Package io.trino.security

Class AccessControlManager

java.lang.Object

io.trino.security.AccessControlManager

All Implemented Interfaces:

AccessControl

Direct Known Subclasses:

TestingAccessControlManager

public class AccessControlManager
extends Object
implements AccessControl

Constructor Summary

Constructors

Constructor	Description
AccessControlManager(NodeVersion nodeVersion, TransactionManager transactionManager, EventListenerManager eventListenerManager, AccessControlConfig config, io.opentelemetry.api.OpenTelemetry openTelemetry, String defaultAccessControlName)

Method Summary

Modifier and Type	Method	Description
final void	addSystemAccessControlFactory(SystemAccessControlFactory accessControlFactory)
boolean	canCreateViewWithExecuteFunction(SecurityContext securityContext, QualifiedObjectName functionName)	Is the identity allowed to create a view that executes the specified function?
boolean	canExecuteFunction(SecurityContext securityContext, QualifiedObjectName functionName)	Is the identity allowed to execute function?
void	checkCanAddColumns(SecurityContext securityContext, QualifiedObjectName tableName)	Check if identity is allowed to add columns to the specified table.
void	checkCanAlterColumn(SecurityContext securityContext, QualifiedObjectName tableName)	Check if identity is allowed to alter columns to the specified table.
void	checkCanCreateCatalog(SecurityContext securityContext, String catalog)	Check if identity is allowed to create the specified catalog.
void	checkCanCreateFunction(SecurityContext securityContext, QualifiedObjectName functionName)	Check if identity is allowed to create the specified function.
void	checkCanCreateMaterializedView(SecurityContext securityContext, QualifiedObjectName materializedViewName, Map<String,Object> properties)	Check if identity is allowed to create the specified materialized view.
void	checkCanCreateRole(SecurityContext securityContext, String role, Optional<TrinoPrincipal> grantor, Optional<String> catalogName)	Check if identity is allowed to create the specified role.
void	checkCanCreateSchema(SecurityContext securityContext, CatalogSchemaName schemaName, Map<String,Object> properties)	Check if identity is allowed to create the specified schema.
void	checkCanCreateTable(SecurityContext securityContext, QualifiedObjectName tableName, Map<String,Object> properties)	Check if identity is allowed to create the specified table with properties.
void	checkCanCreateView(SecurityContext securityContext, QualifiedObjectName viewName)	Check if identity is allowed to create the specified view.
void	checkCanCreateViewWithSelectFromColumns(SecurityContext securityContext, QualifiedObjectName tableName, Set<String> columnNames)	Check if identity is allowed to create a view that selects from the specified columns.
void	checkCanDeleteFromTable(SecurityContext securityContext, QualifiedObjectName tableName)	Check if identity is allowed to delete from the specified table.
void	checkCanDenySchemaPrivilege(SecurityContext securityContext, Privilege privilege, CatalogSchemaName schemaName, TrinoPrincipal grantee)	Check if identity is allowed to deny a privilege to the grantee on the specified schema.
void	checkCanDenyTablePrivilege(SecurityContext securityContext, Privilege privilege, QualifiedObjectName tableName, TrinoPrincipal grantee)	Check if identity is allowed to deny a privilege to the grantee on the specified table.
void	checkCanDropCatalog(SecurityContext securityContext, String catalog)	Check if identity is allowed to drop the specified catalog.
void	checkCanDropColumn(SecurityContext securityContext, QualifiedObjectName tableName)	Check if identity is allowed to drop columns from the specified table.
void	checkCanDropFunction(SecurityContext securityContext, QualifiedObjectName functionName)	Check if identity is allowed to drop the specified function.
void	checkCanDropMaterializedView(SecurityContext securityContext, QualifiedObjectName materializedViewName)	Check if identity is allowed to drop the specified materialized view.
void	checkCanDropRole(SecurityContext securityContext, String role, Optional<String> catalogName)	Check if identity is allowed to drop the specified role.
void	checkCanDropSchema(SecurityContext securityContext, CatalogSchemaName schemaName)	Check if identity is allowed to drop the specified schema.
void	checkCanDropTable(SecurityContext securityContext, QualifiedObjectName tableName)	Check if identity is allowed to drop the specified table.
void	checkCanDropView(SecurityContext securityContext, QualifiedObjectName viewName)	Check if identity is allowed to drop the specified view.
void	checkCanExecuteProcedure(SecurityContext securityContext, QualifiedObjectName procedureName)	Check if identity is allowed to execute procedure
void	checkCanExecuteQuery(Identity identity)	Checks if identity can execute a query.
void	checkCanExecuteTableProcedure(SecurityContext securityContext, QualifiedObjectName tableName, String procedureName)	Check if identity is allowed to execute given table procedure on given table
void	checkCanGrantRoles(SecurityContext securityContext, Set<String> roles, Set<TrinoPrincipal> grantees, boolean adminOption, Optional<TrinoPrincipal> grantor, Optional<String> catalogName)	Check if identity is allowed to grant the specified roles to the specified principals.
void	checkCanGrantSchemaPrivilege(SecurityContext securityContext, Privilege privilege, CatalogSchemaName schemaName, TrinoPrincipal grantee, boolean grantOption)	Check if identity is allowed to grant a privilege to the grantee on the specified schema.
void	checkCanGrantTablePrivilege(SecurityContext securityContext, Privilege privilege, QualifiedObjectName tableName, TrinoPrincipal grantee, boolean grantOption)	Check if identity is allowed to grant a privilege to the grantee on the specified table.
void	checkCanImpersonateUser(Identity identity, String userName)	Check if the identity is allowed impersonate the specified user.
void	checkCanInsertIntoTable(SecurityContext securityContext, QualifiedObjectName tableName)	Check if identity is allowed to insert into the specified table.
void	checkCanKillQueryOwnedBy(Identity identity, Identity queryOwner)	Checks if identity can kill a query owned by the specified user.
void	checkCanReadSystemInformation(Identity identity)	Check if identity is allowed to read system information such as statistics, service registry, thread stacks, etc.
void	checkCanRefreshMaterializedView(SecurityContext securityContext, QualifiedObjectName materializedViewName)	Check if identity is allowed to refresh the specified materialized view.
void	checkCanRenameColumn(SecurityContext securityContext, QualifiedObjectName tableName)	Check if identity is allowed to rename a column in the specified table.
void	checkCanRenameMaterializedView(SecurityContext securityContext, QualifiedObjectName viewName, QualifiedObjectName newViewName)	Check if identity is allowed to rename the specified materialized view.
void	checkCanRenameSchema(SecurityContext securityContext, CatalogSchemaName schemaName, String newSchemaName)	Check if identity is allowed to rename the specified schema.
void	checkCanRenameTable(SecurityContext securityContext, QualifiedObjectName tableName, QualifiedObjectName newTableName)	Check if identity is allowed to rename the specified table.
void	checkCanRenameView(SecurityContext securityContext, QualifiedObjectName viewName, QualifiedObjectName newViewName)	Check if identity is allowed to rename the specified view.
void	checkCanRevokeRoles(SecurityContext securityContext, Set<String> roles, Set<TrinoPrincipal> grantees, boolean adminOption, Optional<TrinoPrincipal> grantor, Optional<String> catalogName)	Check if identity is allowed to revoke the specified roles from the specified principals.
void	checkCanRevokeSchemaPrivilege(SecurityContext securityContext, Privilege privilege, CatalogSchemaName schemaName, TrinoPrincipal revokee, boolean grantOption)	Check if identity is allowed to revoke a privilege from the revokee on the specified schema.
void	checkCanRevokeTablePrivilege(SecurityContext securityContext, Privilege privilege, QualifiedObjectName tableName, TrinoPrincipal revokee, boolean grantOption)	Check if identity is allowed to revoke a privilege from the revokee on the specified table.
void	checkCanSelectFromColumns(SecurityContext securityContext, QualifiedObjectName tableName, Set<String> columnNames)	Check if identity is allowed to select from the specified columns.
void	checkCanSetCatalogRole(SecurityContext securityContext, String role, String catalogName)	Check if identity is allowed to set role for specified catalog.
void	checkCanSetCatalogSessionProperty(SecurityContext securityContext, String catalogName, String propertyName)	Check if identity is allowed to set the specified catalog property.
void	checkCanSetColumnComment(SecurityContext securityContext, QualifiedObjectName tableName)	Check if identity is allowed to comment the specified column.
void	checkCanSetMaterializedViewProperties(SecurityContext securityContext, QualifiedObjectName materializedViewName, Map<String,Optional<Object>> properties)	Check if identity is allowed to set the properties of the specified materialized view.
void	checkCanSetSchemaAuthorization(SecurityContext securityContext, CatalogSchemaName schemaName, TrinoPrincipal principal)	Check if identity is allowed to change the specified schema's user/role.
void	checkCanSetSystemSessionProperty(Identity identity, String propertyName)	Check if identity is allowed to set the specified system property.
void	checkCanSetTableAuthorization(SecurityContext securityContext, QualifiedObjectName tableName, TrinoPrincipal principal)	Check if identity is allowed to change the specified table's user/role.
void	checkCanSetTableComment(SecurityContext securityContext, QualifiedObjectName tableName)	Check if identity is allowed to comment the specified table.
void	checkCanSetTableProperties(SecurityContext securityContext, QualifiedObjectName tableName, Map<String,Optional<Object>> properties)	Check if identity is allowed to set properties to the specified table.
void	checkCanSetUser(Optional<Principal> principal, String userName)	Deprecated.
void	checkCanSetViewAuthorization(SecurityContext securityContext, QualifiedObjectName viewName, TrinoPrincipal principal)	Check if identity is allowed to change the specified view's user/role.
void	checkCanSetViewComment(SecurityContext securityContext, QualifiedObjectName viewName)	Check if identity is allowed to comment the specified view.
void	checkCanShowColumns(SecurityContext securityContext, CatalogSchemaTableName table)	Check if identity is allowed to show columns of tables by executing SHOW COLUMNS, DESCRIBE etc.
void	checkCanShowCreateSchema(SecurityContext securityContext, CatalogSchemaName schemaName)	Check if identity is allowed to execute SHOW CREATE SCHEMA.
void	checkCanShowCreateTable(SecurityContext securityContext, QualifiedObjectName tableName)	Check if identity is allowed to execute SHOW CREATE TABLE, SHOW CREATE VIEW or SHOW CREATE MATERIALIZED VIEW
void	checkCanShowCurrentRoles(SecurityContext securityContext, Optional<String> catalogName)	Check if identity is allowed to show current roles on the specified catalog.
void	checkCanShowFunctions(SecurityContext securityContext, CatalogSchemaName schema)	Check if identity is allowed to show functions by executing SHOW FUNCTIONS in a catalog schema.
void	checkCanShowRoleGrants(SecurityContext securityContext, Optional<String> catalogName)	Check if identity is allowed to show its own role grants on the specified catalog.
void	checkCanShowRoles(SecurityContext securityContext, Optional<String> catalogName)	Check if identity is allowed to show roles on the specified catalog.
void	checkCanShowSchemas(SecurityContext securityContext, String catalogName)	Check if identity is allowed to execute SHOW SCHEMAS in a catalog.
void	checkCanShowTables(SecurityContext securityContext, CatalogSchemaName schema)	Check if identity is allowed to show tables by executing SHOW TABLES, SHOW GRANTS etc.
void	checkCanTruncateTable(SecurityContext securityContext, QualifiedObjectName tableName)	Check if identity is allowed to truncate the specified table.
void	checkCanUpdateTableColumns(SecurityContext securityContext, QualifiedObjectName tableName, Set<String> updatedColumnNames)	Check if identity is allowed to update the specified table.
void	checkCanViewQueryOwnedBy(Identity identity, Identity queryOwner)	Checks if identity can view a query owned by the specified user.
void	checkCanWriteSystemInformation(Identity identity)	Check if identity is allowed to write system information such as marking nodes offline, or changing runtime flags.
Set<String>	filterCatalogs(SecurityContext securityContext, Set<String> catalogs)	Filter the list of catalogs to those visible to the identity.
Map<SchemaTableName,Set<String>>	filterColumns(SecurityContext securityContext, String catalogName, Map<SchemaTableName,Set<String>> tableColumns)	Filter lists of columns of multiple tables to those visible to the identity.
Set<SchemaFunctionName>	filterFunctions(SecurityContext securityContext, String catalogName, Set<SchemaFunctionName> functionNames)	Filter the list of functions to those visible to the identity.
Collection<Identity>	filterQueriesOwnedBy(Identity identity, Collection<Identity> queryOwners)	Filter the list of users to those the identity view query owned by the user.
Set<String>	filterSchemas(SecurityContext securityContext, String catalogName, Set<String> schemaNames)	Filter the list of schemas in a catalog to those visible to the identity.
Set<SchemaTableName>	filterTables(SecurityContext securityContext, String catalogName, Set<SchemaTableName> tableNames)	Filter the list of tables, materialized views and views to those visible to the identity.
io.airlift.stats.CounterStat	getAuthorizationFail()
io.airlift.stats.CounterStat	getAuthorizationSuccess()
Optional<ViewExpression>	getColumnMask(SecurityContext context, QualifiedObjectName tableName, String columnName, Type type)
List<ViewExpression>	getRowFilters(SecurityContext context, QualifiedObjectName tableName)
void	loadSystemAccessControl()
void	loadSystemAccessControl(String name, Map<String,String> properties)
void	setConnectorAccessControlProvider(CatalogServiceProvider<Optional<ConnectorAccessControl>> connectorAccessControlProvider)	Lazy registry for connector access controls due to circular dependency between access control and connector creation in CatalogManager.
void	setSystemAccessControls(List<SystemAccessControl> systemAccessControls)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

AccessControlManager

@Inject
public AccessControlManager(NodeVersion nodeVersion,
 TransactionManager transactionManager,
 EventListenerManager eventListenerManager,
 AccessControlConfig config,
 io.opentelemetry.api.OpenTelemetry openTelemetry,
 String defaultAccessControlName)

Method Details

addSystemAccessControlFactory

public final void addSystemAccessControlFactory(SystemAccessControlFactory accessControlFactory)

setConnectorAccessControlProvider

public void setConnectorAccessControlProvider(CatalogServiceProvider<Optional<ConnectorAccessControl>> connectorAccessControlProvider)

Lazy registry for connector access controls due to circular dependency between access control and connector creation in CatalogManager.

loadSystemAccessControl

public void loadSystemAccessControl()

loadSystemAccessControl

public void loadSystemAccessControl(String name,
 Map<String,String> properties)

setSystemAccessControls

public void setSystemAccessControls(List<SystemAccessControl> systemAccessControls)

checkCanImpersonateUser

public void checkCanImpersonateUser(Identity identity,
 String userName)

Description copied from interface: AccessControl

Check if the identity is allowed impersonate the specified user.

Specified by:

checkCanImpersonateUser in interface AccessControl

checkCanSetUser

@Deprecated
public void checkCanSetUser(Optional<Principal> principal,
 String userName)

Deprecated.

Description copied from interface: AccessControl

Check if the principal is allowed to be the specified user.

Specified by:

checkCanSetUser in interface AccessControl

checkCanReadSystemInformation

public void checkCanReadSystemInformation(Identity identity)

Description copied from interface: AccessControl

Check if identity is allowed to read system information such as statistics, service registry, thread stacks, etc. This is typically allowed for administrators and management tools.

Specified by:

checkCanReadSystemInformation in interface AccessControl

checkCanWriteSystemInformation

public void checkCanWriteSystemInformation(Identity identity)

Description copied from interface: AccessControl

Check if identity is allowed to write system information such as marking nodes offline, or changing runtime flags. This is typically allowed for administrators.

Specified by:

checkCanWriteSystemInformation in interface AccessControl

checkCanExecuteQuery

public void checkCanExecuteQuery(Identity identity)

Description copied from interface: AccessControl

Checks if identity can execute a query.

Specified by:

checkCanExecuteQuery in interface AccessControl

checkCanViewQueryOwnedBy

public void checkCanViewQueryOwnedBy(Identity identity,
 Identity queryOwner)

Description copied from interface: AccessControl

Checks if identity can view a query owned by the specified user. The method will not be called when the current user is the query owner.

Specified by:

checkCanViewQueryOwnedBy in interface AccessControl

filterQueriesOwnedBy

public Collection<Identity> filterQueriesOwnedBy(Identity identity,
 Collection<Identity> queryOwners)

Description copied from interface: AccessControl

Filter the list of users to those the identity view query owned by the user. The method will not be called with the current user in the set.

Specified by:

filterQueriesOwnedBy in interface AccessControl

checkCanKillQueryOwnedBy

public void checkCanKillQueryOwnedBy(Identity identity,
 Identity queryOwner)

Description copied from interface: AccessControl

Checks if identity can kill a query owned by the specified user. The method will not be called when the current user is the query owner.

Specified by:

checkCanKillQueryOwnedBy in interface AccessControl

checkCanCreateCatalog

public void checkCanCreateCatalog(SecurityContext securityContext,
 String catalog)

Description copied from interface: AccessControl

Check if identity is allowed to create the specified catalog.

Specified by:

checkCanCreateCatalog in interface AccessControl

checkCanDropCatalog

public void checkCanDropCatalog(SecurityContext securityContext,
 String catalog)

Description copied from interface: AccessControl

Check if identity is allowed to drop the specified catalog.

Specified by:

checkCanDropCatalog in interface AccessControl

filterCatalogs

public Set<String> filterCatalogs(SecurityContext securityContext,
 Set<String> catalogs)

Description copied from interface: AccessControl

Filter the list of catalogs to those visible to the identity.

Specified by:

filterCatalogs in interface AccessControl

checkCanCreateSchema

public void checkCanCreateSchema(SecurityContext securityContext,
 CatalogSchemaName schemaName,
 Map<String,Object> properties)

Description copied from interface: AccessControl

Check if identity is allowed to create the specified schema.

Specified by:

checkCanCreateSchema in interface AccessControl

checkCanDropSchema

public void checkCanDropSchema(SecurityContext securityContext,
 CatalogSchemaName schemaName)

Description copied from interface: AccessControl

Check if identity is allowed to drop the specified schema.

Specified by:

checkCanDropSchema in interface AccessControl

checkCanRenameSchema

public void checkCanRenameSchema(SecurityContext securityContext,
 CatalogSchemaName schemaName,
 String newSchemaName)

Description copied from interface: AccessControl

Check if identity is allowed to rename the specified schema.

Specified by:

checkCanRenameSchema in interface AccessControl

checkCanSetSchemaAuthorization

public void checkCanSetSchemaAuthorization(SecurityContext securityContext,
 CatalogSchemaName schemaName,
 TrinoPrincipal principal)

Description copied from interface: AccessControl

Check if identity is allowed to change the specified schema's user/role.

Specified by:

checkCanSetSchemaAuthorization in interface AccessControl

checkCanShowSchemas

public void checkCanShowSchemas(SecurityContext securityContext,
 String catalogName)

Description copied from interface: AccessControl

Check if identity is allowed to execute SHOW SCHEMAS in a catalog.

NOTE: This method is only present to give users an error message when listing is not allowed. The AccessControl.filterSchemas(io.trino.security.SecurityContext, java.lang.String, java.util.Set<java.lang.String>) method must filter all results for unauthorized users, since there are multiple ways to list schemas.

Specified by:

checkCanShowSchemas in interface AccessControl

filterSchemas

public Set<String> filterSchemas(SecurityContext securityContext,
 String catalogName,
 Set<String> schemaNames)

Description copied from interface: AccessControl

Filter the list of schemas in a catalog to those visible to the identity.

Specified by:

filterSchemas in interface AccessControl

checkCanShowCreateSchema

public void checkCanShowCreateSchema(SecurityContext securityContext,
 CatalogSchemaName schemaName)

Description copied from interface: AccessControl

Check if identity is allowed to execute SHOW CREATE SCHEMA.

Specified by:

checkCanShowCreateSchema in interface AccessControl

checkCanShowCreateTable

public void checkCanShowCreateTable(SecurityContext securityContext,
 QualifiedObjectName tableName)

Description copied from interface: AccessControl

Check if identity is allowed to execute SHOW CREATE TABLE, SHOW CREATE VIEW or SHOW CREATE MATERIALIZED VIEW

Specified by:

checkCanShowCreateTable in interface AccessControl

checkCanCreateTable

public void checkCanCreateTable(SecurityContext securityContext,
 QualifiedObjectName tableName,
 Map<String,Object> properties)

Description copied from interface: AccessControl

Check if identity is allowed to create the specified table with properties.

Specified by:

checkCanCreateTable in interface AccessControl

checkCanDropTable

public void checkCanDropTable(SecurityContext securityContext,
 QualifiedObjectName tableName)

Description copied from interface: AccessControl

Check if identity is allowed to drop the specified table.

Specified by:

checkCanDropTable in interface AccessControl

checkCanRenameTable

public void checkCanRenameTable(SecurityContext securityContext,
 QualifiedObjectName tableName,
 QualifiedObjectName newTableName)

Description copied from interface: AccessControl

Check if identity is allowed to rename the specified table.

Specified by:

checkCanRenameTable in interface AccessControl

checkCanSetTableProperties

public void checkCanSetTableProperties(SecurityContext securityContext,
 QualifiedObjectName tableName,
 Map<String,Optional<Object>> properties)

Description copied from interface: AccessControl

Check if identity is allowed to set properties to the specified table.

Specified by:

checkCanSetTableProperties in interface AccessControl

checkCanSetTableComment

public void checkCanSetTableComment(SecurityContext securityContext,
 QualifiedObjectName tableName)

Description copied from interface: AccessControl

Check if identity is allowed to comment the specified table.

Specified by:

checkCanSetTableComment in interface AccessControl

checkCanSetViewComment

public void checkCanSetViewComment(SecurityContext securityContext,
 QualifiedObjectName viewName)

Description copied from interface: AccessControl

Check if identity is allowed to comment the specified view.

Specified by:

checkCanSetViewComment in interface AccessControl

checkCanSetColumnComment

public void checkCanSetColumnComment(SecurityContext securityContext,
 QualifiedObjectName tableName)

Description copied from interface: AccessControl

Check if identity is allowed to comment the specified column.

Specified by:

checkCanSetColumnComment in interface AccessControl

checkCanShowTables

public void checkCanShowTables(SecurityContext securityContext,
 CatalogSchemaName schema)

Description copied from interface: AccessControl

Check if identity is allowed to show tables by executing SHOW TABLES, SHOW GRANTS etc. in a catalog schema.

NOTE: This method is only present to give users an error message when listing is not allowed. The AccessControl.filterTables(io.trino.security.SecurityContext, java.lang.String, java.util.Set<io.trino.spi.connector.SchemaTableName>) method must filter all results for unauthorized users, since there are multiple ways to list tables.

Specified by:

checkCanShowTables in interface AccessControl

filterTables

public Set<SchemaTableName> filterTables(SecurityContext securityContext,
 String catalogName,
 Set<SchemaTableName> tableNames)

Description copied from interface: AccessControl

Filter the list of tables, materialized views and views to those visible to the identity.

Specified by:

filterTables in interface AccessControl

checkCanShowColumns

public void checkCanShowColumns(SecurityContext securityContext,
 CatalogSchemaTableName table)

Description copied from interface: AccessControl

Check if identity is allowed to show columns of tables by executing SHOW COLUMNS, DESCRIBE etc.

NOTE: This method is only present to give users an error message when listing is not allowed. The AccessControl.filterColumns(io.trino.security.SecurityContext, java.lang.String, java.util.Map<io.trino.spi.connector.SchemaTableName, java.util.Set<java.lang.String>>) method must filter all results for unauthorized users, since there are multiple ways to list columns.

Specified by:

checkCanShowColumns in interface AccessControl

filterColumns

public Map<SchemaTableName,Set<String>> filterColumns(SecurityContext securityContext,
 String catalogName,
 Map<SchemaTableName,Set<String>> tableColumns)

Description copied from interface: AccessControl

Filter lists of columns of multiple tables to those visible to the identity.

Specified by:

filterColumns in interface AccessControl

checkCanAddColumns

public void checkCanAddColumns(SecurityContext securityContext,
 QualifiedObjectName tableName)

Description copied from interface: AccessControl

Check if identity is allowed to add columns to the specified table.

Specified by:

checkCanAddColumns in interface AccessControl

checkCanAlterColumn

public void checkCanAlterColumn(SecurityContext securityContext,
 QualifiedObjectName tableName)

Description copied from interface: AccessControl

Check if identity is allowed to alter columns to the specified table.

Specified by:

checkCanAlterColumn in interface AccessControl

checkCanDropColumn

public void checkCanDropColumn(SecurityContext securityContext,
 QualifiedObjectName tableName)

Description copied from interface: AccessControl

Check if identity is allowed to drop columns from the specified table.

Specified by:

checkCanDropColumn in interface AccessControl

checkCanRenameColumn

public void checkCanRenameColumn(SecurityContext securityContext,
 QualifiedObjectName tableName)

Description copied from interface: AccessControl

Check if identity is allowed to rename a column in the specified table.

Specified by:

checkCanRenameColumn in interface AccessControl

checkCanSetTableAuthorization

public void checkCanSetTableAuthorization(SecurityContext securityContext,
 QualifiedObjectName tableName,
 TrinoPrincipal principal)

Description copied from interface: AccessControl

Check if identity is allowed to change the specified table's user/role.

Specified by:

checkCanSetTableAuthorization in interface AccessControl

checkCanInsertIntoTable

public void checkCanInsertIntoTable(SecurityContext securityContext,
 QualifiedObjectName tableName)

Description copied from interface: AccessControl

Check if identity is allowed to insert into the specified table.

Specified by:

checkCanInsertIntoTable in interface AccessControl

checkCanDeleteFromTable

public void checkCanDeleteFromTable(SecurityContext securityContext,
 QualifiedObjectName tableName)

Description copied from interface: AccessControl

Check if identity is allowed to delete from the specified table.

Specified by:

checkCanDeleteFromTable in interface AccessControl

checkCanTruncateTable

public void checkCanTruncateTable(SecurityContext securityContext,
 QualifiedObjectName tableName)

Description copied from interface: AccessControl

Check if identity is allowed to truncate the specified table.

Specified by:

checkCanTruncateTable in interface AccessControl

checkCanUpdateTableColumns

public void checkCanUpdateTableColumns(SecurityContext securityContext,
 QualifiedObjectName tableName,
 Set<String> updatedColumnNames)

Description copied from interface: AccessControl

Check if identity is allowed to update the specified table.

Specified by:

checkCanUpdateTableColumns in interface AccessControl

checkCanCreateView

public void checkCanCreateView(SecurityContext securityContext,
 QualifiedObjectName viewName)

Description copied from interface: AccessControl

Check if identity is allowed to create the specified view.

Specified by:

checkCanCreateView in interface AccessControl

checkCanRenameView

public void checkCanRenameView(SecurityContext securityContext,
 QualifiedObjectName viewName,
 QualifiedObjectName newViewName)

Description copied from interface: AccessControl

Check if identity is allowed to rename the specified view.

Specified by:

checkCanRenameView in interface AccessControl

checkCanSetViewAuthorization

public void checkCanSetViewAuthorization(SecurityContext securityContext,
 QualifiedObjectName viewName,
 TrinoPrincipal principal)

Description copied from interface: AccessControl

Check if identity is allowed to change the specified view's user/role.

Specified by:

checkCanSetViewAuthorization in interface AccessControl

checkCanDropView

public void checkCanDropView(SecurityContext securityContext,
 QualifiedObjectName viewName)

Description copied from interface: AccessControl

Check if identity is allowed to drop the specified view.

Specified by:

checkCanDropView in interface AccessControl

checkCanCreateViewWithSelectFromColumns

public void checkCanCreateViewWithSelectFromColumns(SecurityContext securityContext,
 QualifiedObjectName tableName,
 Set<String> columnNames)

Description copied from interface: AccessControl

Check if identity is allowed to create a view that selects from the specified columns.

Specified by:

checkCanCreateViewWithSelectFromColumns in interface AccessControl

checkCanCreateMaterializedView

public void checkCanCreateMaterializedView(SecurityContext securityContext,
 QualifiedObjectName materializedViewName,
 Map<String,Object> properties)

Description copied from interface: AccessControl

Check if identity is allowed to create the specified materialized view.

Specified by:

checkCanCreateMaterializedView in interface AccessControl

checkCanRefreshMaterializedView

public void checkCanRefreshMaterializedView(SecurityContext securityContext,
 QualifiedObjectName materializedViewName)

Description copied from interface: AccessControl

Check if identity is allowed to refresh the specified materialized view.

Specified by:

checkCanRefreshMaterializedView in interface AccessControl

checkCanDropMaterializedView

public void checkCanDropMaterializedView(SecurityContext securityContext,
 QualifiedObjectName materializedViewName)

Description copied from interface: AccessControl

Check if identity is allowed to drop the specified materialized view.

Specified by:

checkCanDropMaterializedView in interface AccessControl

checkCanRenameMaterializedView

public void checkCanRenameMaterializedView(SecurityContext securityContext,
 QualifiedObjectName viewName,
 QualifiedObjectName newViewName)

Description copied from interface: AccessControl

Check if identity is allowed to rename the specified materialized view.

Specified by:

checkCanRenameMaterializedView in interface AccessControl

checkCanSetMaterializedViewProperties

public void checkCanSetMaterializedViewProperties(SecurityContext securityContext,
 QualifiedObjectName materializedViewName,
 Map<String,Optional<Object>> properties)

Description copied from interface: AccessControl

Check if identity is allowed to set the properties of the specified materialized view.

Specified by:

checkCanSetMaterializedViewProperties in interface AccessControl

checkCanGrantSchemaPrivilege

public void checkCanGrantSchemaPrivilege(SecurityContext securityContext,
 Privilege privilege,
 CatalogSchemaName schemaName,
 TrinoPrincipal grantee,
 boolean grantOption)

Description copied from interface: AccessControl

Check if identity is allowed to grant a privilege to the grantee on the specified schema.

Specified by:

checkCanGrantSchemaPrivilege in interface AccessControl

checkCanDenySchemaPrivilege

public void checkCanDenySchemaPrivilege(SecurityContext securityContext,
 Privilege privilege,
 CatalogSchemaName schemaName,
 TrinoPrincipal grantee)

Description copied from interface: AccessControl

Check if identity is allowed to deny a privilege to the grantee on the specified schema.

Specified by:

checkCanDenySchemaPrivilege in interface AccessControl

checkCanRevokeSchemaPrivilege

public void checkCanRevokeSchemaPrivilege(SecurityContext securityContext,
 Privilege privilege,
 CatalogSchemaName schemaName,
 TrinoPrincipal revokee,
 boolean grantOption)

Description copied from interface: AccessControl

Check if identity is allowed to revoke a privilege from the revokee on the specified schema.

Specified by:

checkCanRevokeSchemaPrivilege in interface AccessControl

checkCanGrantTablePrivilege

public void checkCanGrantTablePrivilege(SecurityContext securityContext,
 Privilege privilege,
 QualifiedObjectName tableName,
 TrinoPrincipal grantee,
 boolean grantOption)

Description copied from interface: AccessControl

Check if identity is allowed to grant a privilege to the grantee on the specified table.

Specified by:

checkCanGrantTablePrivilege in interface AccessControl

checkCanDenyTablePrivilege

public void checkCanDenyTablePrivilege(SecurityContext securityContext,
 Privilege privilege,
 QualifiedObjectName tableName,
 TrinoPrincipal grantee)

Description copied from interface: AccessControl

Check if identity is allowed to deny a privilege to the grantee on the specified table.

Specified by:

checkCanDenyTablePrivilege in interface AccessControl

checkCanRevokeTablePrivilege

public void checkCanRevokeTablePrivilege(SecurityContext securityContext,
 Privilege privilege,
 QualifiedObjectName tableName,
 TrinoPrincipal revokee,
 boolean grantOption)

Description copied from interface: AccessControl

Check if identity is allowed to revoke a privilege from the revokee on the specified table.

Specified by:

checkCanRevokeTablePrivilege in interface AccessControl

checkCanSetSystemSessionProperty

public void checkCanSetSystemSessionProperty(Identity identity,
 String propertyName)

Description copied from interface: AccessControl

Check if identity is allowed to set the specified system property.

Specified by:

checkCanSetSystemSessionProperty in interface AccessControl

checkCanSetCatalogSessionProperty

public void checkCanSetCatalogSessionProperty(SecurityContext securityContext,
 String catalogName,
 String propertyName)

Description copied from interface: AccessControl

Check if identity is allowed to set the specified catalog property.

Specified by:

checkCanSetCatalogSessionProperty in interface AccessControl

checkCanSelectFromColumns

public void checkCanSelectFromColumns(SecurityContext securityContext,
 QualifiedObjectName tableName,
 Set<String> columnNames)

Description copied from interface: AccessControl

Check if identity is allowed to select from the specified columns. The column set can be empty.

Specified by:

checkCanSelectFromColumns in interface AccessControl

checkCanCreateRole

public void checkCanCreateRole(SecurityContext securityContext,
 String role,
 Optional<TrinoPrincipal> grantor,
 Optional<String> catalogName)

Description copied from interface: AccessControl

Check if identity is allowed to create the specified role.

Specified by:

checkCanCreateRole in interface AccessControl

Parameters:

catalogName - if present, the role catalog; otherwise the role is a system role

checkCanDropRole

public void checkCanDropRole(SecurityContext securityContext,
 String role,
 Optional<String> catalogName)

Description copied from interface: AccessControl

Check if identity is allowed to drop the specified role.

Specified by:

checkCanDropRole in interface AccessControl

Parameters:

catalogName - if present, the role catalog; otherwise the role is a system role

checkCanGrantRoles

public void checkCanGrantRoles(SecurityContext securityContext,
 Set<String> roles,
 Set<TrinoPrincipal> grantees,
 boolean adminOption,
 Optional<TrinoPrincipal> grantor,
 Optional<String> catalogName)

Description copied from interface: AccessControl

Check if identity is allowed to grant the specified roles to the specified principals.

Specified by:

checkCanGrantRoles in interface AccessControl

Parameters:

catalogName - if present, the role catalog; otherwise the role is a system role

checkCanRevokeRoles

public void checkCanRevokeRoles(SecurityContext securityContext,
 Set<String> roles,
 Set<TrinoPrincipal> grantees,
 boolean adminOption,
 Optional<TrinoPrincipal> grantor,
 Optional<String> catalogName)

Description copied from interface: AccessControl

Check if identity is allowed to revoke the specified roles from the specified principals.

Specified by:

checkCanRevokeRoles in interface AccessControl

Parameters:

catalogName - if present, the role catalog; otherwise the role is a system role

checkCanSetCatalogRole

public void checkCanSetCatalogRole(SecurityContext securityContext,
 String role,
 String catalogName)

Description copied from interface: AccessControl

Check if identity is allowed to set role for specified catalog.

Specified by:

checkCanSetCatalogRole in interface AccessControl

Parameters:

catalogName - the role catalog

checkCanShowRoles

public void checkCanShowRoles(SecurityContext securityContext,
 Optional<String> catalogName)

Description copied from interface: AccessControl

Check if identity is allowed to show roles on the specified catalog.

Specified by:

checkCanShowRoles in interface AccessControl

Parameters:

catalogName - if present, the role catalog; otherwise the role is a system role

checkCanShowCurrentRoles

public void checkCanShowCurrentRoles(SecurityContext securityContext,
 Optional<String> catalogName)

Description copied from interface: AccessControl

Check if identity is allowed to show current roles on the specified catalog.

Specified by:

checkCanShowCurrentRoles in interface AccessControl

Parameters:

catalogName - if present, the role catalog; otherwise the role is a system role

checkCanShowRoleGrants

public void checkCanShowRoleGrants(SecurityContext securityContext,
 Optional<String> catalogName)

Description copied from interface: AccessControl

Check if identity is allowed to show its own role grants on the specified catalog.

Specified by:

checkCanShowRoleGrants in interface AccessControl

Parameters:

catalogName - if present, the role catalog; otherwise the role is a system role

checkCanExecuteProcedure

public void checkCanExecuteProcedure(SecurityContext securityContext,
 QualifiedObjectName procedureName)

Description copied from interface: AccessControl

Check if identity is allowed to execute procedure

Specified by:

checkCanExecuteProcedure in interface AccessControl

canExecuteFunction

public boolean canExecuteFunction(SecurityContext securityContext,
 QualifiedObjectName functionName)

Description copied from interface: AccessControl

Is the identity allowed to execute function?

Specified by:

canExecuteFunction in interface AccessControl

canCreateViewWithExecuteFunction

public boolean canCreateViewWithExecuteFunction(SecurityContext securityContext,
 QualifiedObjectName functionName)

Description copied from interface: AccessControl

Is the identity allowed to create a view that executes the specified function?

Specified by:

canCreateViewWithExecuteFunction in interface AccessControl

checkCanExecuteTableProcedure

public void checkCanExecuteTableProcedure(SecurityContext securityContext,
 QualifiedObjectName tableName,
 String procedureName)

Description copied from interface: AccessControl

Check if identity is allowed to execute given table procedure on given table

Specified by:

checkCanExecuteTableProcedure in interface AccessControl

checkCanShowFunctions

public void checkCanShowFunctions(SecurityContext securityContext,
 CatalogSchemaName schema)

Description copied from interface: AccessControl

Check if identity is allowed to show functions by executing SHOW FUNCTIONS in a catalog schema.

NOTE: This method is only present to give users an error message when listing is not allowed. The AccessControl.filterFunctions(io.trino.security.SecurityContext, java.lang.String, java.util.Set<io.trino.spi.function.SchemaFunctionName>) method must filter all results for unauthorized users, since there are multiple ways to list functions.

Specified by:

checkCanShowFunctions in interface AccessControl

filterFunctions

public Set<SchemaFunctionName> filterFunctions(SecurityContext securityContext,
 String catalogName,
 Set<SchemaFunctionName> functionNames)

Description copied from interface: AccessControl

Filter the list of functions to those visible to the identity.

Specified by:

filterFunctions in interface AccessControl

checkCanCreateFunction

public void checkCanCreateFunction(SecurityContext securityContext,
 QualifiedObjectName functionName)

Description copied from interface: AccessControl

Check if identity is allowed to create the specified function.

Specified by:

checkCanCreateFunction in interface AccessControl

checkCanDropFunction

public void checkCanDropFunction(SecurityContext securityContext,
 QualifiedObjectName functionName)

Description copied from interface: AccessControl

Check if identity is allowed to drop the specified function.

Specified by:

checkCanDropFunction in interface AccessControl

getRowFilters

public List<ViewExpression> getRowFilters(SecurityContext context,
 QualifiedObjectName tableName)

Specified by:

getRowFilters in interface AccessControl

getColumnMask

public Optional<ViewExpression> getColumnMask(SecurityContext context,
 QualifiedObjectName tableName,
 String columnName,
 Type type)

Specified by:

getColumnMask in interface AccessControl

getAuthorizationSuccess

public io.airlift.stats.CounterStat getAuthorizationSuccess()

getAuthorizationFail

public io.airlift.stats.CounterStat getAuthorizationFail()