Package io.prestosql.security

Interface AccessControl

All Known Implementing Classes:

AccessControlManager, AllowAllAccessControl, DenyAllAccessControl, ForwardingAccessControl, TestingAccessControlManager, ViewAccessControl

public interface AccessControl

Method Summary

Modifier and Type	Method	Description
void	checkCanAddColumns(SecurityContext context, QualifiedObjectName tableName)	Check if identity is allowed to add columns to the specified table.
void	checkCanCreateRole(SecurityContext context, String role, Optional<PrestoPrincipal> grantor, String catalogName)	Check if identity is allowed to create the specified role.
void	checkCanCreateSchema(SecurityContext context, CatalogSchemaName schemaName)	Check if identity is allowed to create the specified schema.
void	checkCanCreateTable(SecurityContext context, QualifiedObjectName tableName)	Check if identity is allowed to create the specified table.
void	checkCanCreateView(SecurityContext context, QualifiedObjectName viewName)	Check if identity is allowed to create the specified view.
void	checkCanCreateViewWithSelectFromColumns(SecurityContext context, QualifiedObjectName tableName, Set<String> columnNames)	Check if identity is allowed to create a view that selects from the specified columns.
void	checkCanDeleteFromTable(SecurityContext context, QualifiedObjectName tableName)	Check if identity is allowed to delete from the specified table.
void	checkCanDropColumn(SecurityContext context, QualifiedObjectName tableName)	Check if identity is allowed to drop columns from the specified table.
void	checkCanDropRole(SecurityContext context, String role, String catalogName)	Check if identity is allowed to drop the specified role.
void	checkCanDropSchema(SecurityContext context, CatalogSchemaName schemaName)	Check if identity is allowed to drop the specified schema.
void	checkCanDropTable(SecurityContext context, QualifiedObjectName tableName)	Check if identity is allowed to drop the specified table.
void	checkCanDropView(SecurityContext context, QualifiedObjectName viewName)	Check if identity is allowed to drop the specified view.
void	checkCanExecuteFunction(SecurityContext context, String functionName)	Check if identity is allowed to execute function
void	checkCanExecuteProcedure(SecurityContext context, QualifiedObjectName procedureName)	Check if identity is allowed to execute procedure
void	checkCanExecuteQuery(Identity identity)	Checks if identity can execute a query.
void	checkCanGrantExecuteFunctionPrivilege(SecurityContext context, String functionName, Identity grantee, boolean grantOption)	Check if identity is allowed to create a view that executes the function.
void	checkCanGrantRoles(SecurityContext context, Set<String> roles, Set<PrestoPrincipal> grantees, boolean adminOption, Optional<PrestoPrincipal> grantor, String catalogName)	Check if identity is allowed to grant the specified roles to the specified principals.
void	checkCanGrantTablePrivilege(SecurityContext context, Privilege privilege, QualifiedObjectName tableName, PrestoPrincipal grantee, boolean grantOption)	Check if identity is allowed to grant a privilege to the grantee on the specified table.
void	checkCanImpersonateUser(Identity identity, String userName)	Check if the identity is allowed impersonate the specified user.
void	checkCanInsertIntoTable(SecurityContext context, QualifiedObjectName tableName)	Check if identity is allowed to insert into the specified table.
void	checkCanKillQueryOwnedBy(Identity identity, String queryOwner)	Checks if identity can kill a query owned by the specified user.
void	checkCanReadSystemInformation(Identity identity)	Check if identity is allowed to read system information such as statistics, service registry, thread stacks, etc.
void	checkCanRenameColumn(SecurityContext context, QualifiedObjectName tableName)	Check if identity is allowed to rename a column in the specified table.
void	checkCanRenameSchema(SecurityContext context, CatalogSchemaName schemaName, String newSchemaName)	Check if identity is allowed to rename the specified schema.
void	checkCanRenameTable(SecurityContext context, QualifiedObjectName tableName, QualifiedObjectName newTableName)	Check if identity is allowed to rename the specified table.
void	checkCanRenameView(SecurityContext context, QualifiedObjectName viewName, QualifiedObjectName newViewName)	Check if identity is allowed to rename the specified view.
void	checkCanRevokeRoles(SecurityContext context, Set<String> roles, Set<PrestoPrincipal> grantees, boolean adminOption, Optional<PrestoPrincipal> grantor, String catalogName)	Check if identity is allowed to revoke the specified roles from the specified principals.
void	checkCanRevokeTablePrivilege(SecurityContext context, Privilege privilege, QualifiedObjectName tableName, PrestoPrincipal revokee, boolean grantOption)	Check if identity is allowed to revoke a privilege from the revokee on the specified table.
void	checkCanSelectFromColumns(SecurityContext context, QualifiedObjectName tableName, Set<String> columnNames)	Check if identity is allowed to select from the specified columns.
void	checkCanSetCatalogSessionProperty(SecurityContext context, String catalogName, String propertyName)	Check if identity is allowed to set the specified catalog property.
void	checkCanSetColumnComment(SecurityContext context, QualifiedObjectName tableName)	Check if identity is allowed to comment the specified column.
void	checkCanSetRole(SecurityContext context, String role, String catalogName)	Check if identity is allowed to set role for specified catalog.
void	checkCanSetSchemaAuthorization(SecurityContext context, CatalogSchemaName schemaName, PrestoPrincipal principal)	Check if identity is allowed to change the specified schema's user/role.
void	checkCanSetSystemSessionProperty(Identity identity, String propertyName)	Check if identity is allowed to set the specified system property.
void	checkCanSetTableComment(SecurityContext context, QualifiedObjectName tableName)	Check if identity is allowed to comment the specified table.
void	checkCanSetUser(Optional<Principal> principal, String userName)	Deprecated. replaced with user mapping during authentication and checkCanImpersonateUser(io.prestosql.spi.security.Identity, java.lang.String)
void	checkCanShowColumns(SecurityContext context, CatalogSchemaTableName table)	Check if identity is allowed to show columns of tables by executing SHOW COLUMNS, DESCRIBE etc.
void	checkCanShowCreateSchema(SecurityContext context, CatalogSchemaName schemaName)	Check if identity is allowed to execute SHOW CREATE SCHEMA.
void	checkCanShowCreateTable(SecurityContext context, QualifiedObjectName tableName)	Check if identity is allowed to execute SHOW CREATE TABLE, SHOW CREATE VIEW or SHOW CREATE MATERIALIZED VIEW
void	checkCanShowCurrentRoles(SecurityContext context, String catalogName)	Check if identity is allowed to show current roles on the specified catalog.
void	checkCanShowRoleAuthorizationDescriptors(SecurityContext context, String catalogName)	Check if identity is allowed to show role authorization descriptors (i.e.
void	checkCanShowRoleGrants(SecurityContext context, String catalogName)	Check if identity is allowed to show its own role grants on the specified catalog.
void	checkCanShowRoles(SecurityContext context, String catalogName)	Check if identity is allowed to show roles on the specified catalog.
void	checkCanShowSchemas(SecurityContext context, String catalogName)	Check if identity is allowed to execute SHOW SCHEMAS in a catalog.
void	checkCanShowTables(SecurityContext context, CatalogSchemaName schema)	Check if identity is allowed to show tables by executing SHOW TABLES, SHOW GRANTS etc.
void	checkCanViewQueryOwnedBy(Identity identity, String queryOwner)	Checks if identity can view a query owned by the specified user.
void	checkCanWriteSystemInformation(Identity identity)	Check if identity is allowed to write system information such as marking nodes offline, or changing runtime flags.
Set<String>	filterCatalogs(Identity identity, Set<String> catalogs)	Filter the list of catalogs to those visible to the identity.
List<ColumnMetadata>	filterColumns(SecurityContext context, CatalogSchemaTableName tableName, List<ColumnMetadata> columns)	Filter the list of columns to those visible to the identity.
Set<String>	filterQueriesOwnedBy(Identity identity, Set<String> queryOwners)	Filter the list of users to those the identity view query owned by the user.
Set<String>	filterSchemas(SecurityContext context, String catalogName, Set<String> schemaNames)	Filter the list of schemas in a catalog to those visible to the identity.
Set<SchemaTableName>	filterTables(SecurityContext context, String catalogName, Set<SchemaTableName> tableNames)	Filter the list of tables and views to those visible to the identity.
default List<ViewExpression>	getColumnMasks(SecurityContext context, QualifiedObjectName tableName, String columnName, Type type)
default List<ViewExpression>	getRowFilters(SecurityContext context, QualifiedObjectName tableName)

Method Detail

checkCanSetUser

@Deprecated
void checkCanSetUser(Optional<Principal> principal,
                     String userName)

Deprecated.

replaced with user mapping during authentication and checkCanImpersonateUser(io.prestosql.spi.security.Identity, java.lang.String)

Check if the principal is allowed to be the specified user.

Throws:

AccessDeniedException - if not allowed

checkCanImpersonateUser

void checkCanImpersonateUser(Identity identity,
                             String userName)

Check if the identity is allowed impersonate the specified user.

Throws:

AccessDeniedException - if not allowed

checkCanReadSystemInformation

void checkCanReadSystemInformation(Identity identity)

Check if identity is allowed to read system information such as statistics, service registry, thread stacks, etc. This is typically allowed for administrators and management tools.

Throws:

AccessDeniedException - if not allowed

checkCanWriteSystemInformation

void checkCanWriteSystemInformation(Identity identity)

Check if identity is allowed to write system information such as marking nodes offline, or changing runtime flags. This is typically allowed for administrators.

Throws:

AccessDeniedException - if not allowed

checkCanExecuteQuery

void checkCanExecuteQuery(Identity identity)

Checks if identity can execute a query.

Throws:

AccessDeniedException - if not allowed

checkCanViewQueryOwnedBy

void checkCanViewQueryOwnedBy(Identity identity,
                              String queryOwner)

Checks if identity can view a query owned by the specified user. The method will not be called when the current user is the query owner.

Throws:

AccessDeniedException - if not allowed

filterQueriesOwnedBy

Set<String> filterQueriesOwnedBy(Identity identity,
                                 Set<String> queryOwners)

Filter the list of users to those the identity view query owned by the user. The method will not be called with the current user in the set.

checkCanKillQueryOwnedBy

void checkCanKillQueryOwnedBy(Identity identity,
                              String queryOwner)

Checks if identity can kill a query owned by the specified user. The method will not be called when the current user is the query owner.

Throws:

AccessDeniedException - if not allowed

filterCatalogs

Set<String> filterCatalogs(Identity identity,
                           Set<String> catalogs)

Filter the list of catalogs to those visible to the identity.

checkCanCreateSchema

void checkCanCreateSchema(SecurityContext context,
                          CatalogSchemaName schemaName)

Check if identity is allowed to create the specified schema.

Throws:

AccessDeniedException - if not allowed

checkCanDropSchema

void checkCanDropSchema(SecurityContext context,
                        CatalogSchemaName schemaName)

Check if identity is allowed to drop the specified schema.

Throws:

AccessDeniedException - if not allowed

checkCanRenameSchema

void checkCanRenameSchema(SecurityContext context,
                          CatalogSchemaName schemaName,
                          String newSchemaName)

Check if identity is allowed to rename the specified schema.

Throws:

AccessDeniedException - if not allowed

checkCanSetSchemaAuthorization

void checkCanSetSchemaAuthorization(SecurityContext context,
                                    CatalogSchemaName schemaName,
                                    PrestoPrincipal principal)

Check if identity is allowed to change the specified schema's user/role.

Throws:

AccessDeniedException - if not allowed

checkCanShowSchemas

void checkCanShowSchemas(SecurityContext context,
                         String catalogName)

Check if identity is allowed to execute SHOW SCHEMAS in a catalog.

NOTE: This method is only present to give users an error message when listing is not allowed. The filterSchemas(io.prestosql.security.SecurityContext, java.lang.String, java.util.Set<java.lang.String>) method must filter all results for unauthorized users, since there are multiple ways to list schemas.

Throws:

AccessDeniedException - if not allowed

filterSchemas

Set<String> filterSchemas(SecurityContext context,
                          String catalogName,
                          Set<String> schemaNames)

Filter the list of schemas in a catalog to those visible to the identity.

checkCanShowCreateSchema

void checkCanShowCreateSchema(SecurityContext context,
                              CatalogSchemaName schemaName)

Check if identity is allowed to execute SHOW CREATE SCHEMA.

Throws:

AccessDeniedException - if not allowed

checkCanShowCreateTable

void checkCanShowCreateTable(SecurityContext context,
                             QualifiedObjectName tableName)

Check if identity is allowed to execute SHOW CREATE TABLE, SHOW CREATE VIEW or SHOW CREATE MATERIALIZED VIEW

Throws:

AccessDeniedException - if not allowed

checkCanCreateTable

void checkCanCreateTable(SecurityContext context,
                         QualifiedObjectName tableName)

Check if identity is allowed to create the specified table.

Throws:

AccessDeniedException - if not allowed

checkCanDropTable

void checkCanDropTable(SecurityContext context,
                       QualifiedObjectName tableName)

Check if identity is allowed to drop the specified table.

Throws:

AccessDeniedException - if not allowed

checkCanRenameTable

void checkCanRenameTable(SecurityContext context,
                         QualifiedObjectName tableName,
                         QualifiedObjectName newTableName)

Check if identity is allowed to rename the specified table.

Throws:

AccessDeniedException - if not allowed

checkCanSetTableComment

void checkCanSetTableComment(SecurityContext context,
                             QualifiedObjectName tableName)

Check if identity is allowed to comment the specified table.

Throws:

AccessDeniedException - if not allowed

checkCanSetColumnComment

void checkCanSetColumnComment(SecurityContext context,
                              QualifiedObjectName tableName)

Check if identity is allowed to comment the specified column.

Throws:

AccessDeniedException - if not allowed

checkCanShowTables

void checkCanShowTables(SecurityContext context,
                        CatalogSchemaName schema)

Check if identity is allowed to show tables by executing SHOW TABLES, SHOW GRANTS etc. in a catalog schema.

NOTE: This method is only present to give users an error message when listing is not allowed. The filterTables(io.prestosql.security.SecurityContext, java.lang.String, java.util.Set<io.prestosql.spi.connector.SchemaTableName>) method must filter all results for unauthorized users, since there are multiple ways to list tables.

Throws:

AccessDeniedException - if not allowed

filterTables

Set<SchemaTableName> filterTables(SecurityContext context,
                                  String catalogName,
                                  Set<SchemaTableName> tableNames)

Filter the list of tables and views to those visible to the identity.

checkCanShowColumns

void checkCanShowColumns(SecurityContext context,
                         CatalogSchemaTableName table)

Check if identity is allowed to show columns of tables by executing SHOW COLUMNS, DESCRIBE etc.

NOTE: This method is only present to give users an error message when listing is not allowed. The filterColumns(io.prestosql.security.SecurityContext, io.prestosql.spi.connector.CatalogSchemaTableName, java.util.List<io.prestosql.spi.connector.ColumnMetadata>) method must filter all results for unauthorized users, since there are multiple ways to list columns.

Throws:

AccessDeniedException - if not allowed

filterColumns

List<ColumnMetadata> filterColumns(SecurityContext context,
                                   CatalogSchemaTableName tableName,
                                   List<ColumnMetadata> columns)

Filter the list of columns to those visible to the identity.

checkCanAddColumns

void checkCanAddColumns(SecurityContext context,
                        QualifiedObjectName tableName)

Check if identity is allowed to add columns to the specified table.

Throws:

AccessDeniedException - if not allowed

checkCanDropColumn

void checkCanDropColumn(SecurityContext context,
                        QualifiedObjectName tableName)

Check if identity is allowed to drop columns from the specified table.

Throws:

AccessDeniedException - if not allowed

checkCanRenameColumn

void checkCanRenameColumn(SecurityContext context,
                          QualifiedObjectName tableName)

Check if identity is allowed to rename a column in the specified table.

Throws:

AccessDeniedException - if not allowed

checkCanInsertIntoTable

void checkCanInsertIntoTable(SecurityContext context,
                             QualifiedObjectName tableName)

Check if identity is allowed to insert into the specified table.

Throws:

AccessDeniedException - if not allowed

checkCanDeleteFromTable

void checkCanDeleteFromTable(SecurityContext context,
                             QualifiedObjectName tableName)

Check if identity is allowed to delete from the specified table.

Throws:

AccessDeniedException - if not allowed

checkCanCreateView

void checkCanCreateView(SecurityContext context,
                        QualifiedObjectName viewName)

Check if identity is allowed to create the specified view.

Throws:

AccessDeniedException - if not allowed

checkCanRenameView

void checkCanRenameView(SecurityContext context,
                        QualifiedObjectName viewName,
                        QualifiedObjectName newViewName)

Check if identity is allowed to rename the specified view.

Throws:

AccessDeniedException - if not allowed

checkCanDropView

void checkCanDropView(SecurityContext context,
                      QualifiedObjectName viewName)

Check if identity is allowed to drop the specified view.

Throws:

AccessDeniedException - if not allowed

checkCanCreateViewWithSelectFromColumns

void checkCanCreateViewWithSelectFromColumns(SecurityContext context,
                                             QualifiedObjectName tableName,
                                             Set<String> columnNames)

Check if identity is allowed to create a view that selects from the specified columns.

Throws:

AccessDeniedException - if not allowed

checkCanGrantExecuteFunctionPrivilege

void checkCanGrantExecuteFunctionPrivilege(SecurityContext context,
                                           String functionName,
                                           Identity grantee,
                                           boolean grantOption)

Check if identity is allowed to create a view that executes the function.

Throws:

AccessDeniedException - if not allowed

checkCanGrantTablePrivilege

void checkCanGrantTablePrivilege(SecurityContext context,
                                 Privilege privilege,
                                 QualifiedObjectName tableName,
                                 PrestoPrincipal grantee,
                                 boolean grantOption)

Check if identity is allowed to grant a privilege to the grantee on the specified table.

Throws:

AccessDeniedException - if not allowed

checkCanRevokeTablePrivilege

void checkCanRevokeTablePrivilege(SecurityContext context,
                                  Privilege privilege,
                                  QualifiedObjectName tableName,
                                  PrestoPrincipal revokee,
                                  boolean grantOption)

Check if identity is allowed to revoke a privilege from the revokee on the specified table.

Throws:

AccessDeniedException - if not allowed

checkCanSetSystemSessionProperty

void checkCanSetSystemSessionProperty(Identity identity,
                                      String propertyName)

Check if identity is allowed to set the specified system property.

Throws:

AccessDeniedException - if not allowed

checkCanSetCatalogSessionProperty

void checkCanSetCatalogSessionProperty(SecurityContext context,
                                       String catalogName,
                                       String propertyName)

Check if identity is allowed to set the specified catalog property.

Throws:

AccessDeniedException - if not allowed

checkCanSelectFromColumns

void checkCanSelectFromColumns(SecurityContext context,
                               QualifiedObjectName tableName,
                               Set<String> columnNames)

Check if identity is allowed to select from the specified columns. The column set can be empty.

Throws:

AccessDeniedException - if not allowed

checkCanCreateRole

void checkCanCreateRole(SecurityContext context,
                        String role,
                        Optional<PrestoPrincipal> grantor,
                        String catalogName)

Check if identity is allowed to create the specified role.

Throws:

AccessDeniedException - if not allowed

checkCanDropRole

void checkCanDropRole(SecurityContext context,
                      String role,
                      String catalogName)

Check if identity is allowed to drop the specified role.

Throws:

AccessDeniedException - if not allowed

checkCanGrantRoles

void checkCanGrantRoles(SecurityContext context,
                        Set<String> roles,
                        Set<PrestoPrincipal> grantees,
                        boolean adminOption,
                        Optional<PrestoPrincipal> grantor,
                        String catalogName)

Check if identity is allowed to grant the specified roles to the specified principals.

Throws:

AccessDeniedException - if not allowed

checkCanRevokeRoles

void checkCanRevokeRoles(SecurityContext context,
                         Set<String> roles,
                         Set<PrestoPrincipal> grantees,
                         boolean adminOption,
                         Optional<PrestoPrincipal> grantor,
                         String catalogName)

Check if identity is allowed to revoke the specified roles from the specified principals.

Throws:

AccessDeniedException - if not allowed

checkCanSetRole

void checkCanSetRole(SecurityContext context,
                     String role,
                     String catalogName)

Check if identity is allowed to set role for specified catalog.

Throws:

AccessDeniedException - if not allowed

checkCanShowRoleAuthorizationDescriptors

void checkCanShowRoleAuthorizationDescriptors(SecurityContext context,
                                              String catalogName)

Check if identity is allowed to show role authorization descriptors (i.e. RoleGrants).

Throws:

AccessDeniedException - if not allowed

checkCanShowRoles

void checkCanShowRoles(SecurityContext context,
                       String catalogName)

Check if identity is allowed to show roles on the specified catalog.

Throws:

AccessDeniedException - if not allowed

checkCanShowCurrentRoles

void checkCanShowCurrentRoles(SecurityContext context,
                              String catalogName)

Check if identity is allowed to show current roles on the specified catalog.

Throws:

AccessDeniedException - if not allowed

checkCanShowRoleGrants

void checkCanShowRoleGrants(SecurityContext context,
                            String catalogName)

Check if identity is allowed to show its own role grants on the specified catalog.

Throws:

AccessDeniedException - if not allowed

checkCanExecuteProcedure

void checkCanExecuteProcedure(SecurityContext context,
                              QualifiedObjectName procedureName)

Check if identity is allowed to execute procedure

Throws:

AccessDeniedException - if not allowed

checkCanExecuteFunction

void checkCanExecuteFunction(SecurityContext context,
                             String functionName)

Check if identity is allowed to execute function

Throws:

AccessDeniedException - if not allowed

getRowFilters

default List<ViewExpression> getRowFilters(SecurityContext context,
                                           QualifiedObjectName tableName)

getColumnMasks

default List<ViewExpression> getColumnMasks(SecurityContext context,
                                            QualifiedObjectName tableName,
                                            String columnName,
                                            Type type)