Package io.trino.plugin.hive.security

Class SqlStandardAccessControl

java.lang.Object

io.trino.plugin.hive.security.SqlStandardAccessControl

All Implemented Interfaces:

ConnectorAccessControl

public class SqlStandardAccessControl
extends Object
implements ConnectorAccessControl

Field Summary

Fields

Modifier and Type	Field	Description
static String	ADMIN_ROLE_NAME

Constructor Summary

Constructors

Constructor	Description
SqlStandardAccessControl(CatalogName catalogName, SqlStandardAccessControlMetastore metastore)

Method Summary

Modifier and Type	Method	Description
void	checkCanAddColumn(ConnectorSecurityContext context, SchemaTableName tableName)
void	checkCanCreateMaterializedView(ConnectorSecurityContext context, SchemaTableName materializedViewName)
void	checkCanCreateRole(ConnectorSecurityContext context, String role, Optional<TrinoPrincipal> grantor)
void	checkCanCreateSchema(ConnectorSecurityContext context, String schemaName)
void	checkCanCreateTable(ConnectorSecurityContext context, SchemaTableName tableName)
void	checkCanCreateView(ConnectorSecurityContext context, SchemaTableName viewName)
void	checkCanCreateViewWithSelectFromColumns(ConnectorSecurityContext context, SchemaTableName tableName, Set<String> columnNames)
void	checkCanDeleteFromTable(ConnectorSecurityContext context, SchemaTableName tableName)
void	checkCanDropColumn(ConnectorSecurityContext context, SchemaTableName tableName)
void	checkCanDropMaterializedView(ConnectorSecurityContext context, SchemaTableName materializedViewName)
void	checkCanDropRole(ConnectorSecurityContext context, String role)
void	checkCanDropSchema(ConnectorSecurityContext context, String schemaName)
void	checkCanDropTable(ConnectorSecurityContext context, SchemaTableName tableName)
void	checkCanDropView(ConnectorSecurityContext context, SchemaTableName viewName)
void	checkCanExecuteProcedure(ConnectorSecurityContext context, SchemaRoutineName procedure)
void	checkCanGrantRoles(ConnectorSecurityContext context, Set<String> roles, Set<TrinoPrincipal> grantees, boolean adminOption, Optional<TrinoPrincipal> grantor, String catalogName)
void	checkCanGrantSchemaPrivilege(ConnectorSecurityContext context, Privilege privilege, String schemaName, TrinoPrincipal grantee, boolean grantOption)
void	checkCanGrantTablePrivilege(ConnectorSecurityContext context, Privilege privilege, SchemaTableName tableName, TrinoPrincipal grantee, boolean grantOption)
void	checkCanInsertIntoTable(ConnectorSecurityContext context, SchemaTableName tableName)
void	checkCanRefreshMaterializedView(ConnectorSecurityContext context, SchemaTableName materializedViewName)
void	checkCanRenameColumn(ConnectorSecurityContext context, SchemaTableName tableName)
void	checkCanRenameSchema(ConnectorSecurityContext context, String schemaName, String newSchemaName)
void	checkCanRenameTable(ConnectorSecurityContext context, SchemaTableName tableName, SchemaTableName newTableName)
void	checkCanRenameView(ConnectorSecurityContext context, SchemaTableName viewName, SchemaTableName newViewName)
void	checkCanRevokeRoles(ConnectorSecurityContext context, Set<String> roles, Set<TrinoPrincipal> grantees, boolean adminOption, Optional<TrinoPrincipal> grantor, String catalogName)
void	checkCanRevokeSchemaPrivilege(ConnectorSecurityContext context, Privilege privilege, String schemaName, TrinoPrincipal revokee, boolean grantOption)
void	checkCanRevokeTablePrivilege(ConnectorSecurityContext context, Privilege privilege, SchemaTableName tableName, TrinoPrincipal revokee, boolean grantOption)
void	checkCanSelectFromColumns(ConnectorSecurityContext context, SchemaTableName tableName, Set<String> columnNames)
void	checkCanSetCatalogSessionProperty(ConnectorSecurityContext context, String propertyName)
void	checkCanSetColumnComment(ConnectorSecurityContext context, SchemaTableName tableName)
void	checkCanSetRole(ConnectorSecurityContext context, String role, String catalogName)
void	checkCanSetSchemaAuthorization(ConnectorSecurityContext context, String schemaName, TrinoPrincipal principal)
void	checkCanSetTableAuthorization(ConnectorSecurityContext context, SchemaTableName tableName, TrinoPrincipal principal)
void	checkCanSetTableComment(ConnectorSecurityContext context, SchemaTableName tableName)
void	checkCanSetViewAuthorization(ConnectorSecurityContext context, SchemaTableName viewName, TrinoPrincipal principal)
void	checkCanShowColumns(ConnectorSecurityContext context, SchemaTableName tableName)
void	checkCanShowCreateSchema(ConnectorSecurityContext context, String schemaName)
void	checkCanShowCreateTable(ConnectorSecurityContext context, SchemaTableName tableName)
void	checkCanShowCurrentRoles(ConnectorSecurityContext context, String catalogName)
void	checkCanShowRoleAuthorizationDescriptors(ConnectorSecurityContext context, String catalogName)
void	checkCanShowRoleGrants(ConnectorSecurityContext context, String catalogName)
void	checkCanShowRoles(ConnectorSecurityContext context, String catalogName)
void	checkCanShowSchemas(ConnectorSecurityContext context)
void	checkCanShowTables(ConnectorSecurityContext context, String schemaName)
void	checkCanUpdateTableColumns(ConnectorSecurityContext context, SchemaTableName tableName, Set<String> updatedColumns)
Set<String>	filterColumns(ConnectorSecurityContext context, SchemaTableName tableName, Set<String> columns)
Set<String>	filterSchemas(ConnectorSecurityContext context, Set<String> schemaNames)
Set<SchemaTableName>	filterTables(ConnectorSecurityContext context, Set<SchemaTableName> tableNames)
Optional<ViewExpression>	getColumnMask(ConnectorSecurityContext context, SchemaTableName tableName, String columnName, Type type)
Optional<ViewExpression>	getRowFilter(ConnectorSecurityContext context, SchemaTableName tableName)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ADMIN_ROLE_NAME

public static final String ADMIN_ROLE_NAME

See Also:

Constant Field Values

Constructor Detail

SqlStandardAccessControl

@Inject
public SqlStandardAccessControl(CatalogName catalogName,
                                SqlStandardAccessControlMetastore metastore)

Method Detail

checkCanCreateSchema

public void checkCanCreateSchema(ConnectorSecurityContext context,
                                 String schemaName)

Specified by:

checkCanCreateSchema in interface ConnectorAccessControl

checkCanDropSchema

public void checkCanDropSchema(ConnectorSecurityContext context,
                               String schemaName)

Specified by:

checkCanDropSchema in interface ConnectorAccessControl

checkCanRenameSchema

public void checkCanRenameSchema(ConnectorSecurityContext context,
                                 String schemaName,
                                 String newSchemaName)

Specified by:

checkCanRenameSchema in interface ConnectorAccessControl

checkCanSetSchemaAuthorization

public void checkCanSetSchemaAuthorization(ConnectorSecurityContext context,
                                           String schemaName,
                                           TrinoPrincipal principal)

Specified by:

checkCanSetSchemaAuthorization in interface ConnectorAccessControl

checkCanShowSchemas

public void checkCanShowSchemas(ConnectorSecurityContext context)

Specified by:

checkCanShowSchemas in interface ConnectorAccessControl

filterSchemas

public Set<String> filterSchemas(ConnectorSecurityContext context,
                                 Set<String> schemaNames)

Specified by:

filterSchemas in interface ConnectorAccessControl

checkCanShowCreateTable

public void checkCanShowCreateTable(ConnectorSecurityContext context,
                                    SchemaTableName tableName)

Specified by:

checkCanShowCreateTable in interface ConnectorAccessControl

checkCanShowCreateSchema

public void checkCanShowCreateSchema(ConnectorSecurityContext context,
                                     String schemaName)

Specified by:

checkCanShowCreateSchema in interface ConnectorAccessControl

checkCanCreateTable

public void checkCanCreateTable(ConnectorSecurityContext context,
                                SchemaTableName tableName)

Specified by:

checkCanCreateTable in interface ConnectorAccessControl

checkCanDropTable

public void checkCanDropTable(ConnectorSecurityContext context,
                              SchemaTableName tableName)

Specified by:

checkCanDropTable in interface ConnectorAccessControl

checkCanRenameTable

public void checkCanRenameTable(ConnectorSecurityContext context,
                                SchemaTableName tableName,
                                SchemaTableName newTableName)

Specified by:

checkCanRenameTable in interface ConnectorAccessControl

checkCanSetTableComment

public void checkCanSetTableComment(ConnectorSecurityContext context,
                                    SchemaTableName tableName)

Specified by:

checkCanSetTableComment in interface ConnectorAccessControl

checkCanSetColumnComment

public void checkCanSetColumnComment(ConnectorSecurityContext context,
                                     SchemaTableName tableName)

Specified by:

checkCanSetColumnComment in interface ConnectorAccessControl

checkCanShowTables

public void checkCanShowTables(ConnectorSecurityContext context,
                               String schemaName)

Specified by:

checkCanShowTables in interface ConnectorAccessControl

filterTables

public Set<SchemaTableName> filterTables(ConnectorSecurityContext context,
                                         Set<SchemaTableName> tableNames)

Specified by:

filterTables in interface ConnectorAccessControl

checkCanShowColumns

public void checkCanShowColumns(ConnectorSecurityContext context,
                                SchemaTableName tableName)

Specified by:

checkCanShowColumns in interface ConnectorAccessControl

filterColumns

public Set<String> filterColumns(ConnectorSecurityContext context,
                                 SchemaTableName tableName,
                                 Set<String> columns)

Specified by:

filterColumns in interface ConnectorAccessControl

checkCanAddColumn

public void checkCanAddColumn(ConnectorSecurityContext context,
                              SchemaTableName tableName)

Specified by:

checkCanAddColumn in interface ConnectorAccessControl

checkCanDropColumn

public void checkCanDropColumn(ConnectorSecurityContext context,
                               SchemaTableName tableName)

Specified by:

checkCanDropColumn in interface ConnectorAccessControl

checkCanRenameColumn

public void checkCanRenameColumn(ConnectorSecurityContext context,
                                 SchemaTableName tableName)

Specified by:

checkCanRenameColumn in interface ConnectorAccessControl

checkCanSetTableAuthorization

public void checkCanSetTableAuthorization(ConnectorSecurityContext context,
                                          SchemaTableName tableName,
                                          TrinoPrincipal principal)

Specified by:

checkCanSetTableAuthorization in interface ConnectorAccessControl

checkCanSelectFromColumns

public void checkCanSelectFromColumns(ConnectorSecurityContext context,
                                      SchemaTableName tableName,
                                      Set<String> columnNames)

Specified by:

checkCanSelectFromColumns in interface ConnectorAccessControl

checkCanInsertIntoTable

public void checkCanInsertIntoTable(ConnectorSecurityContext context,
                                    SchemaTableName tableName)

Specified by:

checkCanInsertIntoTable in interface ConnectorAccessControl

checkCanDeleteFromTable

public void checkCanDeleteFromTable(ConnectorSecurityContext context,
                                    SchemaTableName tableName)

Specified by:

checkCanDeleteFromTable in interface ConnectorAccessControl

checkCanUpdateTableColumns

public void checkCanUpdateTableColumns(ConnectorSecurityContext context,
                                       SchemaTableName tableName,
                                       Set<String> updatedColumns)

Specified by:

checkCanUpdateTableColumns in interface ConnectorAccessControl

checkCanCreateView

public void checkCanCreateView(ConnectorSecurityContext context,
                               SchemaTableName viewName)

Specified by:

checkCanCreateView in interface ConnectorAccessControl

checkCanRenameView

public void checkCanRenameView(ConnectorSecurityContext context,
                               SchemaTableName viewName,
                               SchemaTableName newViewName)

Specified by:

checkCanRenameView in interface ConnectorAccessControl

checkCanSetViewAuthorization

public void checkCanSetViewAuthorization(ConnectorSecurityContext context,
                                         SchemaTableName viewName,
                                         TrinoPrincipal principal)

Specified by:

checkCanSetViewAuthorization in interface ConnectorAccessControl

checkCanDropView

public void checkCanDropView(ConnectorSecurityContext context,
                             SchemaTableName viewName)

Specified by:

checkCanDropView in interface ConnectorAccessControl

checkCanCreateViewWithSelectFromColumns

public void checkCanCreateViewWithSelectFromColumns(ConnectorSecurityContext context,
                                                    SchemaTableName tableName,
                                                    Set<String> columnNames)

Specified by:

checkCanCreateViewWithSelectFromColumns in interface ConnectorAccessControl

checkCanCreateMaterializedView

public void checkCanCreateMaterializedView(ConnectorSecurityContext context,
                                           SchemaTableName materializedViewName)

Specified by:

checkCanCreateMaterializedView in interface ConnectorAccessControl

checkCanRefreshMaterializedView

public void checkCanRefreshMaterializedView(ConnectorSecurityContext context,
                                            SchemaTableName materializedViewName)

Specified by:

checkCanRefreshMaterializedView in interface ConnectorAccessControl

checkCanDropMaterializedView

public void checkCanDropMaterializedView(ConnectorSecurityContext context,
                                         SchemaTableName materializedViewName)

Specified by:

checkCanDropMaterializedView in interface ConnectorAccessControl

checkCanSetCatalogSessionProperty

public void checkCanSetCatalogSessionProperty(ConnectorSecurityContext context,
                                              String propertyName)

Specified by:

checkCanSetCatalogSessionProperty in interface ConnectorAccessControl

checkCanGrantSchemaPrivilege

public void checkCanGrantSchemaPrivilege(ConnectorSecurityContext context,
                                         Privilege privilege,
                                         String schemaName,
                                         TrinoPrincipal grantee,
                                         boolean grantOption)

Specified by:

checkCanGrantSchemaPrivilege in interface ConnectorAccessControl

checkCanRevokeSchemaPrivilege

public void checkCanRevokeSchemaPrivilege(ConnectorSecurityContext context,
                                          Privilege privilege,
                                          String schemaName,
                                          TrinoPrincipal revokee,
                                          boolean grantOption)

Specified by:

checkCanRevokeSchemaPrivilege in interface ConnectorAccessControl

checkCanGrantTablePrivilege

public void checkCanGrantTablePrivilege(ConnectorSecurityContext context,
                                        Privilege privilege,
                                        SchemaTableName tableName,
                                        TrinoPrincipal grantee,
                                        boolean grantOption)

Specified by:

checkCanGrantTablePrivilege in interface ConnectorAccessControl

checkCanRevokeTablePrivilege

public void checkCanRevokeTablePrivilege(ConnectorSecurityContext context,
                                         Privilege privilege,
                                         SchemaTableName tableName,
                                         TrinoPrincipal revokee,
                                         boolean grantOption)

Specified by:

checkCanRevokeTablePrivilege in interface ConnectorAccessControl

checkCanCreateRole

public void checkCanCreateRole(ConnectorSecurityContext context,
                               String role,
                               Optional<TrinoPrincipal> grantor)

Specified by:

checkCanCreateRole in interface ConnectorAccessControl

checkCanDropRole

public void checkCanDropRole(ConnectorSecurityContext context,
                             String role)

Specified by:

checkCanDropRole in interface ConnectorAccessControl

checkCanGrantRoles

public void checkCanGrantRoles(ConnectorSecurityContext context,
                               Set<String> roles,
                               Set<TrinoPrincipal> grantees,
                               boolean adminOption,
                               Optional<TrinoPrincipal> grantor,
                               String catalogName)

Specified by:

checkCanGrantRoles in interface ConnectorAccessControl

checkCanRevokeRoles

public void checkCanRevokeRoles(ConnectorSecurityContext context,
                                Set<String> roles,
                                Set<TrinoPrincipal> grantees,
                                boolean adminOption,
                                Optional<TrinoPrincipal> grantor,
                                String catalogName)

Specified by:

checkCanRevokeRoles in interface ConnectorAccessControl

checkCanSetRole

public void checkCanSetRole(ConnectorSecurityContext context,
                            String role,
                            String catalogName)

Specified by:

checkCanSetRole in interface ConnectorAccessControl

checkCanShowRoleAuthorizationDescriptors

public void checkCanShowRoleAuthorizationDescriptors(ConnectorSecurityContext context,
                                                     String catalogName)

Specified by:

checkCanShowRoleAuthorizationDescriptors in interface ConnectorAccessControl

checkCanShowRoles

public void checkCanShowRoles(ConnectorSecurityContext context,
                              String catalogName)

Specified by:

checkCanShowRoles in interface ConnectorAccessControl

checkCanShowCurrentRoles

public void checkCanShowCurrentRoles(ConnectorSecurityContext context,
                                     String catalogName)

Specified by:

checkCanShowCurrentRoles in interface ConnectorAccessControl

checkCanShowRoleGrants

public void checkCanShowRoleGrants(ConnectorSecurityContext context,
                                   String catalogName)

Specified by:

checkCanShowRoleGrants in interface ConnectorAccessControl

checkCanExecuteProcedure

public void checkCanExecuteProcedure(ConnectorSecurityContext context,
                                     SchemaRoutineName procedure)

Specified by:

checkCanExecuteProcedure in interface ConnectorAccessControl

getRowFilter

public Optional<ViewExpression> getRowFilter(ConnectorSecurityContext context,
                                             SchemaTableName tableName)

Specified by:

getRowFilter in interface ConnectorAccessControl

getColumnMask

public Optional<ViewExpression> getColumnMask(ConnectorSecurityContext context,
                                              SchemaTableName tableName,
                                              String columnName,
                                              Type type)

Specified by:

getColumnMask in interface ConnectorAccessControl