Package io.trino.security

Class ViewAccessControl

java.lang.Object

io.trino.security.ForwardingAccessControl

io.trino.security.ViewAccessControl

All Implemented Interfaces:

AccessControl

public class ViewAccessControl
extends ForwardingAccessControl

Constructor Summary

Constructors

Constructor	Description
ViewAccessControl(AccessControl delegate, Identity invoker)

Method Summary

Modifier and Type	Method	Description
void	checkCanCreateViewWithSelectFromColumns(SecurityContext context, QualifiedObjectName tableName, Set<String> columnNames)	Check if identity is allowed to create a view that selects from the specified columns.
void	checkCanExecuteFunction(SecurityContext context, FunctionKind functionKind, QualifiedObjectName functionName)	Check if identity is allowed to execute function
void	checkCanExecuteFunction(SecurityContext context, String functionName)	Check if identity is allowed to execute function
void	checkCanGrantExecuteFunctionPrivilege(SecurityContext context, String functionName, Identity grantee, boolean grantOption)	Check if identity is allowed to create a view that executes the function.
void	checkCanSelectFromColumns(SecurityContext context, QualifiedObjectName tableName, Set<String> columnNames)	Check if identity is allowed to select from the specified columns.
protected AccessControl	delegate()
Set<String>	filterColumns(SecurityContext context, CatalogSchemaTableName tableName, Set<String> columns)	Filter the list of columns to those visible to the identity.
Map<SchemaTableName,Set<String>>	filterColumns(SecurityContext context, String catalogName, Map<SchemaTableName,Set<String>> tableColumns)	Filter lists of columns of multiple tables to those visible to the identity.
Optional<ViewExpression>	getColumnMask(SecurityContext context, QualifiedObjectName tableName, String columnName, Type type)
List<ViewExpression>	getRowFilters(SecurityContext context, QualifiedObjectName tableName)

Methods inherited from class io.trino.security.ForwardingAccessControl

checkCanAddColumns, checkCanAlterColumn, checkCanCreateCatalog, checkCanCreateMaterializedView, checkCanCreateRole, checkCanCreateSchema, checkCanCreateTable, checkCanCreateView, checkCanDeleteFromTable, checkCanDenySchemaPrivilege, checkCanDenyTablePrivilege, checkCanDropCatalog, checkCanDropColumn, checkCanDropMaterializedView, checkCanDropRole, checkCanDropSchema, checkCanDropTable, checkCanDropView, checkCanExecuteProcedure, checkCanExecuteQuery, checkCanExecuteTableProcedure, checkCanGrantExecuteFunctionPrivilege, checkCanGrantRoles, checkCanGrantSchemaPrivilege, checkCanGrantTablePrivilege, checkCanImpersonateUser, checkCanInsertIntoTable, checkCanKillQueryOwnedBy, checkCanReadSystemInformation, checkCanRefreshMaterializedView, checkCanRenameColumn, checkCanRenameMaterializedView, checkCanRenameSchema, checkCanRenameTable, checkCanRenameView, checkCanRevokeRoles, checkCanRevokeSchemaPrivilege, checkCanRevokeTablePrivilege, checkCanSetCatalogRole, checkCanSetCatalogSessionProperty, checkCanSetColumnComment, checkCanSetMaterializedViewProperties, checkCanSetSchemaAuthorization, checkCanSetSystemSessionProperty, checkCanSetTableAuthorization, checkCanSetTableComment, checkCanSetTableProperties, checkCanSetUser, checkCanSetViewAuthorization, checkCanSetViewComment, checkCanShowColumns, checkCanShowCreateSchema, checkCanShowCreateTable, checkCanShowCurrentRoles, checkCanShowRoleGrants, checkCanShowRoles, checkCanShowSchemas, checkCanShowTables, checkCanTruncateTable, checkCanUpdateTableColumns, checkCanViewQueryOwnedBy, checkCanWriteSystemInformation, filterCatalogs, filterQueriesOwnedBy, filterSchemas, filterTables, of

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

ViewAccessControl

public ViewAccessControl(AccessControl delegate,
 Identity invoker)

Method Details

delegate

protected AccessControl delegate()

Specified by:

delegate in class ForwardingAccessControl

checkCanSelectFromColumns

public void checkCanSelectFromColumns(SecurityContext context,
 QualifiedObjectName tableName,
 Set<String> columnNames)

Description copied from interface: AccessControl

Check if identity is allowed to select from the specified columns. The column set can be empty.

Specified by:

checkCanSelectFromColumns in interface AccessControl

Overrides:

checkCanSelectFromColumns in class ForwardingAccessControl

filterColumns

public Set<String> filterColumns(SecurityContext context,
 CatalogSchemaTableName tableName,
 Set<String> columns)

Description copied from interface: AccessControl

Filter the list of columns to those visible to the identity.

Specified by:

filterColumns in interface AccessControl

Overrides:

filterColumns in class ForwardingAccessControl

filterColumns

public Map<SchemaTableName,Set<String>> filterColumns(SecurityContext context,
 String catalogName,
 Map<SchemaTableName,Set<String>> tableColumns)

Description copied from interface: AccessControl

Filter lists of columns of multiple tables to those visible to the identity.

Specified by:

filterColumns in interface AccessControl

Overrides:

filterColumns in class ForwardingAccessControl

checkCanCreateViewWithSelectFromColumns

public void checkCanCreateViewWithSelectFromColumns(SecurityContext context,
 QualifiedObjectName tableName,
 Set<String> columnNames)

Description copied from interface: AccessControl

Check if identity is allowed to create a view that selects from the specified columns.

Specified by:

checkCanCreateViewWithSelectFromColumns in interface AccessControl

Overrides:

checkCanCreateViewWithSelectFromColumns in class ForwardingAccessControl

checkCanExecuteFunction

public void checkCanExecuteFunction(SecurityContext context,
 String functionName)

Description copied from interface: AccessControl

Check if identity is allowed to execute function

Specified by:

checkCanExecuteFunction in interface AccessControl

Overrides:

checkCanExecuteFunction in class ForwardingAccessControl

checkCanExecuteFunction

public void checkCanExecuteFunction(SecurityContext context,
 FunctionKind functionKind,
 QualifiedObjectName functionName)

Description copied from interface: AccessControl

Check if identity is allowed to execute function

Specified by:

checkCanExecuteFunction in interface AccessControl

Overrides:

checkCanExecuteFunction in class ForwardingAccessControl

checkCanGrantExecuteFunctionPrivilege

public void checkCanGrantExecuteFunctionPrivilege(SecurityContext context,
 String functionName,
 Identity grantee,
 boolean grantOption)

Description copied from interface: AccessControl

Check if identity is allowed to create a view that executes the function.

Specified by:

checkCanGrantExecuteFunctionPrivilege in interface AccessControl

Overrides:

checkCanGrantExecuteFunctionPrivilege in class ForwardingAccessControl

getRowFilters

public List<ViewExpression> getRowFilters(SecurityContext context,
 QualifiedObjectName tableName)

Specified by:

getRowFilters in interface AccessControl

Overrides:

getRowFilters in class ForwardingAccessControl

getColumnMask

public Optional<ViewExpression> getColumnMask(SecurityContext context,
 QualifiedObjectName tableName,
 String columnName,
 Type type)

Specified by:

getColumnMask in interface AccessControl

Overrides:

getColumnMask in class ForwardingAccessControl