Refine search
@Override public void checkCanCreateViewWithSelectFromColumns(ConnectorTransactionHandle transaction, Identity identity, SchemaTableName tableName, Set<String> columnNames) { // TODO implement column level access control if (!checkTablePermission(transaction, identity, tableName, SELECT)) { denySelectTable(tableName.toString()); } if (!getGrantOptionForPrivilege(transaction, identity, Privilege.SELECT, tableName)) { denyCreateViewWithSelect(tableName.toString(), identity); } }
/** * Check if identity is allowed to add columns to the specified table in this catalog. * * @throws com.facebook.presto.spi.security.AccessDeniedException if not allowed */ default void checkCanAddColumn(ConnectorTransactionHandle transactionHandle, Identity identity, SchemaTableName tableName) { denyAddColumn(tableName.toString()); }
@Override public void checkCanCreateTable(ConnectorTransactionHandle transaction, Identity identity, SchemaTableName tableName) { if (!isDatabaseOwner(transaction, identity, tableName.getSchemaName())) { denyCreateTable(tableName.toString()); } }
@Override public void checkCanDropTable(ConnectorTransactionHandle transaction, Identity identity, SchemaTableName tableName) { if (!allowDropTable) { denyDropTable(tableName.toString()); } Optional<Table> target = metastoreProvider.apply(((HiveTransactionHandle) transaction)).getTable(tableName.getSchemaName(), tableName.getTableName()); if (!target.isPresent()) { denyDropTable(tableName.toString(), "Table not found"); } if (!identity.getUser().equals(target.get().getOwner())) { denyDropTable(tableName.toString(), "Owner of the table is different from session user"); } }
@Override public void checkCanGrantTablePrivilege(Identity identity, Privilege privilege, SchemaTableName tableName) { if (checkTablePermission(identity, tableName, OWNERSHIP)) { return; } HivePrivilege hivePrivilege = toHivePrivilege(privilege); if (hivePrivilege == null || !metastore.hasPrivilegeWithGrantOptionOnTable(identity.getUser(), tableName.getSchemaName(), tableName.getTableName(), hivePrivilege)) { denyGrantTablePrivilege(privilege.name(), tableName.toString()); } }
@Override public void checkCanCreateView(ConnectorTransactionHandle transaction, Identity identity, SchemaTableName viewName) { if (!isDatabaseOwner(identity, viewName.getSchemaName())) { denyCreateView(viewName.toString()); } }
@Override public void checkCanRenameColumn(ConnectorTransactionHandle transaction, Identity identity, SchemaTableName tableName) { if (!allowRenameColumn) { denyRenameColumn(tableName.toString()); } }
/** * Check if identity is allowed to grant to any other user the specified privilege on the specified table. * * @throws com.facebook.presto.spi.security.AccessDeniedException if not allowed */ default void checkCanGrantTablePrivilege(ConnectorTransactionHandle transactionHandle, Identity identity, Privilege privilege, SchemaTableName tableName, String grantee, boolean withGrantOption) { denyGrantTablePrivilege(privilege.toString(), tableName.toString()); }
@Override public void checkCanDropView(ConnectorTransactionHandle transaction, Identity identity, SchemaTableName viewName) { denyDropView(viewName.toString()); }
/** * Check if identity is allowed to delete from the specified table in this catalog. * * @throws com.facebook.presto.spi.security.AccessDeniedException if not allowed */ default void checkCanDeleteFromTable(ConnectorTransactionHandle transactionHandle, Identity identity, SchemaTableName tableName) { denyDeleteTable(tableName.toString()); }
/** * Check if identity is allowed to insert into the specified table in this catalog. * * @throws com.facebook.presto.spi.security.AccessDeniedException if not allowed */ default void checkCanInsertIntoTable(ConnectorTransactionHandle transactionHandle, Identity identity, SchemaTableName tableName) { denyInsertTable(tableName.toString()); }
@Override public void checkCanCreateViewWithSelectFromTable(TransactionId transactionId, Identity identity, QualifiedObjectName tableName) { if (shouldDenyPrivilege(identity.getUser(), tableName.getObjectName(), CREATE_VIEW_WITH_SELECT_TABLE)) { denySelectTable(tableName.toString()); } if (denyPrivileges.isEmpty()) { super.checkCanCreateViewWithSelectFromTable(transactionId, identity, tableName); } }
/** * Check if identity is allowed to drop the specified table in this catalog. * * @throws com.facebook.presto.spi.security.AccessDeniedException if not allowed */ default void checkCanDropTable(ConnectorTransactionHandle transactionHandle, Identity identity, SchemaTableName tableName) { denyDropTable(tableName.toString()); }
@Override public void checkCanDropView(TransactionId transactionId, Identity identity, QualifiedObjectName viewName) { if (shouldDenyPrivilege(identity.getUser(), viewName.getObjectName(), DROP_VIEW)) { denyDropView(viewName.toString()); } if (denyPrivileges.isEmpty()) { super.checkCanDropView(transactionId, identity, viewName); } }
@Override public void checkCanAddColumns(TransactionId transactionId, Identity identity, QualifiedObjectName tableName) { if (shouldDenyPrivilege(identity.getUser(), tableName.getObjectName(), ADD_COLUMN)) { denyAddColumn(tableName.toString()); } super.checkCanAddColumns(transactionId, identity, tableName); }
@Override public void checkCanDeleteFromTable(TransactionId transactionId, Identity identity, QualifiedObjectName tableName) { if (shouldDenyPrivilege(identity.getUser(), tableName.getObjectName(), DELETE_TABLE)) { denyDeleteTable(tableName.toString()); } if (denyPrivileges.isEmpty()) { super.checkCanDeleteFromTable(transactionId, identity, tableName); } }
@Override public void checkCanDropTable(TransactionId transactionId, Identity identity, QualifiedObjectName tableName) { if (shouldDenyPrivilege(identity.getUser(), tableName.getObjectName(), DROP_TABLE)) { denyDropTable(tableName.toString()); } if (denyPrivileges.isEmpty()) { super.checkCanDropTable(transactionId, identity, tableName); } }
@Override public void checkCanCreateTable(TransactionId transactionId, Identity identity, QualifiedObjectName tableName) { if (shouldDenyPrivilege(identity.getUser(), tableName.getObjectName(), CREATE_TABLE)) { denyCreateTable(tableName.toString()); } if (denyPrivileges.isEmpty()) { super.checkCanCreateTable(transactionId, identity, tableName); } }
@Override public void checkCanCreateView(TransactionId transactionId, Identity identity, QualifiedObjectName viewName) { if (shouldDenyPrivilege(identity.getUser(), viewName.getObjectName(), CREATE_VIEW)) { denyCreateView(viewName.toString()); } if (denyPrivileges.isEmpty()) { super.checkCanCreateView(transactionId, identity, viewName); } }
@Override public void checkCanInsertIntoTable(TransactionId transactionId, Identity identity, QualifiedObjectName tableName) { if (shouldDenyPrivilege(identity.getUser(), tableName.getObjectName(), INSERT_TABLE)) { denyInsertTable(tableName.toString()); } if (denyPrivileges.isEmpty()) { super.checkCanInsertIntoTable(transactionId, identity, tableName); } }