Package io.trino.security
Class ViewAccessControl
- java.lang.Object
-
- io.trino.security.ForwardingAccessControl
-
- io.trino.security.ViewAccessControl
-
- All Implemented Interfaces:
AccessControl
public class ViewAccessControl extends ForwardingAccessControl
-
-
Constructor Summary
Constructors Constructor Description ViewAccessControl(AccessControl delegate, Identity invoker)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description voidcheckCanCreateViewWithSelectFromColumns(SecurityContext context, QualifiedObjectName tableName, Set<String> columnNames)Check if identity is allowed to create a view that selects from the specified columns.voidcheckCanExecuteFunction(SecurityContext context, String functionName)Check if identity is allowed to execute functionvoidcheckCanGrantExecuteFunctionPrivilege(SecurityContext context, String functionName, Identity grantee, boolean grantOption)Check if identity is allowed to create a view that executes the function.voidcheckCanSelectFromColumns(SecurityContext context, QualifiedObjectName tableName, Set<String> columnNames)Check if identity is allowed to select from the specified columns.protected AccessControldelegate()List<ViewExpression>getColumnMasks(SecurityContext context, QualifiedObjectName tableName, String columnName, Type type)List<ViewExpression>getRowFilters(SecurityContext context, QualifiedObjectName tableName)-
Methods inherited from class io.trino.security.ForwardingAccessControl
checkCanAddColumns, checkCanCreateMaterializedView, checkCanCreateRole, checkCanCreateSchema, checkCanCreateTable, checkCanCreateTable, checkCanCreateView, checkCanDeleteFromTable, checkCanDenySchemaPrivilege, checkCanDenyTablePrivilege, checkCanDropColumn, checkCanDropMaterializedView, checkCanDropRole, checkCanDropSchema, checkCanDropTable, checkCanDropView, checkCanExecuteProcedure, checkCanExecuteQuery, checkCanExecuteTableProcedure, checkCanGrantRoles, checkCanGrantSchemaPrivilege, checkCanGrantTablePrivilege, checkCanImpersonateUser, checkCanInsertIntoTable, checkCanKillQueryOwnedBy, checkCanReadSystemInformation, checkCanRefreshMaterializedView, checkCanRenameColumn, checkCanRenameMaterializedView, checkCanRenameSchema, checkCanRenameTable, checkCanRenameView, checkCanRevokeRoles, checkCanRevokeSchemaPrivilege, checkCanRevokeTablePrivilege, checkCanSetCatalogRole, checkCanSetCatalogSessionProperty, checkCanSetColumnComment, checkCanSetSchemaAuthorization, checkCanSetSystemSessionProperty, checkCanSetTableAuthorization, checkCanSetTableComment, checkCanSetTableProperties, checkCanSetUser, checkCanSetViewAuthorization, checkCanShowColumns, checkCanShowCreateSchema, checkCanShowCreateTable, checkCanShowCurrentRoles, checkCanShowRoleAuthorizationDescriptors, checkCanShowRoleGrants, checkCanShowRoles, checkCanShowSchemas, checkCanShowTables, checkCanTruncateTable, checkCanUpdateTableColumns, checkCanViewQueryOwnedBy, checkCanWriteSystemInformation, filterCatalogs, filterColumns, filterQueriesOwnedBy, filterSchemas, filterTables, of
-
-
-
-
Constructor Detail
-
ViewAccessControl
public ViewAccessControl(AccessControl delegate, Identity invoker)
-
-
Method Detail
-
delegate
protected AccessControl delegate()
- Specified by:
delegatein classForwardingAccessControl
-
checkCanSelectFromColumns
public void checkCanSelectFromColumns(SecurityContext context, QualifiedObjectName tableName, Set<String> columnNames)
Description copied from interface:AccessControlCheck if identity is allowed to select from the specified columns. The column set can be empty.- Specified by:
checkCanSelectFromColumnsin interfaceAccessControl- Overrides:
checkCanSelectFromColumnsin classForwardingAccessControl
-
checkCanCreateViewWithSelectFromColumns
public void checkCanCreateViewWithSelectFromColumns(SecurityContext context, QualifiedObjectName tableName, Set<String> columnNames)
Description copied from interface:AccessControlCheck if identity is allowed to create a view that selects from the specified columns.- Specified by:
checkCanCreateViewWithSelectFromColumnsin interfaceAccessControl- Overrides:
checkCanCreateViewWithSelectFromColumnsin classForwardingAccessControl
-
checkCanExecuteFunction
public void checkCanExecuteFunction(SecurityContext context, String functionName)
Description copied from interface:AccessControlCheck if identity is allowed to execute function- Specified by:
checkCanExecuteFunctionin interfaceAccessControl- Overrides:
checkCanExecuteFunctionin classForwardingAccessControl
-
checkCanGrantExecuteFunctionPrivilege
public void checkCanGrantExecuteFunctionPrivilege(SecurityContext context, String functionName, Identity grantee, boolean grantOption)
Description copied from interface:AccessControlCheck if identity is allowed to create a view that executes the function.- Specified by:
checkCanGrantExecuteFunctionPrivilegein interfaceAccessControl- Overrides:
checkCanGrantExecuteFunctionPrivilegein classForwardingAccessControl
-
getRowFilters
public List<ViewExpression> getRowFilters(SecurityContext context, QualifiedObjectName tableName)
- Specified by:
getRowFiltersin interfaceAccessControl- Overrides:
getRowFiltersin classForwardingAccessControl
-
getColumnMasks
public List<ViewExpression> getColumnMasks(SecurityContext context, QualifiedObjectName tableName, String columnName, Type type)
- Specified by:
getColumnMasksin interfaceAccessControl- Overrides:
getColumnMasksin classForwardingAccessControl
-
-