public interface SystemAccessControl
| Modifier and Type | Method and Description |
|---|---|
default void |
checkCanAccessCatalog(Identity identity,
AccessControlContext context,
String catalogName)
Check if identity is allowed to access the specified catalog
|
default void |
checkCanAddColumn(Identity identity,
AccessControlContext context,
CatalogSchemaTableName table)
Check if identity is allowed to add columns to the specified table in a catalog.
|
default void |
checkCanCreateSchema(Identity identity,
AccessControlContext context,
CatalogSchemaName schema)
Check if identity is allowed to create the specified schema in a catalog.
|
default void |
checkCanCreateTable(Identity identity,
AccessControlContext context,
CatalogSchemaTableName table)
Check if identity is allowed to create the specified table in a catalog.
|
default void |
checkCanCreateView(Identity identity,
AccessControlContext context,
CatalogSchemaTableName view)
Check if identity is allowed to create the specified view in a catalog.
|
default void |
checkCanCreateViewWithSelectFromColumns(Identity identity,
AccessControlContext context,
CatalogSchemaTableName table,
Set<String> columns)
Check if identity is allowed to create a view that selects from the specified columns in a relation.
|
default void |
checkCanDeleteFromTable(Identity identity,
AccessControlContext context,
CatalogSchemaTableName table)
Check if identity is allowed to delete from the specified table in a catalog.
|
default void |
checkCanDropColumn(Identity identity,
AccessControlContext context,
CatalogSchemaTableName table)
Check if identity is allowed to drop columns from the specified table in a catalog.
|
default void |
checkCanDropSchema(Identity identity,
AccessControlContext context,
CatalogSchemaName schema)
Check if identity is allowed to drop the specified schema in a catalog.
|
default void |
checkCanDropTable(Identity identity,
AccessControlContext context,
CatalogSchemaTableName table)
Check if identity is allowed to drop the specified table in a catalog.
|
default void |
checkCanDropView(Identity identity,
AccessControlContext context,
CatalogSchemaTableName view)
Check if identity is allowed to drop the specified view in a catalog.
|
default void |
checkCanGrantTablePrivilege(Identity identity,
AccessControlContext context,
Privilege privilege,
CatalogSchemaTableName table,
PrestoPrincipal grantee,
boolean withGrantOption)
Check if identity is allowed to grant the specified privilege to the grantee on the specified table.
|
default void |
checkCanInsertIntoTable(Identity identity,
AccessControlContext context,
CatalogSchemaTableName table)
Check if identity is allowed to insert into the specified table in a catalog.
|
default void |
checkCanRenameColumn(Identity identity,
AccessControlContext context,
CatalogSchemaTableName table)
Check if identity is allowed to rename a column in the specified table in a catalog.
|
default void |
checkCanRenameSchema(Identity identity,
AccessControlContext context,
CatalogSchemaName schema,
String newSchemaName)
Check if identity is allowed to rename the specified schema in a catalog.
|
default void |
checkCanRenameTable(Identity identity,
AccessControlContext context,
CatalogSchemaTableName table,
CatalogSchemaTableName newTable)
Check if identity is allowed to rename the specified table in a catalog.
|
default void |
checkCanRevokeTablePrivilege(Identity identity,
AccessControlContext context,
Privilege privilege,
CatalogSchemaTableName table,
PrestoPrincipal revokee,
boolean grantOptionFor)
Check if identity is allowed to revoke the specified privilege on the specified table from the revokee.
|
default void |
checkCanSelectFromColumns(Identity identity,
AccessControlContext context,
CatalogSchemaTableName table,
Set<String> columns)
Check if identity is allowed to select from the specified columns in a relation.
|
default void |
checkCanSetCatalogSessionProperty(Identity identity,
AccessControlContext context,
String catalogName,
String propertyName)
Check if identity is allowed to set the specified property in a catalog.
|
void |
checkCanSetSystemSessionProperty(Identity identity,
AccessControlContext context,
String propertyName)
Check if identity is allowed to set the specified system property.
|
void |
checkCanSetUser(Identity identity,
AccessControlContext context,
Optional<Principal> principal,
String userName)
Check if the principal is allowed to be the specified user.
|
default void |
checkCanShowSchemas(Identity identity,
AccessControlContext context,
String catalogName)
Check if identity is allowed to execute SHOW SCHEMAS in a catalog.
|
default void |
checkCanShowTablesMetadata(Identity identity,
AccessControlContext context,
CatalogSchemaName schema)
Check if identity is allowed to show metadata of tables by executing SHOW TABLES, SHOW GRANTS etc.
|
default void |
checkCanTruncateTable(Identity identity,
AccessControlContext context,
CatalogSchemaTableName table)
Check if identity is allowed to truncate the specified table in a catalog.
|
void |
checkQueryIntegrity(Identity identity,
AccessControlContext context,
String query)
Check if the query is unexpectedly modified using the credentials passed in the identity.
|
default Set<String> |
filterCatalogs(Identity identity,
AccessControlContext context,
Set<String> catalogs)
Filter the list of catalogs to those visible to the identity.
|
default Set<String> |
filterSchemas(Identity identity,
AccessControlContext context,
String catalogName,
Set<String> schemaNames)
Filter the list of schemas in a catalog to those visible to the identity.
|
default Set<SchemaTableName> |
filterTables(Identity identity,
AccessControlContext context,
String catalogName,
Set<SchemaTableName> tableNames)
Filter the list of tables and views to those visible to the identity.
|
default AuthorizedIdentity |
selectAuthorizedIdentity(Identity identity,
AccessControlContext context,
String userName,
List<X509Certificate> certificates) |
void checkCanSetUser(Identity identity, AccessControlContext context, Optional<Principal> principal, String userName)
AccessDeniedException - if not alloweddefault AuthorizedIdentity selectAuthorizedIdentity(Identity identity, AccessControlContext context, String userName, List<X509Certificate> certificates)
void checkQueryIntegrity(Identity identity, AccessControlContext context, String query)
AccessDeniedException - if query is modified.void checkCanSetSystemSessionProperty(Identity identity, AccessControlContext context, String propertyName)
AccessDeniedException - if not alloweddefault void checkCanAccessCatalog(Identity identity, AccessControlContext context, String catalogName)
AccessDeniedException - if not alloweddefault Set<String> filterCatalogs(Identity identity, AccessControlContext context, Set<String> catalogs)
default void checkCanCreateSchema(Identity identity, AccessControlContext context, CatalogSchemaName schema)
AccessDeniedException - if not alloweddefault void checkCanDropSchema(Identity identity, AccessControlContext context, CatalogSchemaName schema)
AccessDeniedException - if not alloweddefault void checkCanRenameSchema(Identity identity, AccessControlContext context, CatalogSchemaName schema, String newSchemaName)
AccessDeniedException - if not alloweddefault void checkCanShowSchemas(Identity identity, AccessControlContext context, String catalogName)
NOTE: This method is only present to give users an error message when listing is not allowed.
The filterSchemas(com.facebook.presto.spi.security.Identity, com.facebook.presto.spi.security.AccessControlContext, java.lang.String, java.util.Set<java.lang.String>) method must filter all results for unauthorized users,
since there are multiple ways to list schemas.
AccessDeniedException - if not alloweddefault Set<String> filterSchemas(Identity identity, AccessControlContext context, String catalogName, Set<String> schemaNames)
default void checkCanCreateTable(Identity identity, AccessControlContext context, CatalogSchemaTableName table)
AccessDeniedException - if not alloweddefault void checkCanDropTable(Identity identity, AccessControlContext context, CatalogSchemaTableName table)
AccessDeniedException - if not alloweddefault void checkCanRenameTable(Identity identity, AccessControlContext context, CatalogSchemaTableName table, CatalogSchemaTableName newTable)
AccessDeniedException - if not alloweddefault void checkCanShowTablesMetadata(Identity identity, AccessControlContext context, CatalogSchemaName schema)
NOTE: This method is only present to give users an error message when listing is not allowed.
The filterTables(com.facebook.presto.spi.security.Identity, com.facebook.presto.spi.security.AccessControlContext, java.lang.String, java.util.Set<com.facebook.presto.spi.SchemaTableName>) method must filter all results for unauthorized users,
since there are multiple ways to list tables.
AccessDeniedException - if not alloweddefault Set<SchemaTableName> filterTables(Identity identity, AccessControlContext context, String catalogName, Set<SchemaTableName> tableNames)
default void checkCanAddColumn(Identity identity, AccessControlContext context, CatalogSchemaTableName table)
AccessDeniedException - if not alloweddefault void checkCanDropColumn(Identity identity, AccessControlContext context, CatalogSchemaTableName table)
AccessDeniedException - if not alloweddefault void checkCanRenameColumn(Identity identity, AccessControlContext context, CatalogSchemaTableName table)
AccessDeniedException - if not alloweddefault void checkCanSelectFromColumns(Identity identity, AccessControlContext context, CatalogSchemaTableName table, Set<String> columns)
AccessDeniedException - if not alloweddefault void checkCanInsertIntoTable(Identity identity, AccessControlContext context, CatalogSchemaTableName table)
AccessDeniedException - if not alloweddefault void checkCanDeleteFromTable(Identity identity, AccessControlContext context, CatalogSchemaTableName table)
AccessDeniedException - if not alloweddefault void checkCanTruncateTable(Identity identity, AccessControlContext context, CatalogSchemaTableName table)
AccessDeniedException - if not alloweddefault void checkCanCreateView(Identity identity, AccessControlContext context, CatalogSchemaTableName view)
AccessDeniedException - if not alloweddefault void checkCanDropView(Identity identity, AccessControlContext context, CatalogSchemaTableName view)
AccessDeniedException - if not alloweddefault void checkCanCreateViewWithSelectFromColumns(Identity identity, AccessControlContext context, CatalogSchemaTableName table, Set<String> columns)
AccessDeniedException - if not alloweddefault void checkCanSetCatalogSessionProperty(Identity identity, AccessControlContext context, String catalogName, String propertyName)
AccessDeniedException - if not alloweddefault void checkCanGrantTablePrivilege(Identity identity, AccessControlContext context, Privilege privilege, CatalogSchemaTableName table, PrestoPrincipal grantee, boolean withGrantOption)
AccessDeniedException - if not alloweddefault void checkCanRevokeTablePrivilege(Identity identity, AccessControlContext context, Privilege privilege, CatalogSchemaTableName table, PrestoPrincipal revokee, boolean grantOptionFor)
AccessDeniedException - if not allowedCopyright © 2012–2022. All rights reserved.