Package io.trino.metadata
Interface SystemSecurityMetadata
- All Known Implementing Classes:
DisabledSystemSecurityMetadata
public interface SystemSecurityMetadata
-
Method Summary
Modifier and TypeMethodDescriptionvoidcolumnCreated(Session session, CatalogSchemaTableName table, String column) A column was createdvoidcolumnDropped(Session session, CatalogSchemaTableName table, String column) A column was droppedvoidcolumnNotNullConstraintDropped(Session session, CatalogSchemaTableName table, String column) Column's NOT NULL constraint was droppedvoidcolumnRenamed(Session session, CatalogSchemaTableName table, String oldName, String newName) A column was renamedvoidcolumnTypeChanged(Session session, CatalogSchemaTableName table, String column, String oldType, String newType) Column type was changedvoidcreateRole(Session session, String role, Optional<TrinoPrincipal> grantor) Creates the specified role.default voiddenyEntityPrivileges(Session session, EntityKindAndName entity, Set<EntityPrivilege> privileges, TrinoPrincipal grantee) Deny the specified privilege to the specified principal on the specified entityvoiddenySchemaPrivileges(Session session, CatalogSchemaName schemaName, Set<Privilege> privileges, TrinoPrincipal grantee) Denys the specified privilege to the specified user on the specified schema.voiddenyTablePrivileges(Session session, QualifiedObjectName tableName, Set<Privilege> privileges, TrinoPrincipal grantee) Denys the specified privilege to the specified user on the specified tablevoidDrops the specified role.default Set<EntityPrivilege> getAllEntityKindPrivileges(String entityKind) getFunctionRunAsIdentity(Session session, CatalogSchemaFunctionName functionName) Get the identity to run the function asgetSchemaOwner(Session session, CatalogSchemaName schema) Set the owner of the specified schemagetViewRunAsIdentity(Session session, CatalogSchemaTableName viewName) Get the identity to run the view asdefault voidgrantEntityPrivileges(Session session, EntityKindAndName entity, Set<EntityPrivilege> privileges, TrinoPrincipal grantee, boolean grantOption) Grants the specified privilege to the specified user on the specified entityvoidgrantRoles(Session session, Set<String> roles, Set<TrinoPrincipal> grantees, boolean adminOption, Optional<TrinoPrincipal> grantor) Grants the specified roles to the specified grantees.voidgrantSchemaPrivileges(Session session, CatalogSchemaName schemaName, Set<Privilege> privileges, TrinoPrincipal grantee, boolean grantOption) Grants the specified privilege to the specified user on the specified schema.voidgrantTablePrivileges(Session session, QualifiedObjectName tableName, Set<Privilege> privileges, TrinoPrincipal grantee, boolean grantOption) Grants the specified privilege to the specified user on the specified tablelistApplicableRoles(Session session, TrinoPrincipal principal) List applicable roles, including the transitive grants, for the specified principallistEnabledRoles(Identity identity) List applicable roles, including the transitive grants, in given identitylistRoleGrants(Session session, TrinoPrincipal principal) List roles grants for a given principal, not recursively.List available roles.listTablePrivileges(Session session, QualifiedTablePrefix prefix) Gets the privileges for the specified table available to the given grantee considering the selected session roledefault voidrevokeEntityPrivileges(Session session, EntityKindAndName entity, Set<EntityPrivilege> privileges, TrinoPrincipal grantee, boolean grantOption) Revokes the specified privilege on the specified entity from the specified uservoidrevokeRoles(Session session, Set<String> roles, Set<TrinoPrincipal> grantees, boolean adminOption, Optional<TrinoPrincipal> grantor) Revokes the specified roles from the specified grantees.voidrevokeSchemaPrivileges(Session session, CatalogSchemaName schemaName, Set<Privilege> privileges, TrinoPrincipal grantee, boolean grantOption) Revokes the specified privilege on the specified schema from the specified user.voidrevokeTablePrivileges(Session session, QualifiedObjectName tableName, Set<Privilege> privileges, TrinoPrincipal grantee, boolean grantOption) Revokes the specified privilege on the specified table from the specified userbooleanroleExists(Session session, String role) Does the specified role exist.voidschemaCreated(Session session, CatalogSchemaName schema) A schema was createdvoidschemaDropped(Session session, CatalogSchemaName schema) A schema was droppedvoidschemaRenamed(Session session, CatalogSchemaName sourceSchema, CatalogSchemaName targetSchema) A schema was renamedvoidsetSchemaOwner(Session session, CatalogSchemaName schema, TrinoPrincipal principal) Set the owner of the specified schemavoidsetTableOwner(Session session, CatalogSchemaTableName table, TrinoPrincipal principal) Set the owner of the specified tablevoidsetViewOwner(Session session, CatalogSchemaTableName view, TrinoPrincipal principal) Set the owner of the specified viewvoidtableCreated(Session session, CatalogSchemaTableName table) A table or view was createdvoidtableDropped(Session session, CatalogSchemaTableName table) A table or view was droppedvoidtableRenamed(Session session, CatalogSchemaTableName sourceTable, CatalogSchemaTableName targetTable) A table or view was renameddefault voidvalidateEntityKindAndPrivileges(Session session, String entityKind, Set<String> privileges) Throws an exception if the entityKind is not supported, or if the privileges are not supported for the entityKind
-
Method Details
-
roleExists
Does the specified role exist. -
createRole
Creates the specified role.- Parameters:
grantor- represents the principal specified by WITH ADMIN statement
-
dropRole
Drops the specified role. -
listRoles
List available roles. -
listRoleGrants
List roles grants for a given principal, not recursively. -
grantRoles
void grantRoles(Session session, Set<String> roles, Set<TrinoPrincipal> grantees, boolean adminOption, Optional<TrinoPrincipal> grantor) Grants the specified roles to the specified grantees.- Parameters:
grantor- represents the principal specified by GRANTED BY statement
-
revokeRoles
void revokeRoles(Session session, Set<String> roles, Set<TrinoPrincipal> grantees, boolean adminOption, Optional<TrinoPrincipal> grantor) Revokes the specified roles from the specified grantees.- Parameters:
grantor- represents the principal specified by GRANTED BY statement
-
listApplicableRoles
List applicable roles, including the transitive grants, for the specified principal -
listEnabledRoles
List applicable roles, including the transitive grants, in given identity -
grantSchemaPrivileges
void grantSchemaPrivileges(Session session, CatalogSchemaName schemaName, Set<Privilege> privileges, TrinoPrincipal grantee, boolean grantOption) Grants the specified privilege to the specified user on the specified schema. -
denySchemaPrivileges
void denySchemaPrivileges(Session session, CatalogSchemaName schemaName, Set<Privilege> privileges, TrinoPrincipal grantee) Denys the specified privilege to the specified user on the specified schema. -
revokeSchemaPrivileges
void revokeSchemaPrivileges(Session session, CatalogSchemaName schemaName, Set<Privilege> privileges, TrinoPrincipal grantee, boolean grantOption) Revokes the specified privilege on the specified schema from the specified user. -
grantTablePrivileges
void grantTablePrivileges(Session session, QualifiedObjectName tableName, Set<Privilege> privileges, TrinoPrincipal grantee, boolean grantOption) Grants the specified privilege to the specified user on the specified table -
denyTablePrivileges
void denyTablePrivileges(Session session, QualifiedObjectName tableName, Set<Privilege> privileges, TrinoPrincipal grantee) Denys the specified privilege to the specified user on the specified table -
revokeTablePrivileges
void revokeTablePrivileges(Session session, QualifiedObjectName tableName, Set<Privilege> privileges, TrinoPrincipal grantee, boolean grantOption) Revokes the specified privilege on the specified table from the specified user -
listTablePrivileges
Gets the privileges for the specified table available to the given grantee considering the selected session role -
getAllEntityKindPrivileges
-
grantEntityPrivileges
default void grantEntityPrivileges(Session session, EntityKindAndName entity, Set<EntityPrivilege> privileges, TrinoPrincipal grantee, boolean grantOption) Grants the specified privilege to the specified user on the specified entity -
denyEntityPrivileges
default void denyEntityPrivileges(Session session, EntityKindAndName entity, Set<EntityPrivilege> privileges, TrinoPrincipal grantee) Deny the specified privilege to the specified principal on the specified entity -
revokeEntityPrivileges
default void revokeEntityPrivileges(Session session, EntityKindAndName entity, Set<EntityPrivilege> privileges, TrinoPrincipal grantee, boolean grantOption) Revokes the specified privilege on the specified entity from the specified user -
validateEntityKindAndPrivileges
default void validateEntityKindAndPrivileges(Session session, String entityKind, Set<String> privileges) Throws an exception if the entityKind is not supported, or if the privileges are not supported for the entityKind -
getSchemaOwner
Set the owner of the specified schema -
setSchemaOwner
Set the owner of the specified schema -
setTableOwner
Set the owner of the specified table -
getViewRunAsIdentity
Get the identity to run the view as -
setViewOwner
Set the owner of the specified view -
getFunctionRunAsIdentity
Optional<Identity> getFunctionRunAsIdentity(Session session, CatalogSchemaFunctionName functionName) Get the identity to run the function as -
schemaCreated
A schema was created -
schemaRenamed
A schema was renamed -
schemaDropped
A schema was dropped -
tableCreated
A table or view was created -
tableRenamed
void tableRenamed(Session session, CatalogSchemaTableName sourceTable, CatalogSchemaTableName targetTable) A table or view was renamed -
tableDropped
A table or view was dropped -
columnCreated
A column was created -
columnRenamed
A column was renamed -
columnDropped
A column was dropped -
columnTypeChanged
void columnTypeChanged(Session session, CatalogSchemaTableName table, String column, String oldType, String newType) Column type was changed -
columnNotNullConstraintDropped
Column's NOT NULL constraint was dropped
-