java.lang.Object
- org.openmetadata.service.security.policyevaluator.PolicyEvaluator

```
public class PolicyEvaluator
extends Object
```
PolicyEvaluator for metadata operations based on OpenMetadata's internal Policy format to make access decisions.
Policy Evaluation uses the following:
- Policy which is a collection of `Allow` and `Deny` rules Rule.
- PolicyEvaluator gets OperationContext with information about the operation, ResourceContext with information about the resource on which the operations is being performed, and SubjectContext with information about the user performing the operation.
- First, all the Deny rules are applied and if there is rule match, then the operation is denied.
- Second, all the Allow rules are applied and if there is rule match, then the operation is allowed.
- All operations that don't a match rule are not allowed.

Method Summary

All Methods Static Methods Concrete Methods
Modifier and Type	Method	Description
`static ResourcePermission`	`getPermission(@NonNull SubjectContext subjectContext, String resourceType)`	Returns a list of operations that a user can perform on the given resource/entity type
`static ResourcePermission`	`getPermission(@NonNull SubjectContext subjectContext, ResourceContextInterface resourceContext)`
`static ResourcePermission`	`getResourcePermission(String resource, Permission.Access access)`	Get list of resources with all their permissions set to given Access
`static List<ResourcePermission>`	`getResourcePermissions(Permission.Access access)`	Get list of resources with all their permissions set to given Access
`static void`	`hasPermission(@NonNull SubjectContext subjectContext, @NonNull ResourceContextInterface resourceContext, @NonNull OperationContext operationContext)`	Checks if the policy has rules that give permission to perform an operation on the given entity.
`static Map<String,ResourcePermission>`	`initResourcePermissions()`	Initialize a map of Resource name to ResourcePermission with for each resource permission for all operations set as NOT_ALLOW
`static List<ResourcePermission>`	`listPermission(@NonNull List<EntityReference> policies)`	Returns a list of operations that a user can perform on all the resources.
`static List<ResourcePermission>`	`listPermission(@NonNull SubjectContext subjectContext)`	Returns a list of operations that a user can perform on all the resources.
`static List<Permission>`	`trimPermissions(List<Permission> permissions)`	Removes the redundant permissions from the list.
`static ResourcePermission`	`trimResourcePermission(ResourcePermission resourcePermission)`
`static List<ResourcePermission>`	`trimResourcePermissions(List<ResourcePermission> resourcePermissions)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

hasPermission

public static void hasPermission(@NonNull
                                 @NonNull SubjectContext subjectContext,
                                 @NonNull
                                 @NonNull ResourceContextInterface resourceContext,
                                 @NonNull
                                 @NonNull OperationContext operationContext)

Checks if the policy has rules that give permission to perform an operation on the given entity.

listPermission

public static List<ResourcePermission> listPermission(@NonNull
                                                      @NonNull SubjectContext subjectContext)

Returns a list of operations that a user can perform on all the resources.

listPermission

public static List<ResourcePermission> listPermission(@NonNull
                                                      @NonNull List<EntityReference> policies)

Returns a list of operations that a user can perform on all the resources.

getPermission

public static ResourcePermission getPermission(@NonNull
                                               @NonNull SubjectContext subjectContext,
                                               String resourceType)

Returns a list of operations that a user can perform on the given resource/entity type

getPermission

public static ResourcePermission getPermission(@NonNull
                                               @NonNull SubjectContext subjectContext,
                                               ResourceContextInterface resourceContext)

getResourcePermissions

public static List<ResourcePermission> getResourcePermissions(Permission.Access access)

Get list of resources with all their permissions set to given Access

getResourcePermission

public static ResourcePermission getResourcePermission(String resource,
                                                       Permission.Access access)

Get list of resources with all their permissions set to given Access

initResourcePermissions
```
public static Map<String,ResourcePermission> initResourcePermissions()
```
Initialize a map of Resource name to ResourcePermission with for each resource permission for all operations set as NOT_ALLOW

trimPermissions

public static List<Permission> trimPermissions(List<Permission> permissions)

Removes the redundant permissions from the list.

trimResourcePermission

public static ResourcePermission trimResourcePermission(ResourcePermission resourcePermission)

trimResourcePermissions

public static List<ResourcePermission> trimResourcePermissions(List<ResourcePermission> resourcePermissions)

Class PolicyEvaluator

Method Summary

Methods inherited from class java.lang.Object

Method Detail

hasPermission

listPermission

listPermission

getPermission

getPermission

getResourcePermissions

getResourcePermission

initResourcePermissions

trimPermissions

trimResourcePermission

trimResourcePermissions