All Known Implementing Classes:

DisabledSystemSecurityMetadata
```
public interface SystemSecurityMetadata
```

Method Summary

All Methods Instance Methods Abstract Methods
Modifier and Type	Method	Description
`void`	`createRole(Session session, String role, Optional<TrinoPrincipal> grantor)`	Creates the specified role.
`void`	`denySchemaPrivileges(Session session, CatalogSchemaName schemaName, Set<Privilege> privileges, TrinoPrincipal grantee)`	Denys the specified privilege to the specified user on the specified schema.
`void`	`denyTablePrivileges(Session session, QualifiedObjectName tableName, Set<Privilege> privileges, TrinoPrincipal grantee)`	Denys the specified privilege to the specified user on the specified table
`void`	`dropRole(Session session, String role)`	Drops the specified role.
`Optional<TrinoPrincipal>`	`getSchemaOwner(Session session, CatalogSchemaName schema)`	Set the owner of the specified schema
`Optional<Identity>`	`getViewRunAsIdentity(Session session, CatalogSchemaTableName viewName)`	Get the identity to run the view as
`void`	`grantRoles(Session session, Set<String> roles, Set<TrinoPrincipal> grantees, boolean adminOption, Optional<TrinoPrincipal> grantor)`	Grants the specified roles to the specified grantees.
`void`	`grantSchemaPrivileges(Session session, CatalogSchemaName schemaName, Set<Privilege> privileges, TrinoPrincipal grantee, boolean grantOption)`	Grants the specified privilege to the specified user on the specified schema.
`void`	`grantTablePrivileges(Session session, QualifiedObjectName tableName, Set<Privilege> privileges, TrinoPrincipal grantee, boolean grantOption)`	Grants the specified privilege to the specified user on the specified table
`Set<RoleGrant>`	`listAllRoleGrants(Session session, Optional<Set<String>> roles, Optional<Set<String>> grantees, OptionalLong limit)`	List all role grants, optionally filtered by passed role, grantee, and limit predicates.
`Set<RoleGrant>`	`listApplicableRoles(Session session, TrinoPrincipal principal)`	List applicable roles, including the transitive grants, for the specified principal
`Set<String>`	`listEnabledRoles(Identity identity)`	List applicable roles, including the transitive grants, in given identity
`Set<RoleGrant>`	`listRoleGrants(Session session, TrinoPrincipal principal)`	List roles grants for a given principal, not recursively.
`Set<String>`	`listRoles(Session session)`	List available roles.
`Set<GrantInfo>`	`listTablePrivileges(Session session, QualifiedTablePrefix prefix)`	Gets the privileges for the specified table available to the given grantee considering the selected session role
`void`	`revokeRoles(Session session, Set<String> roles, Set<TrinoPrincipal> grantees, boolean adminOption, Optional<TrinoPrincipal> grantor)`	Revokes the specified roles from the specified grantees.
`void`	`revokeSchemaPrivileges(Session session, CatalogSchemaName schemaName, Set<Privilege> privileges, TrinoPrincipal grantee, boolean grantOption)`	Revokes the specified privilege on the specified schema from the specified user.
`void`	`revokeTablePrivileges(Session session, QualifiedObjectName tableName, Set<Privilege> privileges, TrinoPrincipal grantee, boolean grantOption)`	Revokes the specified privilege on the specified table from the specified user
`boolean`	`roleExists(Session session, String role)`	Does the specified role exist.
`void`	`schemaCreated(Session session, CatalogSchemaName schema)`	A schema was created
`void`	`schemaDropped(Session session, CatalogSchemaName schema)`	A schema was dropped
`void`	`schemaRenamed(Session session, CatalogSchemaName sourceSchema, CatalogSchemaName targetSchema)`	A schema was renamed
`void`	`setSchemaOwner(Session session, CatalogSchemaName schema, TrinoPrincipal principal)`	Set the owner of the specified schema
`void`	`setTableOwner(Session session, CatalogSchemaTableName table, TrinoPrincipal principal)`	Set the owner of the specified table
`void`	`setViewOwner(Session session, CatalogSchemaTableName view, TrinoPrincipal principal)`	Set the owner of the specified view
`void`	`tableCreated(Session session, CatalogSchemaTableName table)`	A table or view was created
`void`	`tableDropped(Session session, CatalogSchemaTableName table)`	A table or view was dropped
`void`	`tableRenamed(Session session, CatalogSchemaTableName sourceTable, CatalogSchemaTableName targetTable)`	A table or view was renamed

Method Detail

roleExists

boolean roleExists(Session session,
                   String role)

Does the specified role exist.

createRole

void createRole(Session session,
                String role,
                Optional<TrinoPrincipal> grantor)

Creates the specified role.

Parameters:: grantor - represents the principal specified by WITH ADMIN statement

dropRole

void dropRole(Session session,
              String role)

Drops the specified role.

listRoles

Set<String> listRoles(Session session)

List available roles.

listAllRoleGrants

Set<RoleGrant> listAllRoleGrants(Session session,
                                 Optional<Set<String>> roles,
                                 Optional<Set<String>> grantees,
                                 OptionalLong limit)

List all role grants, optionally filtered by passed role, grantee, and limit predicates.

listRoleGrants

Set<RoleGrant> listRoleGrants(Session session,
                              TrinoPrincipal principal)

List roles grants for a given principal, not recursively.

grantRoles

void grantRoles(Session session,
                Set<String> roles,
                Set<TrinoPrincipal> grantees,
                boolean adminOption,
                Optional<TrinoPrincipal> grantor)

Grants the specified roles to the specified grantees.

Parameters:: grantor - represents the principal specified by GRANTED BY statement

revokeRoles

void revokeRoles(Session session,
                 Set<String> roles,
                 Set<TrinoPrincipal> grantees,
                 boolean adminOption,
                 Optional<TrinoPrincipal> grantor)

Revokes the specified roles from the specified grantees.

Parameters:: grantor - represents the principal specified by GRANTED BY statement

listApplicableRoles

Set<RoleGrant> listApplicableRoles(Session session,
                                   TrinoPrincipal principal)

List applicable roles, including the transitive grants, for the specified principal

listEnabledRoles
```
Set<String> listEnabledRoles(Identity identity)
```
List applicable roles, including the transitive grants, in given identity

grantSchemaPrivileges

void grantSchemaPrivileges(Session session,
                           CatalogSchemaName schemaName,
                           Set<Privilege> privileges,
                           TrinoPrincipal grantee,
                           boolean grantOption)

Grants the specified privilege to the specified user on the specified schema.

denySchemaPrivileges

void denySchemaPrivileges(Session session,
                          CatalogSchemaName schemaName,
                          Set<Privilege> privileges,
                          TrinoPrincipal grantee)

Denys the specified privilege to the specified user on the specified schema.

revokeSchemaPrivileges

void revokeSchemaPrivileges(Session session,
                            CatalogSchemaName schemaName,
                            Set<Privilege> privileges,
                            TrinoPrincipal grantee,
                            boolean grantOption)

Revokes the specified privilege on the specified schema from the specified user.

grantTablePrivileges

void grantTablePrivileges(Session session,
                          QualifiedObjectName tableName,
                          Set<Privilege> privileges,
                          TrinoPrincipal grantee,
                          boolean grantOption)

Grants the specified privilege to the specified user on the specified table

denyTablePrivileges

void denyTablePrivileges(Session session,
                         QualifiedObjectName tableName,
                         Set<Privilege> privileges,
                         TrinoPrincipal grantee)

Denys the specified privilege to the specified user on the specified table

revokeTablePrivileges

void revokeTablePrivileges(Session session,
                           QualifiedObjectName tableName,
                           Set<Privilege> privileges,
                           TrinoPrincipal grantee,
                           boolean grantOption)

Revokes the specified privilege on the specified table from the specified user

listTablePrivileges

Set<GrantInfo> listTablePrivileges(Session session,
                                   QualifiedTablePrefix prefix)

Gets the privileges for the specified table available to the given grantee considering the selected session role

getSchemaOwner

Optional<TrinoPrincipal> getSchemaOwner(Session session,
                                        CatalogSchemaName schema)

Set the owner of the specified schema

setSchemaOwner

void setSchemaOwner(Session session,
                    CatalogSchemaName schema,
                    TrinoPrincipal principal)

Set the owner of the specified schema

setTableOwner

void setTableOwner(Session session,
                   CatalogSchemaTableName table,
                   TrinoPrincipal principal)

Set the owner of the specified table

getViewRunAsIdentity

Optional<Identity> getViewRunAsIdentity(Session session,
                                        CatalogSchemaTableName viewName)

Get the identity to run the view as

setViewOwner

void setViewOwner(Session session,
                  CatalogSchemaTableName view,
                  TrinoPrincipal principal)

Set the owner of the specified view

schemaCreated

void schemaCreated(Session session,
                   CatalogSchemaName schema)

A schema was created

schemaRenamed

void schemaRenamed(Session session,
                   CatalogSchemaName sourceSchema,
                   CatalogSchemaName targetSchema)

A schema was renamed

schemaDropped

void schemaDropped(Session session,
                   CatalogSchemaName schema)

A schema was dropped

tableCreated

void tableCreated(Session session,
                  CatalogSchemaTableName table)

A table or view was created

tableRenamed

void tableRenamed(Session session,
                  CatalogSchemaTableName sourceTable,
                  CatalogSchemaTableName targetTable)

A table or view was renamed

tableDropped

void tableDropped(Session session,
                  CatalogSchemaTableName table)

A table or view was dropped

Interface SystemSecurityMetadata