io.prestosql.plugin.hive.security

Class SqlStandardAccessControlMetadata

java.lang.Object

io.prestosql.plugin.hive.security.SqlStandardAccessControlMetadata

All Implemented Interfaces:

AccessControlMetadata

public class SqlStandardAccessControlMetadata
extends Object
implements AccessControlMetadata

Constructor Summary

Constructors

Constructor and Description
SqlStandardAccessControlMetadata(SemiTransactionalHiveMetastore metastore)

Method Summary

Modifier and Type	Method and Description
void	createRole(ConnectorSession session, String role, Optional<HivePrincipal> grantor) Creates the specified role.
void	dropRole(ConnectorSession session, String role) Drops the specified role.
void	grantRoles(ConnectorSession session, Set<String> roles, Set<HivePrincipal> grantees, boolean adminOption, Optional<HivePrincipal> grantor) Grants the specified roles to the specified grantees
void	grantTablePrivileges(ConnectorSession session, SchemaTableName schemaTableName, Set<Privilege> privileges, HivePrincipal grantee, boolean grantOption) Grants the specified privilege to the specified user on the specified table
Set<RoleGrant>	listApplicableRoles(ConnectorSession session, HivePrincipal principal) List applicable roles, including the transitive grants, for the specified principal
Set<String>	listEnabledRoles(ConnectorSession session) List applicable roles, including the transitive grants, in given session
Set<RoleGrant>	listRoleGrants(ConnectorSession session, HivePrincipal principal) List role grants for a given principal, not recursively.
Set<String>	listRoles(ConnectorSession session) List available roles.
List<GrantInfo>	listTablePrivileges(ConnectorSession session, List<SchemaTableName> tableNames) List the table privileges granted to the specified grantee for the tables that have the specified prefix considering the selected session role
void	revokeRoles(ConnectorSession session, Set<String> roles, Set<HivePrincipal> grantees, boolean adminOption, Optional<HivePrincipal> grantor) Revokes the specified roles from the specified grantees
void	revokeTablePrivileges(ConnectorSession session, SchemaTableName schemaTableName, Set<Privilege> privileges, HivePrincipal grantee, boolean grantOption) Revokes the specified privilege on the specified table from the specified user

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SqlStandardAccessControlMetadata

public SqlStandardAccessControlMetadata(SemiTransactionalHiveMetastore metastore)

Method Detail

createRole

public void createRole(ConnectorSession session,
                       String role,
                       Optional<HivePrincipal> grantor)

Description copied from interface: AccessControlMetadata

Creates the specified role.

Specified by:

createRole in interface AccessControlMetadata

grantor - represents the principal specified by WITH ADMIN statement

dropRole

public void dropRole(ConnectorSession session,
                     String role)

Description copied from interface: AccessControlMetadata

Drops the specified role.

Specified by:

dropRole in interface AccessControlMetadata

listRoles

public Set<String> listRoles(ConnectorSession session)

Description copied from interface: AccessControlMetadata

List available roles.

Specified by:

listRoles in interface AccessControlMetadata

listRoleGrants

public Set<RoleGrant> listRoleGrants(ConnectorSession session,
                                     HivePrincipal principal)

Description copied from interface: AccessControlMetadata

List role grants for a given principal, not recursively.

Specified by:

listRoleGrants in interface AccessControlMetadata

grantRoles

public void grantRoles(ConnectorSession session,
                       Set<String> roles,
                       Set<HivePrincipal> grantees,
                       boolean adminOption,
                       Optional<HivePrincipal> grantor)

Description copied from interface: AccessControlMetadata

Grants the specified roles to the specified grantees

Specified by:

grantRoles in interface AccessControlMetadata

grantor - represents the principal specified by GRANTED BY statement

revokeRoles

public void revokeRoles(ConnectorSession session,
                        Set<String> roles,
                        Set<HivePrincipal> grantees,
                        boolean adminOption,
                        Optional<HivePrincipal> grantor)

Description copied from interface: AccessControlMetadata

Revokes the specified roles from the specified grantees

Specified by:

revokeRoles in interface AccessControlMetadata

grantor - represents the principal specified by GRANTED BY statement

listApplicableRoles

public Set<RoleGrant> listApplicableRoles(ConnectorSession session,
                                          HivePrincipal principal)

Description copied from interface: AccessControlMetadata

List applicable roles, including the transitive grants, for the specified principal

Specified by:

listApplicableRoles in interface AccessControlMetadata

listEnabledRoles

public Set<String> listEnabledRoles(ConnectorSession session)

Description copied from interface: AccessControlMetadata

List applicable roles, including the transitive grants, in given session

Specified by:

listEnabledRoles in interface AccessControlMetadata

grantTablePrivileges

public void grantTablePrivileges(ConnectorSession session,
                                 SchemaTableName schemaTableName,
                                 Set<Privilege> privileges,
                                 HivePrincipal grantee,
                                 boolean grantOption)

Description copied from interface: AccessControlMetadata

Grants the specified privilege to the specified user on the specified table

Specified by:

grantTablePrivileges in interface AccessControlMetadata

revokeTablePrivileges

public void revokeTablePrivileges(ConnectorSession session,
                                  SchemaTableName schemaTableName,
                                  Set<Privilege> privileges,
                                  HivePrincipal grantee,
                                  boolean grantOption)

Description copied from interface: AccessControlMetadata

Revokes the specified privilege on the specified table from the specified user

Specified by:

revokeTablePrivileges in interface AccessControlMetadata

listTablePrivileges

public List<GrantInfo> listTablePrivileges(ConnectorSession session,
                                           List<SchemaTableName> tableNames)

Description copied from interface: AccessControlMetadata

List the table privileges granted to the specified grantee for the tables that have the specified prefix considering the selected session role

Specified by:

listTablePrivileges in interface AccessControlMetadata