@@ -4199,32 +4199,78 @@ message Action {
41994199 // Compatible with: Inspect
42004200 message PublishFindingsToCloudDataCatalog {}
42014201
4202- // Create a de-identified copy of the requested table or files.
4202+ // Create a de-identified copy of a storage bucket. Only compatible
4203+ // with Cloud Storage buckets.
4204+ //
42034205 //
42044206 // A TransformationDetail will be created for each transformation.
42054207 //
4206- // If any rows in BigQuery are skipped during de-identification
4207- // (transformation errors or row size exceeds BigQuery insert API limits) they
4208- // are placed in the failure output table. If the original row exceeds
4209- // the BigQuery insert API limit it will be truncated when written to the
4210- // failure output table. The failure output table can be set in the
4211- // action.deidentify.output.big_query_output.deidentified_failure_output_table
4212- // field, if no table is set, a table will be automatically created in the
4213- // same project and dataset as the original table.
42144208 //
4215- // Compatible with: Inspect
4209+ // Compatible with: Inspection of Cloud Storage
42164210 message Deidentify {
42174211 // User specified deidentify templates and configs for structured,
42184212 // unstructured, and image files.
42194213 TransformationConfig transformation_config = 7 ;
42204214
4221- // Config for storing transformation details. This is separate from the
4222- // de-identified content, and contains metadata about the successful
4223- // transformations and/or failures that occurred while de-identifying. This
4224- // needs to be set in order for users to access information about the status
4225- // of each transformation (see
4215+ // Config for storing transformation details.
4216+ //
4217+ // This field specifies the configuration for storing detailed metadata
4218+ // about each transformation performed during a de-identification process.
4219+ // The metadata is stored separately from the de-identified content itself
4220+ // and provides a granular record of both successful transformations and any
4221+ // failures that occurred.
4222+ //
4223+ // Enabling this configuration is essential for users who need to access
4224+ // comprehensive information about the status, outcome, and specifics of
4225+ // each transformation. The details are captured in the
42264226 // [TransformationDetails][google.privacy.dlp.v2.TransformationDetails]
4227- // message for more information about what is noted).
4227+ // message for each operation.
4228+ //
4229+ // Key use cases:
4230+ //
4231+ // * **Auditing and compliance**
4232+ // * Provides a verifiable audit trail of de-identification activities,
4233+ // which is crucial for meeting regulatory requirements and internal
4234+ // data governance policies.
4235+ // * Logs what data was transformed, what transformations were applied,
4236+ // when they occurred, and their success status. This helps
4237+ // demonstrate accountability and due diligence in protecting
4238+ // sensitive data.
4239+ //
4240+ // * **Troubleshooting and debugging**
4241+ // * Offers detailed error messages and context if a transformation
4242+ // fails. This information is useful for diagnosing and resolving
4243+ // issues in the de-identification pipeline.
4244+ // * Helps pinpoint the exact location and nature of failures, speeding
4245+ // up the debugging process.
4246+ //
4247+ // * **Process verification and quality assurance**
4248+ // * Allows users to confirm that de-identification rules and
4249+ // transformations were applied correctly and consistently across
4250+ // the dataset as intended.
4251+ // * Helps in verifying the effectiveness of the chosen
4252+ // de-identification strategies.
4253+ //
4254+ // * **Data lineage and impact analysis**
4255+ // * Creates a record of how data elements were modified, contributing
4256+ // to data lineage. This is useful for understanding the provenance
4257+ // of de-identified data.
4258+ // * Aids in assessing the potential impact of de-identification choices
4259+ // on downstream analytical processes or data usability.
4260+ //
4261+ // * **Reporting and operational insights**
4262+ // * You can analyze the metadata stored in a queryable BigQuery table
4263+ // to generate reports on transformation success rates, common
4264+ // error types, processing volumes (e.g., transformedBytes), and the
4265+ // types of transformations applied.
4266+ // * These insights can inform optimization of de-identification
4267+ // configurations and resource planning.
4268+ //
4269+ // To take advantage of these benefits, set this configuration. The stored
4270+ // details include a description of the transformation, success or
4271+ // error codes, error messages, the number of bytes transformed, the
4272+ // location of the transformed content, and identifiers for the job and
4273+ // source data.
42284274 TransformationDetailsStorageConfig transformation_details_storage_config =
42294275 3;
42304276
@@ -4958,6 +5004,18 @@ message DataProfileAction {
49585004 // Center for each profile.
49595005 message PublishToSecurityCommandCenter {}
49605006
5007+ // Create Dataplex Catalog aspects for profiled resources with the aspect type
5008+ // Sensitive Data Protection Profile. To learn more about aspects, see
5009+ // https://cloud.google.com/sensitive-data-protection/docs/add-aspects.
5010+ message PublishToDataplexCatalog {
5011+ // Whether creating a Dataplex Catalog aspect for a profiled resource should
5012+ // lower the risk of the profile for that resource. This also lowers the
5013+ // data risk of resources at the lower levels of the resource hierarchy. For
5014+ // example, reducing the data risk of a table data profile also reduces the
5015+ // data risk of the constituent column data profiles.
5016+ bool lower_data_risk_to_low = 1 ;
5017+ }
5018+
49615019 // If set, attaches the [tags]
49625020 // (https://cloud.google.com/resource-manager/docs/tags/tags-overview)
49635021 // provided to profiled resources. Tags support [access
@@ -5031,6 +5089,10 @@ message DataProfileAction {
50315089
50325090 // Tags the profiled resources with the specified tag values.
50335091 TagResources tag_resources = 8 ;
5092+
5093+ // Publishes a portion of each profile to Dataplex Catalog with the aspect
5094+ // type Sensitive Data Protection Profile.
5095+ PublishToDataplexCatalog publish_to_dataplex_catalog = 9 ;
50345096 }
50355097}
50365098
@@ -5065,6 +5127,14 @@ message DataProfileFinding {
50655127
50665128 // How broadly a resource has been shared.
50675129 ResourceVisibility resource_visibility = 8 ;
5130+
5131+ // The [full resource
5132+ // name](https://cloud.google.com/apis/design/resource_names#full_resource_name)
5133+ // of the resource profiled for this finding.
5134+ string full_resource_name = 9 ;
5135+
5136+ // The type of the resource that was profiled.
5137+ DataSourceType data_source_type = 10 ;
50685138}
50695139
50705140// Location of a data profile finding within a resource.
@@ -7989,7 +8059,8 @@ message FileStoreDataProfile {
79898059 // The BigQuery table to which the sample findings are written.
79908060 BigQueryTable sample_findings_table = 22 ;
79918061
7992- // The file store does not have any files.
8062+ // The file store does not have any files. If the profiling operation failed,
8063+ // this is false.
79938064 bool file_store_is_empty = 23 ;
79948065
79958066 // The tags attached to the resource, including any tags attached during
0 commit comments