Package io.trino.spi.security

Interface SystemAccessControl

public interface SystemAccessControl

Method Summary

Modifier and Type	Method	Description
default boolean	canAccessCatalog(SystemSecurityContext context, String catalogName)	Is identity allowed to access the specified catalog?
default boolean	canCreateViewWithExecuteFunction(SystemSecurityContext systemSecurityContext, CatalogSchemaRoutineName functionName)	Is identity allowed to create a view that executes the specified function?
default boolean	canExecuteFunction(SystemSecurityContext systemSecurityContext, CatalogSchemaRoutineName functionName)	Is identity allowed to execute the specified function?
default void	checkCanAddColumn(SystemSecurityContext context, CatalogSchemaTableName table)	Check if identity is allowed to add columns to the specified table in a catalog.
default void	checkCanAlterColumn(SystemSecurityContext context, CatalogSchemaTableName table)	Check if identity is allowed to alter columns for the specified table in a catalog.
default void	checkCanCreateCatalog(SystemSecurityContext context, String catalog)	Check if identity is allowed to create the specified catalog.
default void	checkCanCreateFunction(SystemSecurityContext systemSecurityContext, CatalogSchemaRoutineName functionName)	Check if identity is allowed to create the specified function in the catalog.
default void	checkCanCreateMaterializedView(SystemSecurityContext context, CatalogSchemaTableName materializedView, Map<String,Object> properties)	Check if identity is allowed to create the specified materialized view in a catalog.
default void	checkCanCreateRole(SystemSecurityContext context, String role, Optional<TrinoPrincipal> grantor)	Check if identity is allowed to create the specified role.
default void	checkCanCreateSchema(SystemSecurityContext context, CatalogSchemaName schema, Map<String,Object> properties)	Check if identity is allowed to create the specified schema with properties in a catalog.
default void	checkCanCreateTable(SystemSecurityContext context, CatalogSchemaTableName table, Map<String,Object> properties)	Check if identity is allowed to create the specified table with properties in a catalog.
default void	checkCanCreateView(SystemSecurityContext context, CatalogSchemaTableName view)	Check if identity is allowed to create the specified view in a catalog.
default void	checkCanCreateViewWithSelectFromColumns(SystemSecurityContext context, CatalogSchemaTableName table, Set<String> columns)	Check if identity is allowed to create a view that selects from the specified columns in a relation.
default void	checkCanDeleteFromTable(SystemSecurityContext context, CatalogSchemaTableName table)	Check if identity is allowed to delete from the specified table in a catalog.
default void	checkCanDenySchemaPrivilege(SystemSecurityContext context, Privilege privilege, CatalogSchemaName schema, TrinoPrincipal grantee)	Check if identity is allowed to deny the specified privilege to the grantee on the specified schema.
default void	checkCanDenyTablePrivilege(SystemSecurityContext context, Privilege privilege, CatalogSchemaTableName table, TrinoPrincipal grantee)	Check if identity is allowed to deny the specified privilege to the grantee on the specified table.
default void	checkCanDropCatalog(SystemSecurityContext context, String catalog)	Check if identity is allowed to drop the specified catalog.
default void	checkCanDropColumn(SystemSecurityContext context, CatalogSchemaTableName table)	Check if identity is allowed to drop columns from the specified table in a catalog.
default void	checkCanDropFunction(SystemSecurityContext systemSecurityContext, CatalogSchemaRoutineName functionName)	Check if identity is allowed to drop the specified function in the catalog.
default void	checkCanDropMaterializedView(SystemSecurityContext context, CatalogSchemaTableName materializedView)	Check if identity is allowed to drop the specified materialized view in a catalog.
default void	checkCanDropRole(SystemSecurityContext context, String role)	Check if identity is allowed to drop the specified role.
default void	checkCanDropSchema(SystemSecurityContext context, CatalogSchemaName schema)	Check if identity is allowed to drop the specified schema in a catalog.
default void	checkCanDropTable(SystemSecurityContext context, CatalogSchemaTableName table)	Check if identity is allowed to drop the specified table in a catalog.
default void	checkCanDropView(SystemSecurityContext context, CatalogSchemaTableName view)	Check if identity is allowed to drop the specified view in a catalog.
default void	checkCanExecuteProcedure(SystemSecurityContext systemSecurityContext, CatalogSchemaRoutineName procedure)	Check if identity is allowed to execute the specified procedure
default void	checkCanExecuteQuery(Identity identity)	Checks if identity can execute a query.
default void	checkCanExecuteTableProcedure(SystemSecurityContext systemSecurityContext, CatalogSchemaTableName table, String procedure)	Check if identity is allowed to execute the specified table procedure on specified table
default void	checkCanGrantRoles(SystemSecurityContext context, Set<String> roles, Set<TrinoPrincipal> grantees, boolean adminOption, Optional<TrinoPrincipal> grantor)	Check if identity is allowed to grant the specified roles to the specified principals.
default void	checkCanGrantSchemaPrivilege(SystemSecurityContext context, Privilege privilege, CatalogSchemaName schema, TrinoPrincipal grantee, boolean grantOption)	Check if identity is allowed to grant the specified privilege to the grantee on the specified schema.
default void	checkCanGrantTablePrivilege(SystemSecurityContext context, Privilege privilege, CatalogSchemaTableName table, TrinoPrincipal grantee, boolean grantOption)	Check if identity is allowed to grant the specified privilege to the grantee on the specified table.
default void	checkCanImpersonateUser(Identity identity, String userName)	Check if the identity is allowed impersonate the specified user.
default void	checkCanInsertIntoTable(SystemSecurityContext context, CatalogSchemaTableName table)	Check if identity is allowed to insert into the specified table in a catalog.
default void	checkCanKillQueryOwnedBy(Identity identity, Identity queryOwner)	Checks if identity can kill a query owned by the specified user.
default void	checkCanReadSystemInformation(Identity identity)	Check if identity is allowed to read system information such as statistics, service registry, thread stacks, etc.
default void	checkCanRefreshMaterializedView(SystemSecurityContext context, CatalogSchemaTableName materializedView)	Check if identity is allowed to refresh the specified materialized view in a catalog.
default void	checkCanRenameColumn(SystemSecurityContext context, CatalogSchemaTableName table)	Check if identity is allowed to rename a column in the specified table in a catalog.
default void	checkCanRenameMaterializedView(SystemSecurityContext context, CatalogSchemaTableName view, CatalogSchemaTableName newView)	Check if identity is allowed to rename the specified materialized view in a catalog.
default void	checkCanRenameSchema(SystemSecurityContext context, CatalogSchemaName schema, String newSchemaName)	Check if identity is allowed to rename the specified schema in a catalog.
default void	checkCanRenameTable(SystemSecurityContext context, CatalogSchemaTableName table, CatalogSchemaTableName newTable)	Check if identity is allowed to rename the specified table in a catalog.
default void	checkCanRenameView(SystemSecurityContext context, CatalogSchemaTableName view, CatalogSchemaTableName newView)	Check if identity is allowed to rename the specified view in a catalog.
default void	checkCanRevokeRoles(SystemSecurityContext context, Set<String> roles, Set<TrinoPrincipal> grantees, boolean adminOption, Optional<TrinoPrincipal> grantor)	Check if identity is allowed to revoke the specified roles from the specified principals.
default void	checkCanRevokeSchemaPrivilege(SystemSecurityContext context, Privilege privilege, CatalogSchemaName schema, TrinoPrincipal revokee, boolean grantOption)	Check if identity is allowed to revoke the specified privilege on the specified schema from the revokee.
default void	checkCanRevokeTablePrivilege(SystemSecurityContext context, Privilege privilege, CatalogSchemaTableName table, TrinoPrincipal revokee, boolean grantOption)	Check if identity is allowed to revoke the specified privilege on the specified table from the revokee.
default void	checkCanSelectFromColumns(SystemSecurityContext context, CatalogSchemaTableName table, Set<String> columns)	Check if identity is allowed to select from the specified columns in a relation.
default void	checkCanSetCatalogSessionProperty(SystemSecurityContext context, String catalogName, String propertyName)	Check if identity is allowed to set the specified property in a catalog.
default void	checkCanSetColumnComment(SystemSecurityContext context, CatalogSchemaTableName table)	Check if identity is allowed to set comment to column in the specified table in a catalog.
default void	checkCanSetMaterializedViewProperties(SystemSecurityContext context, CatalogSchemaTableName materializedView, Map<String,Optional<Object>> properties)	Check if identity is allowed to set the properties of the specified materialized view in a catalog.
default void	checkCanSetSchemaAuthorization(SystemSecurityContext context, CatalogSchemaName schema, TrinoPrincipal principal)	Check if identity is allowed to change the specified schema's user/role.
default void	checkCanSetSystemSessionProperty(Identity identity, String propertyName)	Check if identity is allowed to set the specified system property.
default void	checkCanSetTableAuthorization(SystemSecurityContext context, CatalogSchemaTableName table, TrinoPrincipal principal)	Check if identity is allowed to change the specified table's user/role.
default void	checkCanSetTableComment(SystemSecurityContext context, CatalogSchemaTableName table)	Check if identity is allowed to comment the specified table in a catalog.
default void	checkCanSetTableProperties(SystemSecurityContext context, CatalogSchemaTableName table, Map<String,Optional<Object>> properties)	Check if identity is allowed to alter properties to the specified table in a catalog.
default void	checkCanSetUser(Optional<Principal> principal, String userName)	Deprecated. use user mapping and checkCanImpersonateUser(io.trino.spi.security.Identity, java.lang.String) instead
default void	checkCanSetViewAuthorization(SystemSecurityContext context, CatalogSchemaTableName view, TrinoPrincipal principal)	Check if identity is allowed to change the specified view's user/role.
default void	checkCanSetViewComment(SystemSecurityContext context, CatalogSchemaTableName view)	Check if identity is allowed to comment the specified view in a catalog.
default void	checkCanShowColumns(SystemSecurityContext context, CatalogSchemaTableName table)	Check if identity is allowed to show columns of tables by executing SHOW COLUMNS, DESCRIBE etc.
default void	checkCanShowCreateSchema(SystemSecurityContext context, CatalogSchemaName schemaName)	Check if identity is allowed to execute SHOW CREATE SCHEMA.
default void	checkCanShowCreateTable(SystemSecurityContext context, CatalogSchemaTableName table)	Check if identity is allowed to execute SHOW CREATE TABLE, SHOW CREATE VIEW or SHOW CREATE MATERIALIZED VIEW
default void	checkCanShowCurrentRoles(SystemSecurityContext context)	Check if identity is allowed to show current roles.
default void	checkCanShowFunctions(SystemSecurityContext context, CatalogSchemaName schema)	Check if identity is allowed to show functions by executing SHOW FUNCTIONS in a catalog schema.
default void	checkCanShowRoleGrants(SystemSecurityContext context)	Check if identity is allowed to show its own role grants.
default void	checkCanShowRoles(SystemSecurityContext context)	Check if identity is allowed to show roles.
default void	checkCanShowSchemas(SystemSecurityContext context, String catalogName)	Check if identity is allowed to execute SHOW SCHEMAS in a catalog.
default void	checkCanShowTables(SystemSecurityContext context, CatalogSchemaName schema)	Check if identity is allowed to show metadata of tables by executing SHOW TABLES, SHOW GRANTS etc.
default void	checkCanTruncateTable(SystemSecurityContext context, CatalogSchemaTableName table)	Check if identity is allowed to truncate the specified table in a catalog.
default void	checkCanUpdateTableColumns(SystemSecurityContext securityContext, CatalogSchemaTableName table, Set<String> updatedColumnNames)	Check if identity is allowed to update the supplied columns in the specified table in a catalog.
default void	checkCanViewQueryOwnedBy(Identity identity, Identity queryOwner)	Checks if identity can view a query owned by the specified user.
default void	checkCanWriteSystemInformation(Identity identity)	Check if identity is allowed to write system information such as marking nodes offline, or changing runtime flags.
default Set<String>	filterCatalogs(SystemSecurityContext context, Set<String> catalogs)	Filter the list of catalogs to those visible to the identity.
default Set<String>	filterColumns(SystemSecurityContext context, CatalogSchemaTableName table, Set<String> columns)	Deprecated. Use filterColumns(SystemSecurityContext, String, Map)
default Map<SchemaTableName,Set<String>>	filterColumns(SystemSecurityContext context, String catalogName, Map<SchemaTableName,Set<String>> tableColumns)	Filter lists of columns of multiple tables to those visible to the identity.
default Set<SchemaFunctionName>	filterFunctions(SystemSecurityContext context, String catalogName, Set<SchemaFunctionName> functionNames)	Filter the list of functions to those visible to the identity.
default Set<String>	filterSchemas(SystemSecurityContext context, String catalogName, Set<String> schemaNames)	Filter the list of schemas in a catalog to those visible to the identity.
default Set<SchemaTableName>	filterTables(SystemSecurityContext context, String catalogName, Set<SchemaTableName> tableNames)	Filter the list of tables and views to those visible to the identity.
default Collection<Identity>	filterViewQueryOwnedBy(Identity identity, Collection<Identity> queryOwners)	Filter the list of users to those the identity view query owned by the user.
default Optional<ViewExpression>	getColumnMask(SystemSecurityContext context, CatalogSchemaTableName tableName, String columnName, Type type)	Get column masks associated with the given table, column and identity.
default Iterable<EventListener>	getEventListeners()
default List<ViewExpression>	getRowFilters(SystemSecurityContext context, CatalogSchemaTableName tableName)	Get row filters associated with the given table and identity.

Method Details

checkCanImpersonateUser

default void checkCanImpersonateUser(Identity identity,
 String userName)

Check if the identity is allowed impersonate the specified user.

Throws:

AccessDeniedException - if not allowed

checkCanSetUser

@Deprecated
default void checkCanSetUser(Optional<Principal> principal,
 String userName)

Deprecated.

use user mapping and checkCanImpersonateUser(io.trino.spi.security.Identity, java.lang.String) instead

Check if the principal is allowed to be the specified user.

Throws:

AccessDeniedException - if not allowed

checkCanExecuteQuery

default void checkCanExecuteQuery(Identity identity)

Checks if identity can execute a query.

Throws:

AccessDeniedException - if not allowed

checkCanViewQueryOwnedBy

default void checkCanViewQueryOwnedBy(Identity identity,
 Identity queryOwner)

Checks if identity can view a query owned by the specified user. The method will not be called when the current user is the query owner.

Throws:

AccessDeniedException - if not allowed

filterViewQueryOwnedBy

default Collection<Identity> filterViewQueryOwnedBy(Identity identity,
 Collection<Identity> queryOwners)

Filter the list of users to those the identity view query owned by the user. The method will not be called with the current user in the set.

checkCanKillQueryOwnedBy

default void checkCanKillQueryOwnedBy(Identity identity,
 Identity queryOwner)

Checks if identity can kill a query owned by the specified user. The method will not be called when the current user is the query owner.

Throws:

AccessDeniedException - if not allowed

checkCanReadSystemInformation

default void checkCanReadSystemInformation(Identity identity)

Check if identity is allowed to read system information such as statistics, service registry, thread stacks, etc. This is typically allowed for administrators and management tools.

Throws:

AccessDeniedException - if not allowed

checkCanWriteSystemInformation

default void checkCanWriteSystemInformation(Identity identity)

Check if identity is allowed to write system information such as marking nodes offline, or changing runtime flags. This is typically allowed for administrators.

Throws:

AccessDeniedException - if not allowed

checkCanSetSystemSessionProperty

default void checkCanSetSystemSessionProperty(Identity identity,
 String propertyName)

Check if identity is allowed to set the specified system property.

Throws:

AccessDeniedException - if not allowed

canAccessCatalog

default boolean canAccessCatalog(SystemSecurityContext context,
 String catalogName)

Is identity allowed to access the specified catalog?

checkCanCreateCatalog

default void checkCanCreateCatalog(SystemSecurityContext context,
 String catalog)

Check if identity is allowed to create the specified catalog.

Throws:

AccessDeniedException - if not allowed

checkCanDropCatalog

default void checkCanDropCatalog(SystemSecurityContext context,
 String catalog)

Check if identity is allowed to drop the specified catalog.

Throws:

AccessDeniedException - if not allowed

filterCatalogs

default Set<String> filterCatalogs(SystemSecurityContext context,
 Set<String> catalogs)

Filter the list of catalogs to those visible to the identity.

checkCanCreateSchema

default void checkCanCreateSchema(SystemSecurityContext context,
 CatalogSchemaName schema,
 Map<String,Object> properties)

Check if identity is allowed to create the specified schema with properties in a catalog.

Throws:

AccessDeniedException - if not allowed

checkCanDropSchema

default void checkCanDropSchema(SystemSecurityContext context,
 CatalogSchemaName schema)

Check if identity is allowed to drop the specified schema in a catalog.

Throws:

AccessDeniedException - if not allowed

checkCanRenameSchema

default void checkCanRenameSchema(SystemSecurityContext context,
 CatalogSchemaName schema,
 String newSchemaName)

Check if identity is allowed to rename the specified schema in a catalog.

Throws:

AccessDeniedException - if not allowed

checkCanSetSchemaAuthorization

default void checkCanSetSchemaAuthorization(SystemSecurityContext context,
 CatalogSchemaName schema,
 TrinoPrincipal principal)

Check if identity is allowed to change the specified schema's user/role.

Throws:

AccessDeniedException - if not allowed

checkCanShowSchemas

default void checkCanShowSchemas(SystemSecurityContext context,
 String catalogName)

Check if identity is allowed to execute SHOW SCHEMAS in a catalog.

NOTE: This method is only present to give users an error message when listing is not allowed. The filterSchemas(io.trino.spi.security.SystemSecurityContext, java.lang.String, java.util.Set<java.lang.String>) method must filter all results for unauthorized users, since there are multiple ways to list schemas.

Throws:

AccessDeniedException - if not allowed

filterSchemas

default Set<String> filterSchemas(SystemSecurityContext context,
 String catalogName,
 Set<String> schemaNames)

Filter the list of schemas in a catalog to those visible to the identity.

checkCanShowCreateSchema

default void checkCanShowCreateSchema(SystemSecurityContext context,
 CatalogSchemaName schemaName)

Check if identity is allowed to execute SHOW CREATE SCHEMA.

Throws:

AccessDeniedException - if not allowed

checkCanShowCreateTable

default void checkCanShowCreateTable(SystemSecurityContext context,
 CatalogSchemaTableName table)

Check if identity is allowed to execute SHOW CREATE TABLE, SHOW CREATE VIEW or SHOW CREATE MATERIALIZED VIEW

Throws:

AccessDeniedException - if not allowed

checkCanCreateTable

default void checkCanCreateTable(SystemSecurityContext context,
 CatalogSchemaTableName table,
 Map<String,Object> properties)

Check if identity is allowed to create the specified table with properties in a catalog.

Throws:

AccessDeniedException - if not allowed

checkCanDropTable

default void checkCanDropTable(SystemSecurityContext context,
 CatalogSchemaTableName table)

Check if identity is allowed to drop the specified table in a catalog.

Throws:

AccessDeniedException - if not allowed

checkCanRenameTable

default void checkCanRenameTable(SystemSecurityContext context,
 CatalogSchemaTableName table,
 CatalogSchemaTableName newTable)

Check if identity is allowed to rename the specified table in a catalog.

Throws:

AccessDeniedException - if not allowed

checkCanSetTableProperties

default void checkCanSetTableProperties(SystemSecurityContext context,
 CatalogSchemaTableName table,
 Map<String,Optional<Object>> properties)

Check if identity is allowed to alter properties to the specified table in a catalog.

Throws:

AccessDeniedException - if not allowed

checkCanSetTableComment

default void checkCanSetTableComment(SystemSecurityContext context,
 CatalogSchemaTableName table)

Check if identity is allowed to comment the specified table in a catalog.

Throws:

AccessDeniedException - if not allowed

checkCanSetViewComment

default void checkCanSetViewComment(SystemSecurityContext context,
 CatalogSchemaTableName view)

Check if identity is allowed to comment the specified view in a catalog.

Throws:

AccessDeniedException - if not allowed

checkCanSetColumnComment

default void checkCanSetColumnComment(SystemSecurityContext context,
 CatalogSchemaTableName table)

Check if identity is allowed to set comment to column in the specified table in a catalog.

Throws:

AccessDeniedException - if not allowed

checkCanShowTables

default void checkCanShowTables(SystemSecurityContext context,
 CatalogSchemaName schema)

Check if identity is allowed to show metadata of tables by executing SHOW TABLES, SHOW GRANTS etc. in a catalog.

NOTE: This method is only present to give users an error message when listing is not allowed. The filterTables(io.trino.spi.security.SystemSecurityContext, java.lang.String, java.util.Set<io.trino.spi.connector.SchemaTableName>) method must filter all results for unauthorized users, since there are multiple ways to list tables.

Throws:

AccessDeniedException - if not allowed

filterTables

default Set<SchemaTableName> filterTables(SystemSecurityContext context,
 String catalogName,
 Set<SchemaTableName> tableNames)

Filter the list of tables and views to those visible to the identity.

checkCanShowColumns

default void checkCanShowColumns(SystemSecurityContext context,
 CatalogSchemaTableName table)

Check if identity is allowed to show columns of tables by executing SHOW COLUMNS, DESCRIBE etc.

NOTE: This method is only present to give users an error message when listing is not allowed. The filterColumns(io.trino.spi.security.SystemSecurityContext, io.trino.spi.connector.CatalogSchemaTableName, java.util.Set<java.lang.String>) method must filter all results for unauthorized users, since there are multiple ways to list columns.

Throws:

AccessDeniedException - if not allowed

filterColumns

@Deprecated
default Set<String> filterColumns(SystemSecurityContext context,
 CatalogSchemaTableName table,
 Set<String> columns)

Deprecated.

Use filterColumns(SystemSecurityContext, String, Map)

Filter the list of columns to those visible to the identity.

filterColumns

default Map<SchemaTableName,Set<String>> filterColumns(SystemSecurityContext context,
 String catalogName,
 Map<SchemaTableName,Set<String>> tableColumns)

Filter lists of columns of multiple tables to those visible to the identity.

checkCanAddColumn

default void checkCanAddColumn(SystemSecurityContext context,
 CatalogSchemaTableName table)

Check if identity is allowed to add columns to the specified table in a catalog.

Throws:

AccessDeniedException - if not allowed

checkCanAlterColumn

default void checkCanAlterColumn(SystemSecurityContext context,
 CatalogSchemaTableName table)

Check if identity is allowed to alter columns for the specified table in a catalog.

Throws:

AccessDeniedException - if not allowed

checkCanDropColumn

default void checkCanDropColumn(SystemSecurityContext context,
 CatalogSchemaTableName table)

Check if identity is allowed to drop columns from the specified table in a catalog.

Throws:

AccessDeniedException - if not allowed

checkCanSetTableAuthorization

default void checkCanSetTableAuthorization(SystemSecurityContext context,
 CatalogSchemaTableName table,
 TrinoPrincipal principal)

Check if identity is allowed to change the specified table's user/role.

Throws:

AccessDeniedException - if not allowed

checkCanRenameColumn

default void checkCanRenameColumn(SystemSecurityContext context,
 CatalogSchemaTableName table)

Check if identity is allowed to rename a column in the specified table in a catalog.

Throws:

AccessDeniedException - if not allowed

checkCanSelectFromColumns

default void checkCanSelectFromColumns(SystemSecurityContext context,
 CatalogSchemaTableName table,
 Set<String> columns)

Check if identity is allowed to select from the specified columns in a relation. The column set can be empty.

Throws:

AccessDeniedException - if not allowed

checkCanInsertIntoTable

default void checkCanInsertIntoTable(SystemSecurityContext context,
 CatalogSchemaTableName table)

Check if identity is allowed to insert into the specified table in a catalog.

Throws:

AccessDeniedException - if not allowed

checkCanDeleteFromTable

default void checkCanDeleteFromTable(SystemSecurityContext context,
 CatalogSchemaTableName table)

Check if identity is allowed to delete from the specified table in a catalog.

Throws:

AccessDeniedException - if not allowed

checkCanTruncateTable

default void checkCanTruncateTable(SystemSecurityContext context,
 CatalogSchemaTableName table)

Check if identity is allowed to truncate the specified table in a catalog.

Throws:

AccessDeniedException - if not allowed

checkCanUpdateTableColumns

default void checkCanUpdateTableColumns(SystemSecurityContext securityContext,
 CatalogSchemaTableName table,
 Set<String> updatedColumnNames)

Check if identity is allowed to update the supplied columns in the specified table in a catalog.

Throws:

AccessDeniedException - if not allowed

checkCanCreateView

default void checkCanCreateView(SystemSecurityContext context,
 CatalogSchemaTableName view)

Check if identity is allowed to create the specified view in a catalog.

Throws:

AccessDeniedException - if not allowed

checkCanRenameView

default void checkCanRenameView(SystemSecurityContext context,
 CatalogSchemaTableName view,
 CatalogSchemaTableName newView)

Check if identity is allowed to rename the specified view in a catalog.

Throws:

AccessDeniedException - if not allowed

checkCanSetViewAuthorization

default void checkCanSetViewAuthorization(SystemSecurityContext context,
 CatalogSchemaTableName view,
 TrinoPrincipal principal)

Check if identity is allowed to change the specified view's user/role.

Throws:

AccessDeniedException - if not allowed

checkCanDropView

default void checkCanDropView(SystemSecurityContext context,
 CatalogSchemaTableName view)

Check if identity is allowed to drop the specified view in a catalog.

Throws:

AccessDeniedException - if not allowed

checkCanCreateViewWithSelectFromColumns

default void checkCanCreateViewWithSelectFromColumns(SystemSecurityContext context,
 CatalogSchemaTableName table,
 Set<String> columns)

Check if identity is allowed to create a view that selects from the specified columns in a relation.

Throws:

AccessDeniedException - if not allowed

checkCanCreateMaterializedView

default void checkCanCreateMaterializedView(SystemSecurityContext context,
 CatalogSchemaTableName materializedView,
 Map<String,Object> properties)

Check if identity is allowed to create the specified materialized view in a catalog.

Throws:

AccessDeniedException - if not allowed

checkCanRefreshMaterializedView

default void checkCanRefreshMaterializedView(SystemSecurityContext context,
 CatalogSchemaTableName materializedView)

Check if identity is allowed to refresh the specified materialized view in a catalog.

Throws:

AccessDeniedException - if not allowed

checkCanSetMaterializedViewProperties

default void checkCanSetMaterializedViewProperties(SystemSecurityContext context,
 CatalogSchemaTableName materializedView,
 Map<String,Optional<Object>> properties)

Check if identity is allowed to set the properties of the specified materialized view in a catalog.

Throws:

AccessDeniedException - if not allowed

checkCanDropMaterializedView

default void checkCanDropMaterializedView(SystemSecurityContext context,
 CatalogSchemaTableName materializedView)

Check if identity is allowed to drop the specified materialized view in a catalog.

Throws:

AccessDeniedException - if not allowed

checkCanRenameMaterializedView

default void checkCanRenameMaterializedView(SystemSecurityContext context,
 CatalogSchemaTableName view,
 CatalogSchemaTableName newView)

Check if identity is allowed to rename the specified materialized view in a catalog.

Throws:

AccessDeniedException - if not allowed

checkCanSetCatalogSessionProperty

default void checkCanSetCatalogSessionProperty(SystemSecurityContext context,
 String catalogName,
 String propertyName)

Check if identity is allowed to set the specified property in a catalog.

Throws:

AccessDeniedException - if not allowed

checkCanGrantSchemaPrivilege

default void checkCanGrantSchemaPrivilege(SystemSecurityContext context,
 Privilege privilege,
 CatalogSchemaName schema,
 TrinoPrincipal grantee,
 boolean grantOption)

Check if identity is allowed to grant the specified privilege to the grantee on the specified schema.

Throws:

AccessDeniedException - if not allowed

checkCanDenySchemaPrivilege

default void checkCanDenySchemaPrivilege(SystemSecurityContext context,
 Privilege privilege,
 CatalogSchemaName schema,
 TrinoPrincipal grantee)

Check if identity is allowed to deny the specified privilege to the grantee on the specified schema.

Throws:

AccessDeniedException - if not allowed

checkCanRevokeSchemaPrivilege

default void checkCanRevokeSchemaPrivilege(SystemSecurityContext context,
 Privilege privilege,
 CatalogSchemaName schema,
 TrinoPrincipal revokee,
 boolean grantOption)

Check if identity is allowed to revoke the specified privilege on the specified schema from the revokee.

Throws:

AccessDeniedException - if not allowed

checkCanGrantTablePrivilege

default void checkCanGrantTablePrivilege(SystemSecurityContext context,
 Privilege privilege,
 CatalogSchemaTableName table,
 TrinoPrincipal grantee,
 boolean grantOption)

Check if identity is allowed to grant the specified privilege to the grantee on the specified table.

Throws:

AccessDeniedException - if not allowed

checkCanDenyTablePrivilege

default void checkCanDenyTablePrivilege(SystemSecurityContext context,
 Privilege privilege,
 CatalogSchemaTableName table,
 TrinoPrincipal grantee)

Check if identity is allowed to deny the specified privilege to the grantee on the specified table.

Throws:

AccessDeniedException - if not allowed

checkCanRevokeTablePrivilege

default void checkCanRevokeTablePrivilege(SystemSecurityContext context,
 Privilege privilege,
 CatalogSchemaTableName table,
 TrinoPrincipal revokee,
 boolean grantOption)

Check if identity is allowed to revoke the specified privilege on the specified table from the revokee.

Throws:

AccessDeniedException - if not allowed

checkCanShowRoles

default void checkCanShowRoles(SystemSecurityContext context)

Check if identity is allowed to show roles.

Throws:

AccessDeniedException - if not allowed

checkCanCreateRole

default void checkCanCreateRole(SystemSecurityContext context,
 String role,
 Optional<TrinoPrincipal> grantor)

Check if identity is allowed to create the specified role.

Throws:

AccessDeniedException - if not allowed

checkCanDropRole

default void checkCanDropRole(SystemSecurityContext context,
 String role)

Check if identity is allowed to drop the specified role.

Throws:

AccessDeniedException - if not allowed

checkCanGrantRoles

default void checkCanGrantRoles(SystemSecurityContext context,
 Set<String> roles,
 Set<TrinoPrincipal> grantees,
 boolean adminOption,
 Optional<TrinoPrincipal> grantor)

Check if identity is allowed to grant the specified roles to the specified principals.

Throws:

AccessDeniedException - if not allowed

checkCanRevokeRoles

default void checkCanRevokeRoles(SystemSecurityContext context,
 Set<String> roles,
 Set<TrinoPrincipal> grantees,
 boolean adminOption,
 Optional<TrinoPrincipal> grantor)

Check if identity is allowed to revoke the specified roles from the specified principals.

Throws:

AccessDeniedException - if not allowed

checkCanShowCurrentRoles

default void checkCanShowCurrentRoles(SystemSecurityContext context)

Check if identity is allowed to show current roles.

Throws:

AccessDeniedException - if not allowed

checkCanShowRoleGrants

default void checkCanShowRoleGrants(SystemSecurityContext context)

Check if identity is allowed to show its own role grants.

Throws:

AccessDeniedException - if not allowed

checkCanExecuteProcedure

default void checkCanExecuteProcedure(SystemSecurityContext systemSecurityContext,
 CatalogSchemaRoutineName procedure)

Check if identity is allowed to execute the specified procedure

Throws:

AccessDeniedException - if not allowed

canExecuteFunction

default boolean canExecuteFunction(SystemSecurityContext systemSecurityContext,
 CatalogSchemaRoutineName functionName)

Is identity allowed to execute the specified function?

canCreateViewWithExecuteFunction

default boolean canCreateViewWithExecuteFunction(SystemSecurityContext systemSecurityContext,
 CatalogSchemaRoutineName functionName)

Is identity allowed to create a view that executes the specified function?

checkCanExecuteTableProcedure

default void checkCanExecuteTableProcedure(SystemSecurityContext systemSecurityContext,
 CatalogSchemaTableName table,
 String procedure)

Check if identity is allowed to execute the specified table procedure on specified table

Throws:

AccessDeniedException - if not allowed

checkCanShowFunctions

default void checkCanShowFunctions(SystemSecurityContext context,
 CatalogSchemaName schema)

Check if identity is allowed to show functions by executing SHOW FUNCTIONS in a catalog schema.

NOTE: This method is only present to give users an error message when listing is not allowed. The filterFunctions(io.trino.spi.security.SystemSecurityContext, java.lang.String, java.util.Set<io.trino.spi.function.SchemaFunctionName>) method must filter all results for unauthorized users, since there are multiple ways to list functions.

Throws:

AccessDeniedException - if not allowed

filterFunctions

default Set<SchemaFunctionName> filterFunctions(SystemSecurityContext context,
 String catalogName,
 Set<SchemaFunctionName> functionNames)

Filter the list of functions to those visible to the identity.

checkCanCreateFunction

default void checkCanCreateFunction(SystemSecurityContext systemSecurityContext,
 CatalogSchemaRoutineName functionName)

Check if identity is allowed to create the specified function in the catalog.

Throws:

AccessDeniedException - if not allowed

checkCanDropFunction

default void checkCanDropFunction(SystemSecurityContext systemSecurityContext,
 CatalogSchemaRoutineName functionName)

Check if identity is allowed to drop the specified function in the catalog.

Throws:

AccessDeniedException - if not allowed

getRowFilters

default List<ViewExpression> getRowFilters(SystemSecurityContext context,
 CatalogSchemaTableName tableName)

Get row filters associated with the given table and identity.

Each filter must be a scalar SQL expression of boolean type over the columns in the table.

Returns:

the list of filters, or empty list if not applicable

getColumnMask

default Optional<ViewExpression> getColumnMask(SystemSecurityContext context,
 CatalogSchemaTableName tableName,
 String columnName,
 Type type)

Get column masks associated with the given table, column and identity.

The mask must be a scalar SQL expression of a type coercible to the type of the column being masked. The expression must be written in terms of columns in the table.

Returns:

the mask if present, or empty if not applicable

getEventListeners

default Iterable<EventListener> getEventListeners()

Returns:

the event listeners provided by this system access control