Package io.trino.plugin.hive.security
Class SqlStandardAccessControl
java.lang.Object
io.trino.plugin.hive.security.SqlStandardAccessControl
- All Implemented Interfaces:
ConnectorAccessControl
-
Field Summary
Fields -
Constructor Summary
ConstructorsConstructorDescriptionSqlStandardAccessControl(CatalogName catalogName, SqlStandardAccessControlMetastore metastore) -
Method Summary
Modifier and TypeMethodDescriptionvoidcheckCanAddColumn(ConnectorSecurityContext context, SchemaTableName tableName) voidcheckCanAlterColumn(ConnectorSecurityContext context, SchemaTableName tableName) voidcheckCanCreateMaterializedView(ConnectorSecurityContext context, SchemaTableName materializedViewName, Map<String, Object> properties) voidcheckCanCreateRole(ConnectorSecurityContext context, String role, Optional<TrinoPrincipal> grantor) voidcheckCanCreateSchema(ConnectorSecurityContext context, String schemaName, Map<String, Object> properties) voidcheckCanCreateTable(ConnectorSecurityContext context, SchemaTableName tableName, Map<String, Object> properties) voidcheckCanCreateView(ConnectorSecurityContext context, SchemaTableName viewName) voidcheckCanCreateViewWithSelectFromColumns(ConnectorSecurityContext context, SchemaTableName tableName, Set<String> columnNames) voidcheckCanDeleteFromTable(ConnectorSecurityContext context, SchemaTableName tableName) voidcheckCanDenySchemaPrivilege(ConnectorSecurityContext context, Privilege privilege, String schemaName, TrinoPrincipal grantee) voidcheckCanDenyTablePrivilege(ConnectorSecurityContext context, Privilege privilege, SchemaTableName tableName, TrinoPrincipal grantee) voidcheckCanDropColumn(ConnectorSecurityContext context, SchemaTableName tableName) voidcheckCanDropMaterializedView(ConnectorSecurityContext context, SchemaTableName materializedViewName) voidcheckCanDropRole(ConnectorSecurityContext context, String role) voidcheckCanDropSchema(ConnectorSecurityContext context, String schemaName) voidcheckCanDropTable(ConnectorSecurityContext context, SchemaTableName tableName) voidcheckCanDropView(ConnectorSecurityContext context, SchemaTableName viewName) voidcheckCanExecuteFunction(ConnectorSecurityContext context, FunctionKind functionKind, SchemaRoutineName function) voidcheckCanExecuteProcedure(ConnectorSecurityContext context, SchemaRoutineName procedure) voidcheckCanExecuteTableProcedure(ConnectorSecurityContext context, SchemaTableName tableName, String procedure) voidcheckCanGrantExecuteFunctionPrivilege(ConnectorSecurityContext context, FunctionKind functionKind, SchemaRoutineName functionName, TrinoPrincipal grantee, boolean grantOption) voidcheckCanGrantRoles(ConnectorSecurityContext context, Set<String> roles, Set<TrinoPrincipal> grantees, boolean adminOption, Optional<TrinoPrincipal> grantor) voidcheckCanGrantSchemaPrivilege(ConnectorSecurityContext context, Privilege privilege, String schemaName, TrinoPrincipal grantee, boolean grantOption) voidcheckCanGrantTablePrivilege(ConnectorSecurityContext context, Privilege privilege, SchemaTableName tableName, TrinoPrincipal grantee, boolean grantOption) voidcheckCanInsertIntoTable(ConnectorSecurityContext context, SchemaTableName tableName) voidcheckCanRefreshMaterializedView(ConnectorSecurityContext context, SchemaTableName materializedViewName) voidcheckCanRenameColumn(ConnectorSecurityContext context, SchemaTableName tableName) voidcheckCanRenameMaterializedView(ConnectorSecurityContext context, SchemaTableName viewName, SchemaTableName newViewName) voidcheckCanRenameSchema(ConnectorSecurityContext context, String schemaName, String newSchemaName) voidcheckCanRenameTable(ConnectorSecurityContext context, SchemaTableName tableName, SchemaTableName newTableName) voidcheckCanRenameView(ConnectorSecurityContext context, SchemaTableName viewName, SchemaTableName newViewName) voidcheckCanRevokeRoles(ConnectorSecurityContext context, Set<String> roles, Set<TrinoPrincipal> grantees, boolean adminOption, Optional<TrinoPrincipal> grantor) voidcheckCanRevokeSchemaPrivilege(ConnectorSecurityContext context, Privilege privilege, String schemaName, TrinoPrincipal revokee, boolean grantOption) voidcheckCanRevokeTablePrivilege(ConnectorSecurityContext context, Privilege privilege, SchemaTableName tableName, TrinoPrincipal revokee, boolean grantOption) voidcheckCanSelectFromColumns(ConnectorSecurityContext context, SchemaTableName tableName, Set<String> columnNames) voidcheckCanSetCatalogSessionProperty(ConnectorSecurityContext context, String propertyName) voidcheckCanSetColumnComment(ConnectorSecurityContext context, SchemaTableName tableName) voidcheckCanSetMaterializedViewProperties(ConnectorSecurityContext context, SchemaTableName materializedViewName, Map<String, Optional<Object>> properties) voidcheckCanSetRole(ConnectorSecurityContext context, String role) voidcheckCanSetSchemaAuthorization(ConnectorSecurityContext context, String schemaName, TrinoPrincipal principal) voidcheckCanSetTableAuthorization(ConnectorSecurityContext context, SchemaTableName tableName, TrinoPrincipal principal) voidcheckCanSetTableComment(ConnectorSecurityContext context, SchemaTableName tableName) voidcheckCanSetTableProperties(ConnectorSecurityContext context, SchemaTableName tableName, Map<String, Optional<Object>> properties) voidcheckCanSetViewAuthorization(ConnectorSecurityContext context, SchemaTableName viewName, TrinoPrincipal principal) voidcheckCanSetViewComment(ConnectorSecurityContext context, SchemaTableName viewName) voidcheckCanShowColumns(ConnectorSecurityContext context, SchemaTableName tableName) voidcheckCanShowCreateSchema(ConnectorSecurityContext context, String schemaName) voidcheckCanShowCreateTable(ConnectorSecurityContext context, SchemaTableName tableName) voidvoidvoidvoidvoidcheckCanShowTables(ConnectorSecurityContext context, String schemaName) voidcheckCanTruncateTable(ConnectorSecurityContext context, SchemaTableName tableName) voidcheckCanUpdateTableColumns(ConnectorSecurityContext context, SchemaTableName tableName, Set<String> updatedColumns) filterColumns(ConnectorSecurityContext context, SchemaTableName tableName, Set<String> columns) filterSchemas(ConnectorSecurityContext context, Set<String> schemaNames) filterTables(ConnectorSecurityContext context, Set<SchemaTableName> tableNames) getColumnMask(ConnectorSecurityContext context, SchemaTableName tableName, String columnName, Type type) getRowFilters(ConnectorSecurityContext context, SchemaTableName tableName)
-
Field Details
-
ADMIN_ROLE_NAME
- See Also:
-
-
Constructor Details
-
SqlStandardAccessControl
@Inject public SqlStandardAccessControl(CatalogName catalogName, SqlStandardAccessControlMetastore metastore)
-
-
Method Details
-
checkCanCreateSchema
public void checkCanCreateSchema(ConnectorSecurityContext context, String schemaName, Map<String, Object> properties) - Specified by:
checkCanCreateSchemain interfaceConnectorAccessControl
-
checkCanDropSchema
- Specified by:
checkCanDropSchemain interfaceConnectorAccessControl
-
checkCanRenameSchema
public void checkCanRenameSchema(ConnectorSecurityContext context, String schemaName, String newSchemaName) - Specified by:
checkCanRenameSchemain interfaceConnectorAccessControl
-
checkCanSetSchemaAuthorization
public void checkCanSetSchemaAuthorization(ConnectorSecurityContext context, String schemaName, TrinoPrincipal principal) - Specified by:
checkCanSetSchemaAuthorizationin interfaceConnectorAccessControl
-
checkCanShowSchemas
- Specified by:
checkCanShowSchemasin interfaceConnectorAccessControl
-
filterSchemas
- Specified by:
filterSchemasin interfaceConnectorAccessControl
-
checkCanShowCreateTable
- Specified by:
checkCanShowCreateTablein interfaceConnectorAccessControl
-
checkCanShowCreateSchema
- Specified by:
checkCanShowCreateSchemain interfaceConnectorAccessControl
-
checkCanCreateTable
public void checkCanCreateTable(ConnectorSecurityContext context, SchemaTableName tableName, Map<String, Object> properties) - Specified by:
checkCanCreateTablein interfaceConnectorAccessControl
-
checkCanDropTable
- Specified by:
checkCanDropTablein interfaceConnectorAccessControl
-
checkCanRenameTable
public void checkCanRenameTable(ConnectorSecurityContext context, SchemaTableName tableName, SchemaTableName newTableName) - Specified by:
checkCanRenameTablein interfaceConnectorAccessControl
-
checkCanSetTableProperties
public void checkCanSetTableProperties(ConnectorSecurityContext context, SchemaTableName tableName, Map<String, Optional<Object>> properties) - Specified by:
checkCanSetTablePropertiesin interfaceConnectorAccessControl
-
checkCanSetTableComment
- Specified by:
checkCanSetTableCommentin interfaceConnectorAccessControl
-
checkCanSetViewComment
- Specified by:
checkCanSetViewCommentin interfaceConnectorAccessControl
-
checkCanSetColumnComment
- Specified by:
checkCanSetColumnCommentin interfaceConnectorAccessControl
-
checkCanShowTables
- Specified by:
checkCanShowTablesin interfaceConnectorAccessControl
-
filterTables
public Set<SchemaTableName> filterTables(ConnectorSecurityContext context, Set<SchemaTableName> tableNames) - Specified by:
filterTablesin interfaceConnectorAccessControl
-
checkCanShowColumns
- Specified by:
checkCanShowColumnsin interfaceConnectorAccessControl
-
filterColumns
public Set<String> filterColumns(ConnectorSecurityContext context, SchemaTableName tableName, Set<String> columns) - Specified by:
filterColumnsin interfaceConnectorAccessControl
-
checkCanAddColumn
- Specified by:
checkCanAddColumnin interfaceConnectorAccessControl
-
checkCanDropColumn
- Specified by:
checkCanDropColumnin interfaceConnectorAccessControl
-
checkCanRenameColumn
- Specified by:
checkCanRenameColumnin interfaceConnectorAccessControl
-
checkCanAlterColumn
- Specified by:
checkCanAlterColumnin interfaceConnectorAccessControl
-
checkCanSetTableAuthorization
public void checkCanSetTableAuthorization(ConnectorSecurityContext context, SchemaTableName tableName, TrinoPrincipal principal) - Specified by:
checkCanSetTableAuthorizationin interfaceConnectorAccessControl
-
checkCanSelectFromColumns
public void checkCanSelectFromColumns(ConnectorSecurityContext context, SchemaTableName tableName, Set<String> columnNames) - Specified by:
checkCanSelectFromColumnsin interfaceConnectorAccessControl
-
checkCanInsertIntoTable
- Specified by:
checkCanInsertIntoTablein interfaceConnectorAccessControl
-
checkCanDeleteFromTable
- Specified by:
checkCanDeleteFromTablein interfaceConnectorAccessControl
-
checkCanTruncateTable
- Specified by:
checkCanTruncateTablein interfaceConnectorAccessControl
-
checkCanUpdateTableColumns
public void checkCanUpdateTableColumns(ConnectorSecurityContext context, SchemaTableName tableName, Set<String> updatedColumns) - Specified by:
checkCanUpdateTableColumnsin interfaceConnectorAccessControl
-
checkCanCreateView
- Specified by:
checkCanCreateViewin interfaceConnectorAccessControl
-
checkCanRenameView
public void checkCanRenameView(ConnectorSecurityContext context, SchemaTableName viewName, SchemaTableName newViewName) - Specified by:
checkCanRenameViewin interfaceConnectorAccessControl
-
checkCanSetViewAuthorization
public void checkCanSetViewAuthorization(ConnectorSecurityContext context, SchemaTableName viewName, TrinoPrincipal principal) - Specified by:
checkCanSetViewAuthorizationin interfaceConnectorAccessControl
-
checkCanDropView
- Specified by:
checkCanDropViewin interfaceConnectorAccessControl
-
checkCanCreateViewWithSelectFromColumns
public void checkCanCreateViewWithSelectFromColumns(ConnectorSecurityContext context, SchemaTableName tableName, Set<String> columnNames) - Specified by:
checkCanCreateViewWithSelectFromColumnsin interfaceConnectorAccessControl
-
checkCanCreateMaterializedView
public void checkCanCreateMaterializedView(ConnectorSecurityContext context, SchemaTableName materializedViewName, Map<String, Object> properties) - Specified by:
checkCanCreateMaterializedViewin interfaceConnectorAccessControl
-
checkCanRefreshMaterializedView
public void checkCanRefreshMaterializedView(ConnectorSecurityContext context, SchemaTableName materializedViewName) - Specified by:
checkCanRefreshMaterializedViewin interfaceConnectorAccessControl
-
checkCanDropMaterializedView
public void checkCanDropMaterializedView(ConnectorSecurityContext context, SchemaTableName materializedViewName) - Specified by:
checkCanDropMaterializedViewin interfaceConnectorAccessControl
-
checkCanRenameMaterializedView
public void checkCanRenameMaterializedView(ConnectorSecurityContext context, SchemaTableName viewName, SchemaTableName newViewName) - Specified by:
checkCanRenameMaterializedViewin interfaceConnectorAccessControl
-
checkCanGrantExecuteFunctionPrivilege
public void checkCanGrantExecuteFunctionPrivilege(ConnectorSecurityContext context, FunctionKind functionKind, SchemaRoutineName functionName, TrinoPrincipal grantee, boolean grantOption) - Specified by:
checkCanGrantExecuteFunctionPrivilegein interfaceConnectorAccessControl
-
checkCanSetMaterializedViewProperties
public void checkCanSetMaterializedViewProperties(ConnectorSecurityContext context, SchemaTableName materializedViewName, Map<String, Optional<Object>> properties) - Specified by:
checkCanSetMaterializedViewPropertiesin interfaceConnectorAccessControl
-
checkCanSetCatalogSessionProperty
public void checkCanSetCatalogSessionProperty(ConnectorSecurityContext context, String propertyName) - Specified by:
checkCanSetCatalogSessionPropertyin interfaceConnectorAccessControl
-
checkCanGrantSchemaPrivilege
public void checkCanGrantSchemaPrivilege(ConnectorSecurityContext context, Privilege privilege, String schemaName, TrinoPrincipal grantee, boolean grantOption) - Specified by:
checkCanGrantSchemaPrivilegein interfaceConnectorAccessControl
-
checkCanDenySchemaPrivilege
public void checkCanDenySchemaPrivilege(ConnectorSecurityContext context, Privilege privilege, String schemaName, TrinoPrincipal grantee) - Specified by:
checkCanDenySchemaPrivilegein interfaceConnectorAccessControl
-
checkCanRevokeSchemaPrivilege
public void checkCanRevokeSchemaPrivilege(ConnectorSecurityContext context, Privilege privilege, String schemaName, TrinoPrincipal revokee, boolean grantOption) - Specified by:
checkCanRevokeSchemaPrivilegein interfaceConnectorAccessControl
-
checkCanGrantTablePrivilege
public void checkCanGrantTablePrivilege(ConnectorSecurityContext context, Privilege privilege, SchemaTableName tableName, TrinoPrincipal grantee, boolean grantOption) - Specified by:
checkCanGrantTablePrivilegein interfaceConnectorAccessControl
-
checkCanDenyTablePrivilege
public void checkCanDenyTablePrivilege(ConnectorSecurityContext context, Privilege privilege, SchemaTableName tableName, TrinoPrincipal grantee) - Specified by:
checkCanDenyTablePrivilegein interfaceConnectorAccessControl
-
checkCanRevokeTablePrivilege
public void checkCanRevokeTablePrivilege(ConnectorSecurityContext context, Privilege privilege, SchemaTableName tableName, TrinoPrincipal revokee, boolean grantOption) - Specified by:
checkCanRevokeTablePrivilegein interfaceConnectorAccessControl
-
checkCanCreateRole
public void checkCanCreateRole(ConnectorSecurityContext context, String role, Optional<TrinoPrincipal> grantor) - Specified by:
checkCanCreateRolein interfaceConnectorAccessControl
-
checkCanDropRole
- Specified by:
checkCanDropRolein interfaceConnectorAccessControl
-
checkCanGrantRoles
public void checkCanGrantRoles(ConnectorSecurityContext context, Set<String> roles, Set<TrinoPrincipal> grantees, boolean adminOption, Optional<TrinoPrincipal> grantor) - Specified by:
checkCanGrantRolesin interfaceConnectorAccessControl
-
checkCanRevokeRoles
public void checkCanRevokeRoles(ConnectorSecurityContext context, Set<String> roles, Set<TrinoPrincipal> grantees, boolean adminOption, Optional<TrinoPrincipal> grantor) - Specified by:
checkCanRevokeRolesin interfaceConnectorAccessControl
-
checkCanSetRole
- Specified by:
checkCanSetRolein interfaceConnectorAccessControl
-
checkCanShowRoles
- Specified by:
checkCanShowRolesin interfaceConnectorAccessControl
-
checkCanShowCurrentRoles
- Specified by:
checkCanShowCurrentRolesin interfaceConnectorAccessControl
-
checkCanShowRoleGrants
- Specified by:
checkCanShowRoleGrantsin interfaceConnectorAccessControl
-
checkCanExecuteProcedure
- Specified by:
checkCanExecuteProcedurein interfaceConnectorAccessControl
-
checkCanExecuteTableProcedure
public void checkCanExecuteTableProcedure(ConnectorSecurityContext context, SchemaTableName tableName, String procedure) - Specified by:
checkCanExecuteTableProcedurein interfaceConnectorAccessControl
-
checkCanExecuteFunction
public void checkCanExecuteFunction(ConnectorSecurityContext context, FunctionKind functionKind, SchemaRoutineName function) - Specified by:
checkCanExecuteFunctionin interfaceConnectorAccessControl
-
getRowFilters
public List<ViewExpression> getRowFilters(ConnectorSecurityContext context, SchemaTableName tableName) - Specified by:
getRowFiltersin interfaceConnectorAccessControl
-
getColumnMask
public Optional<ViewExpression> getColumnMask(ConnectorSecurityContext context, SchemaTableName tableName, String columnName, Type type) - Specified by:
getColumnMaskin interfaceConnectorAccessControl
-