ConnectorAccessControl (presto-spi 0.205 API)

```
public interface ConnectorAccessControl
```

Method Summary

All Methods Instance Methods Default Methods Deprecated Methods
Modifier and Type	Method and Description
`default void`	`checkCanAddColumn(ConnectorTransactionHandle transactionHandle, Identity identity, SchemaTableName tableName)` Check if identity is allowed to add columns to the specified table in this catalog.
`default void`	`checkCanCreateSchema(ConnectorTransactionHandle transactionHandle, Identity identity, String schemaName)` Check if identity is allowed to create the specified schema in this catalog.
`default void`	`checkCanCreateTable(ConnectorTransactionHandle transactionHandle, Identity identity, SchemaTableName tableName)` Check if identity is allowed to create the specified table in this catalog.
`default void`	`checkCanCreateView(ConnectorTransactionHandle transactionHandle, Identity identity, SchemaTableName viewName)` Check if identity is allowed to create the specified view in this catalog.
`default void`	`checkCanCreateViewWithSelectFromColumns(ConnectorTransactionHandle transactionHandle, Identity identity, SchemaTableName tableName, Set<String> columnNames)` Check if identity is allowed to create a view that selects from the specified columns in a relation.
`default void`	`checkCanCreateViewWithSelectFromTable(ConnectorTransactionHandle transactionHandle, Identity identity, SchemaTableName tableName)` Deprecated. Use `checkCanCreateViewWithSelectFromColumns(com.facebook.presto.spi.connector.ConnectorTransactionHandle, com.facebook.presto.spi.security.Identity, com.facebook.presto.spi.SchemaTableName, java.util.Set<java.lang.String>)` instead
`default void`	`checkCanCreateViewWithSelectFromView(ConnectorTransactionHandle transactionHandle, Identity identity, SchemaTableName viewName)` Deprecated. Use `checkCanCreateViewWithSelectFromColumns(com.facebook.presto.spi.connector.ConnectorTransactionHandle, com.facebook.presto.spi.security.Identity, com.facebook.presto.spi.SchemaTableName, java.util.Set<java.lang.String>)` instead
`default void`	`checkCanDeleteFromTable(ConnectorTransactionHandle transactionHandle, Identity identity, SchemaTableName tableName)` Check if identity is allowed to delete from the specified table in this catalog.
`default void`	`checkCanDropColumn(ConnectorTransactionHandle transactionHandle, Identity identity, SchemaTableName tableName)` Check if identity is allowed to drop columns from the specified table in this catalog.
`default void`	`checkCanDropSchema(ConnectorTransactionHandle transactionHandle, Identity identity, String schemaName)` Check if identity is allowed to drop the specified schema in this catalog.
`default void`	`checkCanDropTable(ConnectorTransactionHandle transactionHandle, Identity identity, SchemaTableName tableName)` Check if identity is allowed to drop the specified table in this catalog.
`default void`	`checkCanDropView(ConnectorTransactionHandle transactionHandle, Identity identity, SchemaTableName viewName)` Check if identity is allowed to drop the specified view in this catalog.
`default void`	`checkCanGrantTablePrivilege(ConnectorTransactionHandle transactionHandle, Identity identity, Privilege privilege, SchemaTableName tableName, String grantee, boolean withGrantOption)` Check if identity is allowed to grant to any other user the specified privilege on the specified table.
`default void`	`checkCanInsertIntoTable(ConnectorTransactionHandle transactionHandle, Identity identity, SchemaTableName tableName)` Check if identity is allowed to insert into the specified table in this catalog.
`default void`	`checkCanRenameColumn(ConnectorTransactionHandle transactionHandle, Identity identity, SchemaTableName tableName)` Check if identity is allowed to rename a column in the specified table in this catalog.
`default void`	`checkCanRenameSchema(ConnectorTransactionHandle transactionHandle, Identity identity, String schemaName, String newSchemaName)` Check if identity is allowed to rename the specified schema in this catalog.
`default void`	`checkCanRenameTable(ConnectorTransactionHandle transactionHandle, Identity identity, SchemaTableName tableName, SchemaTableName newTableName)` Check if identity is allowed to rename the specified table in this catalog.
`default void`	`checkCanRevokeTablePrivilege(ConnectorTransactionHandle transactionHandle, Identity identity, Privilege privilege, SchemaTableName tableName, String revokee, boolean grantOptionFor)` Check if identity is allowed to revoke the specified privilege on the specified table from any user.
`default void`	`checkCanSelectFromColumns(ConnectorTransactionHandle transactionHandle, Identity identity, SchemaTableName tableName, Set<String> columnNames)` Check if identity is allowed to select from the specified columns in a relation.
`default void`	`checkCanSelectFromTable(ConnectorTransactionHandle transactionHandle, Identity identity, SchemaTableName tableName)` Deprecated. Use `checkCanSelectFromColumns(com.facebook.presto.spi.connector.ConnectorTransactionHandle, com.facebook.presto.spi.security.Identity, com.facebook.presto.spi.SchemaTableName, java.util.Set<java.lang.String>)` instead
`default void`	`checkCanSelectFromView(ConnectorTransactionHandle transactionHandle, Identity identity, SchemaTableName viewName)` Deprecated. Use `checkCanSelectFromColumns(com.facebook.presto.spi.connector.ConnectorTransactionHandle, com.facebook.presto.spi.security.Identity, com.facebook.presto.spi.SchemaTableName, java.util.Set<java.lang.String>)` instead
`default void`	`checkCanSetCatalogSessionProperty(Identity identity, String propertyName)` Check if identity is allowed to set the specified property in this catalog.
`default void`	`checkCanShowSchemas(ConnectorTransactionHandle transactionHandle, Identity identity)` Check if identity is allowed to execute SHOW SCHEMAS in a catalog.
`default void`	`checkCanShowTablesMetadata(ConnectorTransactionHandle transactionHandle, Identity identity, String schemaName)` Check if identity is allowed to show metadata of tables by executing SHOW TABLES, SHOW GRANTS etc.
`default Set<String>`	`filterSchemas(ConnectorTransactionHandle transactionHandle, Identity identity, Set<String> schemaNames)` Filter the list of schemas to those visible to the identity.
`default Set<SchemaTableName>`	`filterTables(ConnectorTransactionHandle transactionHandle, Identity identity, Set<SchemaTableName> tableNames)` Filter the list of tables and views to those visible to the identity.

Method Detail

checkCanCreateSchema

default void checkCanCreateSchema(ConnectorTransactionHandle transactionHandle,
                                  Identity identity,
                                  String schemaName)

Check if identity is allowed to create the specified schema in this catalog.

Throws:: AccessDeniedException - if not allowed

checkCanDropSchema

default void checkCanDropSchema(ConnectorTransactionHandle transactionHandle,
                                Identity identity,
                                String schemaName)

Check if identity is allowed to drop the specified schema in this catalog.

Throws:: AccessDeniedException - if not allowed

checkCanRenameSchema

default void checkCanRenameSchema(ConnectorTransactionHandle transactionHandle,
                                  Identity identity,
                                  String schemaName,
                                  String newSchemaName)

Check if identity is allowed to rename the specified schema in this catalog.

Throws:: AccessDeniedException - if not allowed

checkCanShowSchemas
```
default void checkCanShowSchemas(ConnectorTransactionHandle transactionHandle,
                                 Identity identity)
```
Check if identity is allowed to execute SHOW SCHEMAS in a catalog.
NOTE: This method is only present to give users an error message when listing is not allowed. The filterSchemas(com.facebook.presto.spi.connector.ConnectorTransactionHandle, com.facebook.presto.spi.security.Identity, java.util.Set<java.lang.String>) method must handle filter all results for unauthorized users, since there are multiple way to list schemas.

Throws:

AccessDeniedException - if not allowed

filterSchemas

default Set<String> filterSchemas(ConnectorTransactionHandle transactionHandle,
                                  Identity identity,
                                  Set<String> schemaNames)

Filter the list of schemas to those visible to the identity.

checkCanCreateTable

default void checkCanCreateTable(ConnectorTransactionHandle transactionHandle,
                                 Identity identity,
                                 SchemaTableName tableName)

Check if identity is allowed to create the specified table in this catalog.

Throws:: AccessDeniedException - if not allowed

checkCanDropTable

default void checkCanDropTable(ConnectorTransactionHandle transactionHandle,
                               Identity identity,
                               SchemaTableName tableName)

Check if identity is allowed to drop the specified table in this catalog.

Throws:: AccessDeniedException - if not allowed

checkCanRenameTable

default void checkCanRenameTable(ConnectorTransactionHandle transactionHandle,
                                 Identity identity,
                                 SchemaTableName tableName,
                                 SchemaTableName newTableName)

Check if identity is allowed to rename the specified table in this catalog.

Throws:: AccessDeniedException - if not allowed

checkCanShowTablesMetadata
```
default void checkCanShowTablesMetadata(ConnectorTransactionHandle transactionHandle,
                                        Identity identity,
                                        String schemaName)
```
Check if identity is allowed to show metadata of tables by executing SHOW TABLES, SHOW GRANTS etc. in a catalog.
NOTE: This method is only present to give users an error message when listing is not allowed. The filterTables(com.facebook.presto.spi.connector.ConnectorTransactionHandle, com.facebook.presto.spi.security.Identity, java.util.Set<com.facebook.presto.spi.SchemaTableName>) method must filter all results for unauthorized users, since there are multiple ways to list tables.

Throws:

AccessDeniedException - if not allowed

filterTables

default Set<SchemaTableName> filterTables(ConnectorTransactionHandle transactionHandle,
                                          Identity identity,
                                          Set<SchemaTableName> tableNames)

Filter the list of tables and views to those visible to the identity.

checkCanAddColumn

default void checkCanAddColumn(ConnectorTransactionHandle transactionHandle,
                               Identity identity,
                               SchemaTableName tableName)

Check if identity is allowed to add columns to the specified table in this catalog.

Throws:: AccessDeniedException - if not allowed

checkCanDropColumn

default void checkCanDropColumn(ConnectorTransactionHandle transactionHandle,
                                Identity identity,
                                SchemaTableName tableName)

Check if identity is allowed to drop columns from the specified table in this catalog.

Throws:: AccessDeniedException - if not allowed

checkCanRenameColumn

default void checkCanRenameColumn(ConnectorTransactionHandle transactionHandle,
                                  Identity identity,
                                  SchemaTableName tableName)

Check if identity is allowed to rename a column in the specified table in this catalog.

Throws:: AccessDeniedException - if not allowed

checkCanSelectFromColumns

default void checkCanSelectFromColumns(ConnectorTransactionHandle transactionHandle,
                                       Identity identity,
                                       SchemaTableName tableName,
                                       Set<String> columnNames)

Check if identity is allowed to select from the specified columns in a relation. The column set can be empty. If this is implemented, checkCanSelectFromTable and checkCanSelectFromView can be pass-through.

Throws:: AccessDeniedException - if not allowed

checkCanSelectFromTable
```
@Deprecated
default void checkCanSelectFromTable(ConnectorTransactionHandle transactionHandle,
                                                 Identity identity,
                                                 SchemaTableName tableName)
```
Deprecated. Use checkCanSelectFromColumns(com.facebook.presto.spi.connector.ConnectorTransactionHandle, com.facebook.presto.spi.security.Identity, com.facebook.presto.spi.SchemaTableName, java.util.Set<java.lang.String>) instead

Check if identity is allowed to select from the specified table in this catalog.

Throws:

AccessDeniedException - if not allowed

checkCanInsertIntoTable

default void checkCanInsertIntoTable(ConnectorTransactionHandle transactionHandle,
                                     Identity identity,
                                     SchemaTableName tableName)

Check if identity is allowed to insert into the specified table in this catalog.

Throws:: AccessDeniedException - if not allowed

checkCanDeleteFromTable

default void checkCanDeleteFromTable(ConnectorTransactionHandle transactionHandle,
                                     Identity identity,
                                     SchemaTableName tableName)

Check if identity is allowed to delete from the specified table in this catalog.

Throws:: AccessDeniedException - if not allowed

checkCanCreateView

default void checkCanCreateView(ConnectorTransactionHandle transactionHandle,
                                Identity identity,
                                SchemaTableName viewName)

Check if identity is allowed to create the specified view in this catalog.

Throws:: AccessDeniedException - if not allowed

checkCanDropView

default void checkCanDropView(ConnectorTransactionHandle transactionHandle,
                              Identity identity,
                              SchemaTableName viewName)

Check if identity is allowed to drop the specified view in this catalog.

Throws:: AccessDeniedException - if not allowed

checkCanSelectFromView
```
@Deprecated
default void checkCanSelectFromView(ConnectorTransactionHandle transactionHandle,
                                                Identity identity,
                                                SchemaTableName viewName)
```
Deprecated. Use checkCanSelectFromColumns(com.facebook.presto.spi.connector.ConnectorTransactionHandle, com.facebook.presto.spi.security.Identity, com.facebook.presto.spi.SchemaTableName, java.util.Set<java.lang.String>) instead

Check if identity is allowed to select from the specified view in this catalog.

Throws:

AccessDeniedException - if not allowed

checkCanCreateViewWithSelectFromTable
```
@Deprecated
default void checkCanCreateViewWithSelectFromTable(ConnectorTransactionHandle transactionHandle,
                                                               Identity identity,
                                                               SchemaTableName tableName)
```
Deprecated. Use checkCanCreateViewWithSelectFromColumns(com.facebook.presto.spi.connector.ConnectorTransactionHandle, com.facebook.presto.spi.security.Identity, com.facebook.presto.spi.SchemaTableName, java.util.Set<java.lang.String>) instead

Check if identity is allowed to create the specified view that selects from the specified table in this catalog.

Throws:

AccessDeniedException - if not allowed

checkCanCreateViewWithSelectFromView
```
@Deprecated
default void checkCanCreateViewWithSelectFromView(ConnectorTransactionHandle transactionHandle,
                                                              Identity identity,
                                                              SchemaTableName viewName)
```
Deprecated. Use checkCanCreateViewWithSelectFromColumns(com.facebook.presto.spi.connector.ConnectorTransactionHandle, com.facebook.presto.spi.security.Identity, com.facebook.presto.spi.SchemaTableName, java.util.Set<java.lang.String>) instead

Check if identity is allowed to create a view that selects from the specified view in this catalog.

Throws:

AccessDeniedException - if not allowed

checkCanCreateViewWithSelectFromColumns

default void checkCanCreateViewWithSelectFromColumns(ConnectorTransactionHandle transactionHandle,
                                                     Identity identity,
                                                     SchemaTableName tableName,
                                                     Set<String> columnNames)

Check if identity is allowed to create a view that selects from the specified columns in a relation.

Throws:: AccessDeniedException - if not allowed

checkCanSetCatalogSessionProperty

default void checkCanSetCatalogSessionProperty(Identity identity,
                                               String propertyName)

Check if identity is allowed to set the specified property in this catalog.

Throws:: AccessDeniedException - if not allowed

checkCanGrantTablePrivilege

default void checkCanGrantTablePrivilege(ConnectorTransactionHandle transactionHandle,
                                         Identity identity,
                                         Privilege privilege,
                                         SchemaTableName tableName,
                                         String grantee,
                                         boolean withGrantOption)

Check if identity is allowed to grant to any other user the specified privilege on the specified table.

Throws:: AccessDeniedException - if not allowed

checkCanRevokeTablePrivilege

default void checkCanRevokeTablePrivilege(ConnectorTransactionHandle transactionHandle,
                                          Identity identity,
                                          Privilege privilege,
                                          SchemaTableName tableName,
                                          String revokee,
                                          boolean grantOptionFor)

Check if identity is allowed to revoke the specified privilege on the specified table from any user.

Throws:: AccessDeniedException - if not allowed

Interface ConnectorAccessControl