Package io.trino.security

Interface AccessControl

All Known Implementing Classes:

AccessControlManager, AllowAllAccessControl, AllowAllAccessControlManager, DenyAllAccessControl, ForwardingAccessControl, TestingAccessControlManager, ViewAccessControl

public interface AccessControl

Method Summary

Modifier and Type	Method	Description
void	checkCanAddColumns(SecurityContext context, QualifiedObjectName tableName)	Check if identity is allowed to add columns to the specified table.
void	checkCanCreateMaterializedView(SecurityContext context, QualifiedObjectName materializedViewName)	Check if identity is allowed to create the specified materialized view.
void	checkCanCreateRole(SecurityContext context, String role, Optional<TrinoPrincipal> grantor, Optional<String> catalogName)	Check if identity is allowed to create the specified role.
void	checkCanCreateSchema(SecurityContext context, CatalogSchemaName schemaName)	Check if identity is allowed to create the specified schema.
void	checkCanCreateTable(SecurityContext context, QualifiedObjectName tableName)	Deprecated. use checkCanCreateTable(SecurityContext context, QualifiedObjectName tableName, Map properties)
void	checkCanCreateTable(SecurityContext context, QualifiedObjectName tableName, Map<String,Object> properties)	Check if identity is allowed to create the specified table with properties.
void	checkCanCreateView(SecurityContext context, QualifiedObjectName viewName)	Check if identity is allowed to create the specified view.
void	checkCanCreateViewWithSelectFromColumns(SecurityContext context, QualifiedObjectName tableName, Set<String> columnNames)	Check if identity is allowed to create a view that selects from the specified columns.
void	checkCanDeleteFromTable(SecurityContext context, QualifiedObjectName tableName)	Check if identity is allowed to delete from the specified table.
void	checkCanDenySchemaPrivilege(SecurityContext context, Privilege privilege, CatalogSchemaName schemaName, TrinoPrincipal grantee)	Check if identity is allowed to deny a privilege to the grantee on the specified schema.
void	checkCanDenyTablePrivilege(SecurityContext context, Privilege privilege, QualifiedObjectName tableName, TrinoPrincipal grantee)	Check if identity is allowed to deny a privilege to the grantee on the specified table.
void	checkCanDropColumn(SecurityContext context, QualifiedObjectName tableName)	Check if identity is allowed to drop columns from the specified table.
void	checkCanDropMaterializedView(SecurityContext context, QualifiedObjectName materializedViewName)	Check if identity is allowed to drop the specified materialized view.
void	checkCanDropRole(SecurityContext context, String role, Optional<String> catalogName)	Check if identity is allowed to drop the specified role.
void	checkCanDropSchema(SecurityContext context, CatalogSchemaName schemaName)	Check if identity is allowed to drop the specified schema.
void	checkCanDropTable(SecurityContext context, QualifiedObjectName tableName)	Check if identity is allowed to drop the specified table.
void	checkCanDropView(SecurityContext context, QualifiedObjectName viewName)	Check if identity is allowed to drop the specified view.
void	checkCanExecuteFunction(SecurityContext context, String functionName)	Check if identity is allowed to execute function
void	checkCanExecuteProcedure(SecurityContext context, QualifiedObjectName procedureName)	Check if identity is allowed to execute procedure
void	checkCanExecuteQuery(Identity identity)	Checks if identity can execute a query.
void	checkCanExecuteTableProcedure(SecurityContext context, QualifiedObjectName tableName, String procedureName)	Check if identity is allowed to execute given table procedure on given table
void	checkCanGrantExecuteFunctionPrivilege(SecurityContext context, String functionName, Identity grantee, boolean grantOption)	Check if identity is allowed to create a view that executes the function.
void	checkCanGrantRoles(SecurityContext context, Set<String> roles, Set<TrinoPrincipal> grantees, boolean adminOption, Optional<TrinoPrincipal> grantor, Optional<String> catalogName)	Check if identity is allowed to grant the specified roles to the specified principals.
void	checkCanGrantSchemaPrivilege(SecurityContext context, Privilege privilege, CatalogSchemaName schemaName, TrinoPrincipal grantee, boolean grantOption)	Check if identity is allowed to grant a privilege to the grantee on the specified schema.
void	checkCanGrantTablePrivilege(SecurityContext context, Privilege privilege, QualifiedObjectName tableName, TrinoPrincipal grantee, boolean grantOption)	Check if identity is allowed to grant a privilege to the grantee on the specified table.
void	checkCanImpersonateUser(Identity identity, String userName)	Check if the identity is allowed impersonate the specified user.
void	checkCanInsertIntoTable(SecurityContext context, QualifiedObjectName tableName)	Check if identity is allowed to insert into the specified table.
void	checkCanKillQueryOwnedBy(Identity identity, Identity queryOwner)	Checks if identity can kill a query owned by the specified user.
void	checkCanReadSystemInformation(Identity identity)	Check if identity is allowed to read system information such as statistics, service registry, thread stacks, etc.
void	checkCanRefreshMaterializedView(SecurityContext context, QualifiedObjectName materializedViewName)	Check if identity is allowed to refresh the specified materialized view.
void	checkCanRenameColumn(SecurityContext context, QualifiedObjectName tableName)	Check if identity is allowed to rename a column in the specified table.
void	checkCanRenameMaterializedView(SecurityContext context, QualifiedObjectName viewName, QualifiedObjectName newViewName)	Check if identity is allowed to rename the specified materialized view.
void	checkCanRenameSchema(SecurityContext context, CatalogSchemaName schemaName, String newSchemaName)	Check if identity is allowed to rename the specified schema.
void	checkCanRenameTable(SecurityContext context, QualifiedObjectName tableName, QualifiedObjectName newTableName)	Check if identity is allowed to rename the specified table.
void	checkCanRenameView(SecurityContext context, QualifiedObjectName viewName, QualifiedObjectName newViewName)	Check if identity is allowed to rename the specified view.
void	checkCanRevokeRoles(SecurityContext context, Set<String> roles, Set<TrinoPrincipal> grantees, boolean adminOption, Optional<TrinoPrincipal> grantor, Optional<String> catalogName)	Check if identity is allowed to revoke the specified roles from the specified principals.
void	checkCanRevokeSchemaPrivilege(SecurityContext context, Privilege privilege, CatalogSchemaName schemaName, TrinoPrincipal revokee, boolean grantOption)	Check if identity is allowed to revoke a privilege from the revokee on the specified schema.
void	checkCanRevokeTablePrivilege(SecurityContext context, Privilege privilege, QualifiedObjectName tableName, TrinoPrincipal revokee, boolean grantOption)	Check if identity is allowed to revoke a privilege from the revokee on the specified table.
void	checkCanSelectFromColumns(SecurityContext context, QualifiedObjectName tableName, Set<String> columnNames)	Check if identity is allowed to select from the specified columns.
void	checkCanSetCatalogRole(SecurityContext context, String role, String catalogName)	Check if identity is allowed to set role for specified catalog.
void	checkCanSetCatalogSessionProperty(SecurityContext context, String catalogName, String propertyName)	Check if identity is allowed to set the specified catalog property.
void	checkCanSetColumnComment(SecurityContext context, QualifiedObjectName tableName)	Check if identity is allowed to comment the specified column.
void	checkCanSetSchemaAuthorization(SecurityContext context, CatalogSchemaName schemaName, TrinoPrincipal principal)	Check if identity is allowed to change the specified schema's user/role.
void	checkCanSetSystemSessionProperty(Identity identity, String propertyName)	Check if identity is allowed to set the specified system property.
void	checkCanSetTableAuthorization(SecurityContext context, QualifiedObjectName tableName, TrinoPrincipal principal)	Check if identity is allowed to change the specified table's user/role.
void	checkCanSetTableComment(SecurityContext context, QualifiedObjectName tableName)	Check if identity is allowed to comment the specified table.
void	checkCanSetTableProperties(SecurityContext context, QualifiedObjectName tableName, Map<String,Object> properties)	Check if identity is allowed to set properties to the specified table.
void	checkCanSetUser(Optional<Principal> principal, String userName)	Deprecated. replaced with user mapping during authentication and checkCanImpersonateUser(io.trino.spi.security.Identity, java.lang.String)
default void	checkCanSetViewAuthorization(SecurityContext context, QualifiedObjectName view, TrinoPrincipal principal)	Check if identity is allowed to change the specified view's user/role.
void	checkCanShowColumns(SecurityContext context, CatalogSchemaTableName table)	Check if identity is allowed to show columns of tables by executing SHOW COLUMNS, DESCRIBE etc.
void	checkCanShowCreateSchema(SecurityContext context, CatalogSchemaName schemaName)	Check if identity is allowed to execute SHOW CREATE SCHEMA.
void	checkCanShowCreateTable(SecurityContext context, QualifiedObjectName tableName)	Check if identity is allowed to execute SHOW CREATE TABLE, SHOW CREATE VIEW or SHOW CREATE MATERIALIZED VIEW
void	checkCanShowCurrentRoles(SecurityContext context, Optional<String> catalogName)	Check if identity is allowed to show current roles on the specified catalog.
void	checkCanShowRoleAuthorizationDescriptors(SecurityContext context, Optional<String> catalogName)	Check if identity is allowed to show role authorization descriptors (i.e.
void	checkCanShowRoleGrants(SecurityContext context, Optional<String> catalogName)	Check if identity is allowed to show its own role grants on the specified catalog.
void	checkCanShowRoles(SecurityContext context, Optional<String> catalogName)	Check if identity is allowed to show roles on the specified catalog.
void	checkCanShowSchemas(SecurityContext context, String catalogName)	Check if identity is allowed to execute SHOW SCHEMAS in a catalog.
void	checkCanShowTables(SecurityContext context, CatalogSchemaName schema)	Check if identity is allowed to show tables by executing SHOW TABLES, SHOW GRANTS etc.
void	checkCanTruncateTable(SecurityContext context, QualifiedObjectName tableName)	Check if identity is allowed to truncate the specified table.
void	checkCanUpdateTableColumns(SecurityContext context, QualifiedObjectName tableName, Set<String> updatedColumnNames)	Check if identity is allowed to update the specified table.
void	checkCanViewQueryOwnedBy(Identity identity, Identity queryOwner)	Checks if identity can view a query owned by the specified user.
void	checkCanWriteSystemInformation(Identity identity)	Check if identity is allowed to write system information such as marking nodes offline, or changing runtime flags.
Set<String>	filterCatalogs(Identity identity, Set<String> catalogs)	Filter the list of catalogs to those visible to the identity.
Set<String>	filterColumns(SecurityContext context, CatalogSchemaTableName tableName, Set<String> columns)	Filter the list of columns to those visible to the identity.
Collection<Identity>	filterQueriesOwnedBy(Identity identity, Collection<Identity> queryOwners)	Filter the list of users to those the identity view query owned by the user.
Set<String>	filterSchemas(SecurityContext context, String catalogName, Set<String> schemaNames)	Filter the list of schemas in a catalog to those visible to the identity.
Set<SchemaTableName>	filterTables(SecurityContext context, String catalogName, Set<SchemaTableName> tableNames)	Filter the list of tables, materialized views and views to those visible to the identity.
default List<ViewExpression>	getColumnMasks(SecurityContext context, QualifiedObjectName tableName, String columnName, Type type)
default List<ViewExpression>	getRowFilters(SecurityContext context, QualifiedObjectName tableName)

Method Detail

checkCanSetUser

@Deprecated
void checkCanSetUser(Optional<Principal> principal,
                     String userName)

Deprecated.

replaced with user mapping during authentication and checkCanImpersonateUser(io.trino.spi.security.Identity, java.lang.String)

Check if the principal is allowed to be the specified user.

Throws:

AccessDeniedException - if not allowed

checkCanImpersonateUser

void checkCanImpersonateUser(Identity identity,
                             String userName)

Check if the identity is allowed impersonate the specified user.

Throws:

AccessDeniedException - if not allowed

checkCanReadSystemInformation

void checkCanReadSystemInformation(Identity identity)

Check if identity is allowed to read system information such as statistics, service registry, thread stacks, etc. This is typically allowed for administrators and management tools.

Throws:

AccessDeniedException - if not allowed

checkCanWriteSystemInformation

void checkCanWriteSystemInformation(Identity identity)

Check if identity is allowed to write system information such as marking nodes offline, or changing runtime flags. This is typically allowed for administrators.

Throws:

AccessDeniedException - if not allowed

checkCanExecuteQuery

void checkCanExecuteQuery(Identity identity)

Checks if identity can execute a query.

Throws:

AccessDeniedException - if not allowed

checkCanViewQueryOwnedBy

void checkCanViewQueryOwnedBy(Identity identity,
                              Identity queryOwner)

Checks if identity can view a query owned by the specified user. The method will not be called when the current user is the query owner.

Throws:

AccessDeniedException - if not allowed

filterQueriesOwnedBy

Collection<Identity> filterQueriesOwnedBy(Identity identity,
                                          Collection<Identity> queryOwners)

Filter the list of users to those the identity view query owned by the user. The method will not be called with the current user in the set.

checkCanKillQueryOwnedBy

void checkCanKillQueryOwnedBy(Identity identity,
                              Identity queryOwner)

Checks if identity can kill a query owned by the specified user. The method will not be called when the current user is the query owner.

Throws:

AccessDeniedException - if not allowed

filterCatalogs

Set<String> filterCatalogs(Identity identity,
                           Set<String> catalogs)

Filter the list of catalogs to those visible to the identity.

checkCanCreateSchema

void checkCanCreateSchema(SecurityContext context,
                          CatalogSchemaName schemaName)

Check if identity is allowed to create the specified schema.

Throws:

AccessDeniedException - if not allowed

checkCanDropSchema

void checkCanDropSchema(SecurityContext context,
                        CatalogSchemaName schemaName)

Check if identity is allowed to drop the specified schema.

Throws:

AccessDeniedException - if not allowed

checkCanRenameSchema

void checkCanRenameSchema(SecurityContext context,
                          CatalogSchemaName schemaName,
                          String newSchemaName)

Check if identity is allowed to rename the specified schema.

Throws:

AccessDeniedException - if not allowed

checkCanSetSchemaAuthorization

void checkCanSetSchemaAuthorization(SecurityContext context,
                                    CatalogSchemaName schemaName,
                                    TrinoPrincipal principal)

Check if identity is allowed to change the specified schema's user/role.

Throws:

AccessDeniedException - if not allowed

checkCanShowSchemas

void checkCanShowSchemas(SecurityContext context,
                         String catalogName)

Check if identity is allowed to execute SHOW SCHEMAS in a catalog.

NOTE: This method is only present to give users an error message when listing is not allowed. The filterSchemas(io.trino.security.SecurityContext, java.lang.String, java.util.Set<java.lang.String>) method must filter all results for unauthorized users, since there are multiple ways to list schemas.

Throws:

AccessDeniedException - if not allowed

filterSchemas

Set<String> filterSchemas(SecurityContext context,
                          String catalogName,
                          Set<String> schemaNames)

Filter the list of schemas in a catalog to those visible to the identity.

checkCanShowCreateSchema

void checkCanShowCreateSchema(SecurityContext context,
                              CatalogSchemaName schemaName)

Check if identity is allowed to execute SHOW CREATE SCHEMA.

Throws:

AccessDeniedException - if not allowed

checkCanShowCreateTable

void checkCanShowCreateTable(SecurityContext context,
                             QualifiedObjectName tableName)

Check if identity is allowed to execute SHOW CREATE TABLE, SHOW CREATE VIEW or SHOW CREATE MATERIALIZED VIEW

Throws:

AccessDeniedException - if not allowed

checkCanCreateTable

@Deprecated
void checkCanCreateTable(SecurityContext context,
                         QualifiedObjectName tableName)

Deprecated.

use checkCanCreateTable(SecurityContext context, QualifiedObjectName tableName, Map properties)

Check if identity is allowed to create the specified table.

Throws:

AccessDeniedException - if not allowed

checkCanCreateTable

void checkCanCreateTable(SecurityContext context,
                         QualifiedObjectName tableName,
                         Map<String,Object> properties)

Check if identity is allowed to create the specified table with properties.

Throws:

AccessDeniedException - if not allowed

checkCanDropTable

void checkCanDropTable(SecurityContext context,
                       QualifiedObjectName tableName)

Check if identity is allowed to drop the specified table.

Throws:

AccessDeniedException - if not allowed

checkCanRenameTable

void checkCanRenameTable(SecurityContext context,
                         QualifiedObjectName tableName,
                         QualifiedObjectName newTableName)

Check if identity is allowed to rename the specified table.

Throws:

AccessDeniedException - if not allowed

checkCanSetTableProperties

void checkCanSetTableProperties(SecurityContext context,
                                QualifiedObjectName tableName,
                                Map<String,Object> properties)

Check if identity is allowed to set properties to the specified table.

Throws:

AccessDeniedException - if not allowed

checkCanSetTableComment

void checkCanSetTableComment(SecurityContext context,
                             QualifiedObjectName tableName)

Check if identity is allowed to comment the specified table.

Throws:

AccessDeniedException - if not allowed

checkCanSetColumnComment

void checkCanSetColumnComment(SecurityContext context,
                              QualifiedObjectName tableName)

Check if identity is allowed to comment the specified column.

Throws:

AccessDeniedException - if not allowed

checkCanShowTables

void checkCanShowTables(SecurityContext context,
                        CatalogSchemaName schema)

Check if identity is allowed to show tables by executing SHOW TABLES, SHOW GRANTS etc. in a catalog schema.

NOTE: This method is only present to give users an error message when listing is not allowed. The filterTables(io.trino.security.SecurityContext, java.lang.String, java.util.Set<io.trino.spi.connector.SchemaTableName>) method must filter all results for unauthorized users, since there are multiple ways to list tables.

Throws:

AccessDeniedException - if not allowed

filterTables

Set<SchemaTableName> filterTables(SecurityContext context,
                                  String catalogName,
                                  Set<SchemaTableName> tableNames)

Filter the list of tables, materialized views and views to those visible to the identity.

checkCanShowColumns

void checkCanShowColumns(SecurityContext context,
                         CatalogSchemaTableName table)

Check if identity is allowed to show columns of tables by executing SHOW COLUMNS, DESCRIBE etc.

NOTE: This method is only present to give users an error message when listing is not allowed. The filterColumns(io.trino.security.SecurityContext, io.trino.spi.connector.CatalogSchemaTableName, java.util.Set<java.lang.String>) method must filter all results for unauthorized users, since there are multiple ways to list columns.

Throws:

AccessDeniedException - if not allowed

filterColumns

Set<String> filterColumns(SecurityContext context,
                          CatalogSchemaTableName tableName,
                          Set<String> columns)

Filter the list of columns to those visible to the identity.

checkCanAddColumns

void checkCanAddColumns(SecurityContext context,
                        QualifiedObjectName tableName)

Check if identity is allowed to add columns to the specified table.

Throws:

AccessDeniedException - if not allowed

checkCanDropColumn

void checkCanDropColumn(SecurityContext context,
                        QualifiedObjectName tableName)

Check if identity is allowed to drop columns from the specified table.

Throws:

AccessDeniedException - if not allowed

checkCanSetTableAuthorization

void checkCanSetTableAuthorization(SecurityContext context,
                                   QualifiedObjectName tableName,
                                   TrinoPrincipal principal)

Check if identity is allowed to change the specified table's user/role.

Throws:

AccessDeniedException - if not allowed

checkCanRenameColumn

void checkCanRenameColumn(SecurityContext context,
                          QualifiedObjectName tableName)

Check if identity is allowed to rename a column in the specified table.

Throws:

AccessDeniedException - if not allowed

checkCanInsertIntoTable

void checkCanInsertIntoTable(SecurityContext context,
                             QualifiedObjectName tableName)

Check if identity is allowed to insert into the specified table.

Throws:

AccessDeniedException - if not allowed

checkCanDeleteFromTable

void checkCanDeleteFromTable(SecurityContext context,
                             QualifiedObjectName tableName)

Check if identity is allowed to delete from the specified table.

Throws:

AccessDeniedException - if not allowed

checkCanTruncateTable

void checkCanTruncateTable(SecurityContext context,
                           QualifiedObjectName tableName)

Check if identity is allowed to truncate the specified table.

Throws:

AccessDeniedException - if not allowed

checkCanUpdateTableColumns

void checkCanUpdateTableColumns(SecurityContext context,
                                QualifiedObjectName tableName,
                                Set<String> updatedColumnNames)

Check if identity is allowed to update the specified table.

Throws:

AccessDeniedException - if not allowed

checkCanCreateView

void checkCanCreateView(SecurityContext context,
                        QualifiedObjectName viewName)

Check if identity is allowed to create the specified view.

Throws:

AccessDeniedException - if not allowed

checkCanRenameView

void checkCanRenameView(SecurityContext context,
                        QualifiedObjectName viewName,
                        QualifiedObjectName newViewName)

Check if identity is allowed to rename the specified view.

Throws:

AccessDeniedException - if not allowed

checkCanSetViewAuthorization

default void checkCanSetViewAuthorization(SecurityContext context,
                                          QualifiedObjectName view,
                                          TrinoPrincipal principal)

Check if identity is allowed to change the specified view's user/role.

Throws:

AccessDeniedException - if not allowed

checkCanDropView

void checkCanDropView(SecurityContext context,
                      QualifiedObjectName viewName)

Check if identity is allowed to drop the specified view.

Throws:

AccessDeniedException - if not allowed

checkCanCreateViewWithSelectFromColumns

void checkCanCreateViewWithSelectFromColumns(SecurityContext context,
                                             QualifiedObjectName tableName,
                                             Set<String> columnNames)

Check if identity is allowed to create a view that selects from the specified columns.

Throws:

AccessDeniedException - if not allowed

checkCanCreateMaterializedView

void checkCanCreateMaterializedView(SecurityContext context,
                                    QualifiedObjectName materializedViewName)

Check if identity is allowed to create the specified materialized view.

Throws:

AccessDeniedException - if not allowed

checkCanRefreshMaterializedView

void checkCanRefreshMaterializedView(SecurityContext context,
                                     QualifiedObjectName materializedViewName)

Check if identity is allowed to refresh the specified materialized view.

Throws:

AccessDeniedException - if not allowed

checkCanDropMaterializedView

void checkCanDropMaterializedView(SecurityContext context,
                                  QualifiedObjectName materializedViewName)

Check if identity is allowed to drop the specified materialized view.

Throws:

AccessDeniedException - if not allowed

checkCanRenameMaterializedView

void checkCanRenameMaterializedView(SecurityContext context,
                                    QualifiedObjectName viewName,
                                    QualifiedObjectName newViewName)

Check if identity is allowed to rename the specified materialized view.

Throws:

AccessDeniedException - if not allowed

checkCanGrantExecuteFunctionPrivilege

void checkCanGrantExecuteFunctionPrivilege(SecurityContext context,
                                           String functionName,
                                           Identity grantee,
                                           boolean grantOption)

Check if identity is allowed to create a view that executes the function.

Throws:

AccessDeniedException - if not allowed

checkCanGrantSchemaPrivilege

void checkCanGrantSchemaPrivilege(SecurityContext context,
                                  Privilege privilege,
                                  CatalogSchemaName schemaName,
                                  TrinoPrincipal grantee,
                                  boolean grantOption)

Check if identity is allowed to grant a privilege to the grantee on the specified schema.

Throws:

AccessDeniedException - if not allowed

checkCanDenySchemaPrivilege

void checkCanDenySchemaPrivilege(SecurityContext context,
                                 Privilege privilege,
                                 CatalogSchemaName schemaName,
                                 TrinoPrincipal grantee)

Check if identity is allowed to deny a privilege to the grantee on the specified schema.

Throws:

AccessDeniedException - if not allowed

checkCanRevokeSchemaPrivilege

void checkCanRevokeSchemaPrivilege(SecurityContext context,
                                   Privilege privilege,
                                   CatalogSchemaName schemaName,
                                   TrinoPrincipal revokee,
                                   boolean grantOption)

Check if identity is allowed to revoke a privilege from the revokee on the specified schema.

Throws:

AccessDeniedException - if not allowed

checkCanGrantTablePrivilege

void checkCanGrantTablePrivilege(SecurityContext context,
                                 Privilege privilege,
                                 QualifiedObjectName tableName,
                                 TrinoPrincipal grantee,
                                 boolean grantOption)

Check if identity is allowed to grant a privilege to the grantee on the specified table.

Throws:

AccessDeniedException - if not allowed

checkCanDenyTablePrivilege

void checkCanDenyTablePrivilege(SecurityContext context,
                                Privilege privilege,
                                QualifiedObjectName tableName,
                                TrinoPrincipal grantee)

Check if identity is allowed to deny a privilege to the grantee on the specified table.

Throws:

AccessDeniedException - if not allowed

checkCanRevokeTablePrivilege

void checkCanRevokeTablePrivilege(SecurityContext context,
                                  Privilege privilege,
                                  QualifiedObjectName tableName,
                                  TrinoPrincipal revokee,
                                  boolean grantOption)

Check if identity is allowed to revoke a privilege from the revokee on the specified table.

Throws:

AccessDeniedException - if not allowed

checkCanSetSystemSessionProperty

void checkCanSetSystemSessionProperty(Identity identity,
                                      String propertyName)

Check if identity is allowed to set the specified system property.

Throws:

AccessDeniedException - if not allowed

checkCanSetCatalogSessionProperty

void checkCanSetCatalogSessionProperty(SecurityContext context,
                                       String catalogName,
                                       String propertyName)

Check if identity is allowed to set the specified catalog property.

Throws:

AccessDeniedException - if not allowed

checkCanSelectFromColumns

void checkCanSelectFromColumns(SecurityContext context,
                               QualifiedObjectName tableName,
                               Set<String> columnNames)

Check if identity is allowed to select from the specified columns. The column set can be empty.

Throws:

AccessDeniedException - if not allowed

checkCanCreateRole

void checkCanCreateRole(SecurityContext context,
                        String role,
                        Optional<TrinoPrincipal> grantor,
                        Optional<String> catalogName)

Check if identity is allowed to create the specified role.

Parameters:

catalogName - if present, the role catalog; otherwise the role is a system role

Throws:

AccessDeniedException - if not allowed

checkCanDropRole

void checkCanDropRole(SecurityContext context,
                      String role,
                      Optional<String> catalogName)

Check if identity is allowed to drop the specified role.

Parameters:

catalogName - if present, the role catalog; otherwise the role is a system role

Throws:

AccessDeniedException - if not allowed

checkCanGrantRoles

void checkCanGrantRoles(SecurityContext context,
                        Set<String> roles,
                        Set<TrinoPrincipal> grantees,
                        boolean adminOption,
                        Optional<TrinoPrincipal> grantor,
                        Optional<String> catalogName)

Check if identity is allowed to grant the specified roles to the specified principals.

Parameters:

catalogName - if present, the role catalog; otherwise the role is a system role

Throws:

AccessDeniedException - if not allowed

checkCanRevokeRoles

void checkCanRevokeRoles(SecurityContext context,
                         Set<String> roles,
                         Set<TrinoPrincipal> grantees,
                         boolean adminOption,
                         Optional<TrinoPrincipal> grantor,
                         Optional<String> catalogName)

Check if identity is allowed to revoke the specified roles from the specified principals.

Parameters:

catalogName - if present, the role catalog; otherwise the role is a system role

Throws:

AccessDeniedException - if not allowed

checkCanSetCatalogRole

void checkCanSetCatalogRole(SecurityContext context,
                            String role,
                            String catalogName)

Check if identity is allowed to set role for specified catalog.

Parameters:

catalogName - the role catalog

Throws:

AccessDeniedException - if not allowed

checkCanShowRoleAuthorizationDescriptors

void checkCanShowRoleAuthorizationDescriptors(SecurityContext context,
                                              Optional<String> catalogName)

Check if identity is allowed to show role authorization descriptors (i.e. RoleGrants).

Parameters:

catalogName - if present, the role catalog; otherwise the role is a system role

Throws:

AccessDeniedException - if not allowed

checkCanShowRoles

void checkCanShowRoles(SecurityContext context,
                       Optional<String> catalogName)

Check if identity is allowed to show roles on the specified catalog.

Parameters:

catalogName - if present, the role catalog; otherwise the role is a system role

Throws:

AccessDeniedException - if not allowed

checkCanShowCurrentRoles

void checkCanShowCurrentRoles(SecurityContext context,
                              Optional<String> catalogName)

Check if identity is allowed to show current roles on the specified catalog.

Parameters:

catalogName - if present, the role catalog; otherwise the role is a system role

Throws:

AccessDeniedException - if not allowed

checkCanShowRoleGrants

void checkCanShowRoleGrants(SecurityContext context,
                            Optional<String> catalogName)

Check if identity is allowed to show its own role grants on the specified catalog.

Parameters:

catalogName - if present, the role catalog; otherwise the role is a system role

Throws:

AccessDeniedException - if not allowed

checkCanExecuteProcedure

void checkCanExecuteProcedure(SecurityContext context,
                              QualifiedObjectName procedureName)

Check if identity is allowed to execute procedure

Throws:

AccessDeniedException - if not allowed

checkCanExecuteFunction

void checkCanExecuteFunction(SecurityContext context,
                             String functionName)

Check if identity is allowed to execute function

Throws:

AccessDeniedException - if not allowed

checkCanExecuteTableProcedure

void checkCanExecuteTableProcedure(SecurityContext context,
                                   QualifiedObjectName tableName,
                                   String procedureName)

Check if identity is allowed to execute given table procedure on given table

Throws:

AccessDeniedException - if not allowed

getRowFilters

default List<ViewExpression> getRowFilters(SecurityContext context,
                                           QualifiedObjectName tableName)

getColumnMasks

default List<ViewExpression> getColumnMasks(SecurityContext context,
                                            QualifiedObjectName tableName,
                                            String columnName,
                                            Type type)