.com/auth/cloud-platform"
+]
+},
+"applyConsents": {
+"description": "Apply the Consent resources for the FHIR store and reindex the underlying resources in the FHIR store according to the aggregate consent. The aggregate consent of the patient in scope in this request replaces any previous call of this method. Any Consent resource change after this operation execution (including deletion) requires you to call ApplyConsents again to have effect. This method returns an Operation that can be used to track the progress of the consent resources that were processed by calling GetOperation. Upon completion, the ApplyConsentsResponse additionally contains the number of resources that was reindexed. Errors are logged to Cloud Logging (see [Viewing error logs in Cloud Logging](https://cloud.google.com/healthcare/docs/how-tos/logging)). To enforce consent check for data access, `consent_config.access_enforced` must be set to true for the FhirStore.",
+"flatPath": "v1/projects/{projectsId}/locations/{locationsId}/datasets/{datasetsId}/fhirStores/{fhirStoresId}:applyConsents",
+"httpMethod": "POST",
+"id": "healthcare.projects.locations.datasets.fhirStores.applyConsents",
+"parameterOrder": [
+"name"
+],
+"parameters": {
+"name": {
+"description": "Required. The name of the FHIR store to enforce, in the format `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/fhirStores/{fhir_store_id}`.",
+"location": "path",
+"pattern": "^projects/[^/]+/locations/[^/]+/datasets/[^/]+/fhirStores/[^/]+$",
+"required": true,
+"type": "string"
+}
+},
+"path": "v1/{+name}:applyConsents",
+"request": {
+"$ref": "ApplyConsentsRequest"
+},
+"response": {
+"$ref": "Operation"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-healthcare",
+"https://www.googleapis.com/auth/cloud-platform"
+]
+},
 "create": {
 "description": "Creates a new FHIR store within the parent dataset.",
 "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/datasets/{datasetsId}/fhirStores",
@@ -3031,6 +3089,37 @@
 "https://www.googleapis.com/auth/cloud-platform"
 ]
 },
+"explainDataAccess": {
+"description": "Explains all the permitted/denied actor, purpose and environment for a given resource.",
+"flatPath": "v1/projects/{projectsId}/locations/{locationsId}/datasets/{datasetsId}/fhirStores/{fhirStoresId}:explainDataAccess",
+"httpMethod": "GET",
+"id": "healthcare.projects.locations.datasets.fhirStores.explainDataAccess",
+"parameterOrder": [
+"name"
+],
+"parameters": {
+"name": {
+"description": "Required. The name of the FHIR store to enforce, in the format `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/fhirStores/{fhir_store_id}`.",
+"location": "path",
+"pattern": "^projects/[^/]+/locations/[^/]+/datasets/[^/]+/fhirStores/[^/]+$",
+"required": true,
+"type": "string"
+},
+"resourceId": {
+"description": "Required. The ID (`{resourceType}/{id}`) of the resource to explain data access on.",
+"location": "query",
+"type": "string"
+}
+},
+"path": "v1/{+name}:explainDataAccess",
+"response": {
+"$ref": "ExplainDataAccessResponse"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-healthcare",
+"https://www.googleapis.com/auth/cloud-platform"
+]
+},
 "export": {
 "description": "Export resources from the FHIR store to the specified destination. This method returns an Operation that can be used to track the status of the export by calling GetOperation. Immediate fatal errors appear in the error field, errors are also logged to Cloud Logging (see [Viewing error logs in Cloud Logging](https://cloud.google.com/healthcare/docs/how-tos/logging)). Otherwise, when the operation finishes, a detailed response of type ExportResourcesResponse is returned in the response field. The metadata field type for this operation is OperationMetadata.",
 "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/datasets/{datasetsId}/fhirStores/{fhirStoresId}:export",
@@ -3451,6 +3540,69 @@
 "https://www.googleapis.com/auth/cloud-platform"
 ]
 },
+"Consent-enforcement-status": {
+"description": "Returns the consent enforcement status of a single consent resource. On success, the response body contains a JSON-encoded representation of a `Parameters` (http://hl7.org/fhir/parameters.html) FHIR resource, containing the current enforcement status. Does not support DSTU2.",
+"flatPath": "v1/projects/{projectsId}/locations/{locationsId}/datasets/{datasetsId}/fhirStores/{fhirStoresId}/fhir/Consent/{ConsentId}/$consent-enforcement-status",
+"httpMethod": "GET",
+"id": "healthcare.projects.locations.datasets.fhirStores.fhir.Consent-enforcement-status",
+"parameterOrder": [
+"name"
+],
+"parameters": {
+"name": {
+"description": "Required. The name of the consent resource to find enforcement status, in the format `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/fhirStores/{fhir_store_id}/fhir/Consent/{consent_id}`",
+"location": "path",
+"pattern": "^projects/[^/]+/locations/[^/]+/datasets/[^/]+/fhirStores/[^/]+/fhir/Consent/[^/]+$",
+"required": true,
+"type": "string"
+}
+},
+"path": "v1/{+name}/$consent-enforcement-status",
+"response": {
+"$ref": "HttpBody"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-healthcare",
+"https://www.googleapis.com/auth/cloud-platform"
+]
+},
+"Patient-consent-enforcement-status": {
+"description": "Returns the consent enforcement status of all consent resources for a patient. On success, the response body contains a JSON-encoded representation of a bundle of `Parameters` (http://hl7.org/fhir/parameters.html) FHIR resources, containing the current enforcement status for each consent resource of the patient. Does not support DSTU2.",
+"flatPath": "v1/projects/{projectsId}/locations/{locationsId}/datasets/{datasetsId}/fhirStores/{fhirStoresId}/fhir/Patient/{PatientId}/$consent-enforcement-status",
+"httpMethod": "GET",
+"id": "healthcare.projects.locations.datasets.fhirStores.fhir.Patient-consent-enforcement-status",
+"parameterOrder": [
+"name"
+],
+"parameters": {
+"_count": {
+"description": "Optional. The maximum number of results on a page. If not specified, 100 is used. May not be larger than 1000.",
+"format": "int32",
+"location": "query",
+"type": "integer"
+},
+"_page_token": {
+"description": "Optional. Used to retrieve the first, previous, next, or last page of consent enforcement statuses when using pagination. Value should be set to the value of `_page_token` set in next or previous page links' URLs. Next and previous page are returned in the response bundle's links field, where `link.relation` is \"previous\" or \"next\". Omit `_page_token` if no previous request has been made.",
+"location": "query",
+"type": "string"
+},
+"name": {
+"description": "Required. The name of the patient to find enforcement statuses, in the format `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/fhirStores/{fhir_store_id}/fhir/Patient/{patient_id}`",
+"location": "path",
+"pattern": "^projects/[^/]+/locations/[^/]+/datasets/[^/]+/fhirStores/[^/]+/fhir/Patient/[^/]+$",
+"required": true,
+"type": "string"
+}
+},
+"path": "v1/{+name}/$consent-enforcement-status",
+"response": {
+"$ref": "HttpBody"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-healthcare",
+"https://www.googleapis.com/auth/cloud-platform"
+]
+},
 "Patient-everything": {
 "description": "Retrieves a Patient resource and resources related to that patient. Implements the FHIR extended operation Patient-everything ([DSTU2](http://hl7.org/implement/standards/fhir/DSTU2/patient-operations.html#everything), [STU3](http://hl7.org/implement/standards/fhir/STU3/patient-operations.html#everything), [R4](http://hl7.org/implement/standards/fhir/R4/patient-operations.html#everything)). On success, the response body contains a JSON-encoded representation of a `Bundle` resource of type `searchset`, containing the results of the operation. Errors generated by the FHIR store contain a JSON-encoded `OperationOutcome` resource describing the reason for the error. If the request cannot be mapped to a valid API method on a FHIR store, a generic GCP error might be returned instead. The resources in scope for the response are: * The patient resource itself. * All the resources directly referenced by the patient resource. * Resources directly referencing the patient resource that meet the inclusion criteria. The inclusion criteria are based on the membership rules in the patient compartment definition ([DSTU2](http://hl7.org/fhir/DSTU2/compartment-patient.html), [STU3](http://www.hl7.org/fhir/stu3/compartmentdefinition-patient.html), [R4](http://hl7.org/fhir/R4/compartmentdefinition-patient.html)), which details the eligible resource types and referencing search parameters. For samples that show how to call `Patient-everything`, see [Getting all patient compartment resources](https://cloud.google.com/healthcare/docs/how-tos/fhir-resources#getting_all_patient_compartment_resources).",
 "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/datasets/{datasetsId}/fhirStores/{fhirStoresId}/fhir/Patient/{PatientId}/$everything",
@@ -4783,9 +4935,32 @@
 }
 }
 },
-"revision": "20241115",
+"revision": "20241205",
 "rootUrl": "https://healthcare.googleapis.com/",
 "schemas": {
+"AccessDeterminationLogConfig": {
+"description": "Configures consent audit log config for FHIR create, read, update, and delete (CRUD) operations. Cloud audit log for healthcare API must be [enabled](https://cloud.google.com/logging/docs/audit/configure-data-access#config-console-enable). The consent-related logs are included as part of `protoPayload.metadata`.",
+"id": "AccessDeterminationLogConfig",
+"properties": {
+"logLevel": {
+"description": "Optional. Controls the amount of detail to include as part of the audit logs.",
+"enum": [
+"LOG_LEVEL_UNSPECIFIED",
+"DISABLED",
+"MINIMUM",
+"VERBOSE"
+],
+"enumDescriptions": [
+"No log level specified. This value is unused.",
+"No additional consent-related logging is added to audit logs.",
+"The following information is included: * One of the following [`consentMode`](https://cloud.google.com/healthcare-api/docs/fhir-consent#audit_logs) fields: (`off`|`emptyScope`|`enforced`|`btg`|`bypass`). * The accessor's request headers * The `log_level` of the AccessDeterminationLogConfig * The final consent evaluation (`PERMIT`, `DENY`, or `NO_CONSENT`) * A human-readable summary of the evaluation",
+"Includes `MINIMUM` and, for each resource owner, returns: * The resource owner's name * Most specific part of the `X-Consent-Scope` resulting in consensual determination * Timestamp of the applied enforcement leading to the decision * Enforcement version at the time the applicable consents were applied * The Consent resource name * The timestamp of the Consent resource used for enforcement * Policy type (`PATIENT` or `ADMIN`) Note that this mode adds some overhead to CRUD operations."
+],
+"type": "string"
+}
+},
+"type": "object"
+},
 "ActivateConsentRequest": {
 "description": "Activates the latest revision of the specified Consent by committing a new revision with `state` updated to `ACTIVE`. If the latest revision of the given Consent is in the `ACTIVE` state, no new revision is committed. A FAILED_PRECONDITION error occurs if the latest revision of the given consent is in the `REJECTED` or `REVOKED` state.",
 "id": "ActivateConsentRequest",
@@ -4807,6 +4982,20 @@
 },
 "type": "object"
 },
+"AdminConsents": {
+"description": "List of admin Consent resources to be applied.",
+"id": "AdminConsents",
+"properties": {
+"names": {
+"description": "Optional. The versioned names of the admin Consent resource(s), in the format `projects/{project_id}/locations/{location}/datasets/{dataset_id}/fhirStores/{fhir_store_id}/fhir/Consent/{resource_id}/_history/{version_id}`. For FHIR stores with `disable_resource_versioning=true`, the format is `projects/{project_id}/locations/{location}/datasets/{dataset_id}/fhirStores/{fhir_store_id}/fhir/Consent/{resource_id}`.",
+"items": {
+"type": "string"
+},
+"type": "array"
+}
+},
+"type": "object"
+},
 "AnalyzeEntitiesRequest": {
 "description": "The request to analyze healthcare entities in a document.",
 "id": "AnalyzeEntitiesRequest",
@@ -4879,6 +5068,108 @@
 },
 "type": "object"
 },
+"ApplyAdminConsentsErrorDetail": {
+"description": "Contains the error details of the unsupported admin Consent resources for when the ApplyAdminConsents method fails to apply one or more Consent resources.",
+"id": "ApplyAdminConsentsErrorDetail",
+"properties": {
+"consentErrors": {
+"description": "The list of Consent resources that are unsupported or cannot be applied and the error associated with each of them.",
+"items": {
+"$ref": "ConsentErrors"
+},
+"type": "array"
+},
+"existingOperationId": {
+"description": "The currently in progress non-validate-only ApplyAdminConsents operation ID if exist.",
+"format": "uint64",
+"type": "string"
+}
+},
+"type": "object"
+},
+"ApplyAdminConsentsRequest": {
+"description": "Request to apply the admin Consent resources for the specified FHIR store.",
+"id": "ApplyAdminConsentsRequest",
+"properties": {
+"newConsentsList": {
+"$ref": "AdminConsents",
+"description": "A new list of admin Consent resources to be applied. Any existing enforced Consents, which are specified in `consent_config.enforced_admin_consents` of the FhirStore, that are not part of this list will be disabled. An empty list is equivalent to clearing or disabling all Consents enforced on the FHIR store. When a FHIR store has `disable_resource_versioning=true` and this list contains a Consent resource that exists in `consent_config.enforced_admin_consents`, the method enforces any updates to the existing resource since the last enforcement. If the existing resource hasn't been updated since the last enforcement, the resource is unaffected. After the method finishes, the resulting consent enforcement model is determined by the contents of the Consent resource(s) when the method was called: * When `disable_resource_versioning=true`, the result is identical to the current resource(s) in the FHIR store. * When `disable_resource_versioning=false`, the result is based on the historical version(s) of the Consent resource(s) at the point in time when the method was called. At most 200 Consents can be specified."
+},
+"validateOnly": {
+"description": "Optional. If true, the method only validates Consent resources to make sure they are supported. Otherwise, the method applies the aggregate consent information to update the enforcement model and reindex the FHIR resources. If all Consent resources can be applied successfully, the ApplyAdminConsentsResponse is returned containing the following fields: * `consent_apply_success` to indicate the number of Consent resources applied. * `affected_resources` to indicate the number of resources that might have had their consent access changed. If, however, one or more Consent resources are unsupported or cannot be applied, the method fails and ApplyAdminConsentsErrorDetail is is returned with details about the unsupported Consent resources.",
+"type": "boolean"
+}
+},
+"type": "object"
+},
+"ApplyAdminConsentsResponse": {
+"description": "Response when all admin Consent resources in scope were processed and all affected resources were reindexed successfully. This structure will be included in the response when the operation finishes successfully.",
+"id": "ApplyAdminConsentsResponse",
+"properties": {
+"affectedResources": {
+"description": "The number of resources (including the Consent resources) that may have consent access change.",
+"format": "int64",
+"type": "string"
+},
+"consentApplySuccess": {
+"description": "If `validate_only=false` in ApplyAdminConsentsRequest, this counter contains the number of Consent resources that were successfully applied. Otherwise, it is the number of Consent resources that are supported.",
+"format": "int64",
+"type": "string"
+},
+"failedResources": {
+"description": "The number of resources (including the Consent resources) that ApplyAdminConsents failed to re-index.",
+"format": "int64",
+"type": "string"
+}
+},
+"type": "object"
+},
+"ApplyConsentsRequest": {
+"description": "Request to apply the Consent resources for the specified FHIR store.",
+"id": "ApplyConsentsRequest",
+"properties": {
+"patientScope": {
+"$ref": "PatientScope",
+"description": "Optional. Scope down to a list of patients."
+},
+"timeRange": {
+"$ref": "TimeRange",
+"description": "Optional. Scope down to patients whose most recent consent changes are in the time range. Can only be used with a versioning store (i.e. when disable_resource_versioning is set to false)."
+},
+"validateOnly": {
+"description": "Optional. If true, the method only validates Consent resources to make sure they are supported. When the operation completes, ApplyConsentsResponse is returned where `consent_apply_success` and `consent_apply_failure` indicate supported and unsupported (or invalid) Consent resources, respectively. Otherwise, the method propagates the aggregate consensual information to the patient's resources. Upon success, `affected_resources` in the ApplyConsentsResponse indicates the number of resources that may have consensual access changed.",
+"type": "boolean"
+}
+},
+"type": "object"
+},
+"ApplyConsentsResponse": {
+"description": "Response when all Consent resources in scope were processed and all affected resources were reindexed successfully. This structure is included in the response when the operation finishes successfully.",
+"id": "ApplyConsentsResponse",
+"properties": {
+"affectedResources": {
+"description": "The number of resources (including the Consent resources) that may have consensual access change.",
+"format": "int64",
+"type": "string"
+},
+"consentApplyFailure": {
+"description": "If `validate_only = false` in ApplyConsentsRequest, this counter is the number of Consent resources that were failed to apply. Otherwise, it is the number of Consent resources that are not supported or invalid.",
+"format": "int64",
+"type": "string"
+},
+"consentApplySuccess": {
+"description": "If `validate_only = false` in ApplyConsentsRequest, this counter is the number of Consent resources that were successfully applied. Otherwise, it is the number of Consent resources that are supported.",
+"format": "int64",
+"type": "string"
+},
+"failedResources": {
+"description": "The number of resources (including the Consent resources) that ApplyConsents failed to re-index.",
+"format": "int64",
+"type": "string"
+}
+},
+"type": "object"
+},
 "ArchiveUserDataMappingRequest": {
 "description": "Archives the specified User data mapping.",
 "id": "ArchiveUserDataMappingRequest",
@@ -5231,6 +5522,25 @@
 },
 "type": "object"
 },
+"ConsentAccessorScope": {
+"description": "The accessor scope that describes who can access, for what purpose, in which environment.",
+"id": "ConsentAccessorScope",
+"properties": {
+"actor": {
+"description": "An individual, group, or access role that identifies the accessor or a characteristic of the accessor. This can be a resource ID (such as `{resourceType}/{id}`) or an external URI. This value must be present.",
+"type": "string"
+},
+"environment": {
+"description": "An abstract identifier that describes the environment or conditions under which the accessor is acting. Can be \"*\" if it applies to all environments.",
+"type": "string"
+},
+"purpose": {
+"description": "The intent of data use. Can be \"*\" if it applies to all purposes.",
+"type": "string"
+}
+},
+"type": "object"
+},
 "ConsentArtifact": {
 "description": "Documentation of a user's consent.",
 "id": "ConsentArtifact",
@@ -5276,6 +5586,60 @@
 },
 "type": "object"
 },
+"ConsentConfig": {
+"description": "Configures whether to enforce consent for the FHIR store and which consent enforcement version is being used.",
+"id": "ConsentConfig",
+"properties": {
+"accessDeterminationLogConfig": {
+"$ref": "AccessDeterminationLogConfig",
+"description": "Optional. Specifies how the server logs the consent-aware requests. If not specified, the `AccessDeterminationLogConfig.LogLevel.MINIMUM` option is used."
+},
+"accessEnforced": {
+"description": "Optional. The default value is false. If set to true, when accessing FHIR resources, the consent headers will be verified against consents given by patients. See the ConsentEnforcementVersion for the supported consent headers.",
+"type": "boolean"
+},
+"consentHeaderHandling": {
+"$ref": "ConsentHeaderHandling",
+"description": "Optional. Different options to configure the behaviour of the server when handling the `X-Consent-Scope` header."
+},
+"enforcedAdminConsents": {
+"description": "Output only. The versioned names of the enforced admin Consent resource(s), in the format `projects/{project_id}/locations/{location}/datasets/{dataset_id}/fhirStores/{fhir_store_id}/fhir/Consent/{resource_id}/_history/{version_id}`. For FHIR stores with `disable_resource_versioning=true`, the format is `projects/{project_id}/locations/{location}/datasets/{dataset_id}/fhirStores/{fhir_store_id}/fhir/Consent/{resource_id}`. This field can only be updated using ApplyAdminConsents.",
+"items": {
+"type": "string"
+},
+"readOnly": true,
+"type": "array"
+},
+"version": {
+"description": "Required. Specifies which consent enforcement version is being used for this FHIR store. This field can only be set once by either CreateFhirStore or UpdateFhirStore. After that, you must call ApplyConsents to change the version.",
+"enum": [
+"CONSENT_ENFORCEMENT_VERSION_UNSPECIFIED",
+"V1"
+],
+"enumDescriptions": [
+"Users must specify an enforcement version or an error is returned.",
+"Enforcement version 1. See the [FHIR Consent resources in the Cloud Healthcare API](https://cloud.google.com/healthcare-api/docs/fhir-consent) guide for more details."
+],
+"type": "string"
+}
+},
+"type": "object"
+},
+"ConsentErrors": {
+"description": "The Consent resource name and error.",
+"id": "ConsentErrors",
+"properties": {
+"error": {
+"$ref": "Status",
+"description": "The error code and message."
+},
+"name": {
+"description": "The versioned name of the admin Consent resource, in the format `projects/{project_id}/locations/{location}/datasets/{dataset_id}/fhirStores/{fhir_store_id}/fhir/Consent/{resource_id}/_history/{version_id}`. For FHIR stores with `disable_resource_versioning=true`, the format is `projects/{project_id}/locations/{location}/datasets/{dataset_id}/fhirStores/{fhir_store_id}/fhir/Consent/{resource_id}`.",
+"type": "string"
+}
+},
+"type": "object"
+},
 "ConsentEvaluation": {
 "description": "The detailed evaluation of a particular Consent.",
 "id": "ConsentEvaluation",
@@ -5301,6 +5665,27 @@
 },
 "type": "object"
 },
+"ConsentHeaderHandling": {
+"description": "How the server handles the consent header.",
+"id": "ConsentHeaderHandling",
+"properties": {
+"profile": {
+"description": "Optional. Specifies the default server behavior when the header is empty. If not specified, the `ScopeProfile.PERMIT_EMPTY_SCOPE` option is used.",
+"enum": [
+"SCOPE_PROFILE_UNSPECIFIED",
+"PERMIT_EMPTY_SCOPE",
+"REQUIRED_ON_READ"
+],
+"enumDescriptions": [
+"If not specified, the default value `PERMIT_EMPTY_SCOPE` is used.",
+"When no consent scopes are provided (for example, if there's an empty or missing header), then consent check is disabled, similar to when `access_enforced` is `false`. You can use audit logs to differentiate these two cases by looking at the value of `protopayload.metadata.consentMode`. If consents scopes are present, they must be valid and within the allowed limits, otherwise the request will be rejected with a `4xx` code.",
+"The consent header must be non-empty when performing read and search operations, otherwise the request is rejected with a `4xx` code. Additionally, invalid consent scopes or scopes exceeding the allowed limits are rejected."
+],
+"type": "string"
+}
+},
+"type": "object"
+},
 "ConsentList": {
 "description": "List of resource names of Consent resources.",
 "id": "ConsentList",
@@ -5805,6 +6190,128 @@
 },
 "type": "object"
 },
+"ExplainDataAccessConsentInfo": {
+"description": "The enforcing consent's metadata.",
+"id": "ExplainDataAccessConsentInfo",
+"properties": {
+"cascadeOrigins": {
+"description": "The compartment base resources that matched a cascading policy. Each resource has the following format: `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/fhirStores/{fhir_store_id}/fhir/{resource_type}/{resource_id}`",
+"items": {
+"type": "string"
+},
+"type": "array"
+},
+"consentResource": {
+"description": "The resource name of this consent resource, in the format: `projects/{project_id}/locations/{location}/datasets/{dataset_id}/fhirStores/{fhir_store_id}/fhir/Consent/{resource_id}`.",
+"type": "string"
+},
+"enforcementTime": {
+"description": "Last enforcement timestamp of this consent resource.",
+"format": "google-datetime",
+"type": "string"
+},
+"matchingAccessorScopes": {
+"description": "A list of all the matching accessor scopes of this consent policy that enforced ExplainDataAccessConsentScope.accessor_scope.",
+"items": {
+"$ref": "ConsentAccessorScope"
+},
+"type": "array"
+},
+"patientConsentOwner": {
+"description": "The patient owning the consent (only applicable for patient consents), in the format: `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/fhirStores/{fhir_store_id}/fhir/Patient/{patient_id}`",
+"type": "string"
+},
+"type": {
+"description": "The policy type of consent resource (e.g. PATIENT, ADMIN).",
+"enum": [
+"CONSENT_POLICY_TYPE_UNSPECIFIED",
+"CONSENT_POLICY_TYPE_PATIENT",
+"CONSENT_POLICY_TYPE_ADMIN"
+],
+"enumDescriptions": [
+"Unspecified policy type.",
+"Consent represent a patient consent.",
+"Consent represent an admin consent."
+],
+"type": "string"
+},
+"variants": {
+"description": "The consent's variant combinations. A single consent may have multiple variants.",
+"items": {
+"enum": [
+"CONSENT_VARIANT_UNSPECIFIED",
+"CONSENT_VARIANT_STANDARD",
+"CONSENT_VARIANT_CASCADE"
+],
+"enumDescriptions": [
+"Consent variant unspecified.",
+"Consent is a standard patient or admin consent.",
+"Consent is a cascading consent."
+],
+"type": "string"
+},
+"type": "array"
+}
+},
+"type": "object"
+},
+"ExplainDataAccessConsentScope": {
+"description": "A single consent scope that provides info on who has access to the requested resource scope for a particular purpose and environment, enforced by which consent.",
+"id": "ExplainDataAccessConsentScope",
+"properties": {
+"accessorScope": {
+"$ref": "ConsentAccessorScope",
+"description": "The accessor scope that describes who can access, for what purpose, and in which environment."
+},
+"decision": {
+"description": "Whether the current consent scope is permitted or denied access on the requested resource.",
+"enum": [
+"CONSENT_DECISION_TYPE_UNSPECIFIED",
+"CONSENT_DECISION_TYPE_PERMIT",
+"CONSENT_DECISION_TYPE_DENY"
+],
+"enumDescriptions": [
+"Unspecified consent decision type.",
+"Consent permitted access.",
+"Consent denied access."
+],
+"type": "string"
+},
+"enforcingConsents": {
+"description": "Metadata of the consent resources that enforce the consent scope's access.",
+"items": {
+"$ref": "ExplainDataAccessConsentInfo"
+},
+"type": "array"
+},
+"exceptions": {
+"description": "Other consent scopes that created exceptions within this scope.",
+"items": {
+"$ref": "ExplainDataAccessConsentScope"
+},
+"type": "array"
+}
+},
+"type": "object"
+},
+"ExplainDataAccessResponse": {
+"description": "List of consent scopes that are applicable to the explained access on a given resource.",
+"id": "ExplainDataAccessResponse",
+"properties": {
+"consentScopes": {
+"description": "List of applicable consent scopes. Sorted in order of actor such that scopes belonging to the same actor will be adjacent to each other in the list.",
+"items": {
+"$ref": "ExplainDataAccessConsentScope"
+},
+"type": "array"
+},
+"warning": {
+"description": "Warnings associated with this response. It inform user with exceeded scope limit errors.",
+"type": "string"
+}
+},
+"type": "object"
+},
 "ExportDicomDataRequest": {
 "description": "Exports data from the specified DICOM store. If a given resource, such as a DICOM object with the same SOPInstance UID, already exists in the output, it is overwritten with the version in the source dataset. Exported DICOM data persists when the DICOM store from which it was exported is deleted.",
 "id": "ExportDicomDataRequest",
@@ -5995,6 +6502,10 @@
 ],
 "type": "string"
 },
+"consentConfig": {
+"$ref": "ConsentConfig",
+"description": "Optional. Specifies whether this store has consent enforcement. Not available for DSTU2 FHIR version due to absence of Consent resources."
+},
 "defaultSearchHandlingStrict": {
 "description": "Optional. If true, overrides the default search behavior for this FHIR store to `handling=strict` which returns an error for unrecognized search parameters. If false, uses the FHIR specification default `handling=lenient` which ignores unrecognized search parameters. The handling can always be changed from the default on an individual API call by setting the HTTP header `Prefer: handling=strict` or `Prefer: handling=lenient`. Defaults to false.",
 "type": "boolean"
@@ -7223,6 +7734,20 @@
 },
 "type": "object"
 },
+"PatientScope": {
+"description": "Apply consents given by a list of patients.",
+"id": "PatientScope",
+"properties": {
+"patientIds": {
+"description": "Optional. The list of patient IDs whose Consent resources will be enforced. At most 10,000 patients can be specified. An empty list is equivalent to all patients (meaning the entire FHIR store).",
+"items": {
+"type": "string"
+},
+"type": "array"
+}
+},
+"type": "object"
+},
 "Policy": {
 "description": "An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** ``` { \"bindings\": [ { \"role\": \"roles/resourcemanager.organizationAdmin\", \"members\": [ \"user:mike@example.com\", \"group:admins@example.com\", \"domain:google.com\", \"serviceAccount:my-project-id@appspot.gserviceaccount.com\" ] }, { \"role\": \"roles/resourcemanager.organizationViewer\", \"members\": [ \"user:eve@example.com\" ], \"condition\": { \"title\": \"expirable access\", \"description\": \"Does not grant access after Sep 2020\", \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\", } } ], \"etag\": \"BwWWja0YfJA=\", \"version\": 3 } ``` **YAML example:** ``` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).",
 "id": "Policy",
@@ -8059,6 +8584,21 @@
 },
 "type": "object"
 },
+"TimeRange": {
+"description": "Apply consents given by patients whose most recent consent changes are in the time range. Note that after identifying these patients, the server applies all Consent resources given by those patients, not just the Consent resources within the timestamp in the range.",
+"id": "TimeRange",
+"properties": {
+"end": {
+"description": "Optional. The latest consent change time, in format YYYY-MM-DDThh:mm:ss.sss+zz:zz If not specified, the system uses the time when ApplyConsents was called.",
+"type": "string"
+},
+"start": {
+"description": "Optional. The earliest consent change time, in format YYYY-MM-DDThh:mm:ss.sss+zz:zz If not specified, the system uses the FHIR store creation time.",
+"type": "string"
+}
+},
+"type": "object"
+},
 "Type": {
 "description": "A type definition for some HL7v2 type (incl. Segments and Datatypes).",
 "id": "Type",