Package io.trino.security
Class ViewAccessControl
java.lang.Object
io.trino.security.ForwardingAccessControl
io.trino.security.ViewAccessControl
- All Implemented Interfaces:
AccessControl
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionbooleancanCreateViewWithExecuteFunction(SecurityContext context, QualifiedObjectName functionName) Is the identity allowed to create a view that executes the specified function?booleancanExecuteFunction(SecurityContext context, QualifiedObjectName functionName) Is the identity allowed to execute function?voidcheckCanCreateViewWithSelectFromColumns(SecurityContext context, QualifiedObjectName tableName, Set<String> columnNames) Check if identity is allowed to create a view that selects from the specified columns.voidcheckCanSelectFromColumns(SecurityContext context, QualifiedObjectName tableName, Set<String> columnNames) Check if identity is allowed to select from the specified columns.protected AccessControldelegate()filterColumns(SecurityContext context, String catalogName, Map<SchemaTableName, Set<String>> tableColumns) Filter lists of columns of multiple tables to those visible to the identity.getColumnMask(SecurityContext context, QualifiedObjectName tableName, String columnName, Type type) getRowFilters(SecurityContext context, QualifiedObjectName tableName) Methods inherited from class io.trino.security.ForwardingAccessControl
checkCanAddColumns, checkCanAlterColumn, checkCanCreateCatalog, checkCanCreateFunction, checkCanCreateMaterializedView, checkCanCreateRole, checkCanCreateSchema, checkCanCreateTable, checkCanCreateView, checkCanDeleteFromTable, checkCanDenySchemaPrivilege, checkCanDenyTablePrivilege, checkCanDropCatalog, checkCanDropColumn, checkCanDropFunction, checkCanDropMaterializedView, checkCanDropRole, checkCanDropSchema, checkCanDropTable, checkCanDropView, checkCanExecuteProcedure, checkCanExecuteQuery, checkCanExecuteTableProcedure, checkCanGrantRoles, checkCanGrantSchemaPrivilege, checkCanGrantTablePrivilege, checkCanImpersonateUser, checkCanInsertIntoTable, checkCanKillQueryOwnedBy, checkCanReadSystemInformation, checkCanRefreshMaterializedView, checkCanRenameColumn, checkCanRenameMaterializedView, checkCanRenameSchema, checkCanRenameTable, checkCanRenameView, checkCanRevokeRoles, checkCanRevokeSchemaPrivilege, checkCanRevokeTablePrivilege, checkCanSetCatalogRole, checkCanSetCatalogSessionProperty, checkCanSetColumnComment, checkCanSetMaterializedViewProperties, checkCanSetSchemaAuthorization, checkCanSetSystemSessionProperty, checkCanSetTableAuthorization, checkCanSetTableComment, checkCanSetTableProperties, checkCanSetUser, checkCanSetViewAuthorization, checkCanSetViewComment, checkCanShowColumns, checkCanShowCreateSchema, checkCanShowCreateTable, checkCanShowCurrentRoles, checkCanShowFunctions, checkCanShowRoleGrants, checkCanShowRoles, checkCanShowSchemas, checkCanShowTables, checkCanTruncateTable, checkCanUpdateTableColumns, checkCanViewQueryOwnedBy, checkCanWriteSystemInformation, filterCatalogs, filterFunctions, filterQueriesOwnedBy, filterSchemas, filterTables, of
-
Constructor Details
-
ViewAccessControl
-
-
Method Details
-
delegate
- Specified by:
delegatein classForwardingAccessControl
-
checkCanSelectFromColumns
public void checkCanSelectFromColumns(SecurityContext context, QualifiedObjectName tableName, Set<String> columnNames) Description copied from interface:AccessControlCheck if identity is allowed to select from the specified columns. The column set can be empty.- Specified by:
checkCanSelectFromColumnsin interfaceAccessControl- Overrides:
checkCanSelectFromColumnsin classForwardingAccessControl
-
filterColumns
public Map<SchemaTableName,Set<String>> filterColumns(SecurityContext context, String catalogName, Map<SchemaTableName, Set<String>> tableColumns) Description copied from interface:AccessControlFilter lists of columns of multiple tables to those visible to the identity.- Specified by:
filterColumnsin interfaceAccessControl- Overrides:
filterColumnsin classForwardingAccessControl
-
checkCanCreateViewWithSelectFromColumns
public void checkCanCreateViewWithSelectFromColumns(SecurityContext context, QualifiedObjectName tableName, Set<String> columnNames) Description copied from interface:AccessControlCheck if identity is allowed to create a view that selects from the specified columns.- Specified by:
checkCanCreateViewWithSelectFromColumnsin interfaceAccessControl- Overrides:
checkCanCreateViewWithSelectFromColumnsin classForwardingAccessControl
-
canExecuteFunction
Description copied from interface:AccessControlIs the identity allowed to execute function?- Specified by:
canExecuteFunctionin interfaceAccessControl- Overrides:
canExecuteFunctionin classForwardingAccessControl
-
canCreateViewWithExecuteFunction
public boolean canCreateViewWithExecuteFunction(SecurityContext context, QualifiedObjectName functionName) Description copied from interface:AccessControlIs the identity allowed to create a view that executes the specified function?- Specified by:
canCreateViewWithExecuteFunctionin interfaceAccessControl- Overrides:
canCreateViewWithExecuteFunctionin classForwardingAccessControl
-
getRowFilters
- Specified by:
getRowFiltersin interfaceAccessControl- Overrides:
getRowFiltersin classForwardingAccessControl
-
getColumnMask
public Optional<ViewExpression> getColumnMask(SecurityContext context, QualifiedObjectName tableName, String columnName, Type type) - Specified by:
getColumnMaskin interfaceAccessControl- Overrides:
getColumnMaskin classForwardingAccessControl
-