Package org.apache.pinot.broker.api
Interface AccessControl
-
- All Superinterfaces:
FineGrainedAccessControl
@Public @Stable public interface AccessControl extends FineGrainedAccessControl
-
-
Method Summary
All Methods Instance Methods Default Methods Deprecated Methods Modifier and Type Method Description default org.apache.pinot.spi.auth.AuthorizationResultauthorize(RequesterIdentity requesterIdentity)First-step access control when processing broker requests.default org.apache.pinot.spi.auth.TableAuthorizationResultauthorize(RequesterIdentity requesterIdentity, Set<String> tables)Verify access control on pinot tables.default org.apache.pinot.spi.auth.AuthorizationResultauthorize(RequesterIdentity requesterIdentity, org.apache.pinot.common.request.BrokerRequest brokerRequest)Verify access control on parsed broker request.default booleanhasAccess(RequesterIdentity requesterIdentity)Deprecated.default booleanhasAccess(RequesterIdentity requesterIdentity, Set<String> tables)Deprecated.default booleanhasAccess(RequesterIdentity requesterIdentity, org.apache.pinot.common.request.BrokerRequest brokerRequest)Deprecated.-
Methods inherited from interface org.apache.pinot.core.auth.FineGrainedAccessControl
authorize, defaultAccess, hasAccess
-
-
-
-
Method Detail
-
hasAccess
@Deprecated default boolean hasAccess(RequesterIdentity requesterIdentity)
Deprecated.First-step access control when processing broker requests. Decides whether request is allowed to acquire resources for further processing. Request may still be rejected at table-level later on. The default implementation is kept to have backward compatibility with the existing implementations- Parameters:
requesterIdentity- requester identity- Returns:
trueif authorized,falseotherwise
-
authorize
default org.apache.pinot.spi.auth.AuthorizationResult authorize(RequesterIdentity requesterIdentity)
First-step access control when processing broker requests. Decides whether request is allowed to acquire resources for further processing. Request may still be rejected at table-level later on. The default implementation returns aBasicAuthorizationResultImplwith the result of the hasAccess() of the implementation- Parameters:
requesterIdentity- requester identity- Returns:
AuthorizationResultwith the result of the access control check
-
hasAccess
@Deprecated default boolean hasAccess(RequesterIdentity requesterIdentity, org.apache.pinot.common.request.BrokerRequest brokerRequest)
Deprecated.Fine-grained access control on parsed broker request. May check table, column, permissions, etc. The default implementation is kept to have backward compatibility with the existing implementations- Parameters:
requesterIdentity- requester identitybrokerRequest- broker request (incl query)- Returns:
trueif authorized,falseotherwise
-
authorize
default org.apache.pinot.spi.auth.AuthorizationResult authorize(RequesterIdentity requesterIdentity, org.apache.pinot.common.request.BrokerRequest brokerRequest)
Verify access control on parsed broker request. May check table, column, permissions, etc. The default implementation returns aBasicAuthorizationResultImplwith the result of the hasAccess() of the implementation- Parameters:
requesterIdentity- requester identitybrokerRequest- broker request (incl query)- Returns:
AuthorizationResultwith the result of the access control check
-
hasAccess
@Deprecated default boolean hasAccess(RequesterIdentity requesterIdentity, Set<String> tables)
Deprecated.Fine-grained access control on pinot tables. The default implementation is kept to have backward compatibility with the existing implementations- Parameters:
requesterIdentity- requester identitytables- Set of pinot tables used in the query. Table name can be with or without tableType.- Returns:
trueif authorized,falseotherwise
-
authorize
default org.apache.pinot.spi.auth.TableAuthorizationResult authorize(RequesterIdentity requesterIdentity, Set<String> tables)
Verify access control on pinot tables. The default implementation returns aTableAuthorizationResultwith the result of the hasAccess() of the implementation- Parameters:
requesterIdentity- requester identitytables- Set of pinot tables used in the query. Table name can be with or without tableType.- Returns:
TableAuthorizationResultwith the result of the access control check
-
-