/** * Check if identity is allowed to drop columns from the specified table in this catalog. * * @throws com.facebook.presto.spi.security.AccessDeniedException if not allowed */ default void checkCanDropColumn(ConnectorTransactionHandle transactionHandle, Identity identity, SchemaTableName tableName) { denyDropColumn(tableName.toString()); }
@Override public void checkCanDropTable(ConnectorTransactionHandle transaction, Identity identity, SchemaTableName tableName) { denyDropTable(tableName.toString()); }
@Override public void checkCanRenameTable(ConnectorTransactionHandle transaction, Identity identity, SchemaTableName tableName, SchemaTableName newTableName) { if (!checkTablePermission(transaction, identity, tableName, OWNERSHIP)) { denyRenameTable(tableName.toString(), newTableName.toString()); } }
@Override public void checkCanDropColumn(ConnectorTransactionHandle transactionHandle, Identity identity, SchemaTableName tableName) { if (!allowDropColumn) { denyDropColumn(tableName.toString()); } }
@Override public void checkCanRenameColumn(ConnectorTransactionHandle transaction, Identity identity, SchemaTableName tableName) { if (!allowRenameColumn) { denyRenameColumn(tableName.toString()); } }
@Override public void checkCanCreateTable(ConnectorTransactionHandle transaction, Identity identity, SchemaTableName tableName) { denyCreateTable(tableName.toString()); }
@Override public void checkCanAddColumn(ConnectorTransactionHandle transaction, Identity identity, SchemaTableName tableName) { if (!checkTablePermission(transaction, identity, tableName, OWNERSHIP)) { denyAddColumn(tableName.toString()); } }
@Override public void checkCanRenameColumn(ConnectorTransactionHandle transaction, Identity identity, SchemaTableName tableName) { if (!checkTablePermission(transaction, identity, tableName, OWNERSHIP)) { denyRenameColumn(tableName.toString()); } }
@Override public void checkCanDropView(ConnectorTransactionHandle transaction, Identity identity, SchemaTableName viewName) { if (!checkTablePermission(transaction, identity, viewName, OWNERSHIP)) { denyDropView(viewName.toString()); } }
/** * Check if identity is allowed to revoke the specified privilege on the specified table from any user. * * @throws com.facebook.presto.spi.security.AccessDeniedException if not allowed */ default void checkCanRevokeTablePrivilege(ConnectorTransactionHandle transactionHandle, Identity identity, Privilege privilege, SchemaTableName tableName, String revokee, boolean grantOptionFor) { denyRevokeTablePrivilege(privilege.toString(), tableName.toString()); } }
@Override public void checkCanSelectFromColumns(ConnectorTransactionHandle transactionHandle, Identity identity, SchemaTableName tableName, Set<String> columnNames) { // TODO: Implement column level permissions if (!checkTablePermission(identity, tableName, SELECT)) { denySelectTable(tableName.toString()); } }
@Override public void checkCanDropTable(ConnectorTransactionHandle transaction, Identity identity, SchemaTableName tableName) { if (!checkTablePermission(transaction, identity, tableName, OWNERSHIP)) { denyDropTable(tableName.toString()); } }
@Override public void checkCanAddColumn(ConnectorTransactionHandle transaction, Identity identity, SchemaTableName tableName) { if (!checkTablePermission(identity, tableName, OWNERSHIP)) { denyAddColumn(tableName.toString()); } }
@Override public void checkCanCreateTable(ConnectorTransactionHandle transaction, Identity identity, SchemaTableName tableName) { if (!isDatabaseOwner(transaction, identity, tableName.getSchemaName())) { denyCreateTable(tableName.toString()); } }
@Override public void checkCanSelectFromColumns(ConnectorTransactionHandle transactionHandle, Identity identity, SchemaTableName tableName, Set<String> columnNames) { denySelectColumns(tableName.toString(), columnNames); }
@Override public void checkCanGrantTablePrivilege(ConnectorTransactionHandle transaction, Identity identity, Privilege privilege, SchemaTableName tableName, String grantee, boolean withGrantOption) { if (!checkTablePermission(identity, tableName, OWNERSHIP)) { denyGrantTablePrivilege(privilege.name(), tableName.toString()); } }
@Override public void checkCanRevokeTablePrivilege(ConnectorTransactionHandle transaction, Identity identity, Privilege privilege, SchemaTableName tableName, String revokee, boolean grantOptionFor) { if (!checkTablePermission(identity, tableName, OWNERSHIP)) { denyRevokeTablePrivilege(privilege.name(), tableName.toString()); } }
@Override public void checkCanRevokeTablePrivilege(ConnectorTransactionHandle transaction, Identity identity, Privilege privilege, SchemaTableName tableName, String revokee, boolean grantOptionFor) { if (checkTablePermission(transaction, identity, tableName, OWNERSHIP)) { return; } HivePrivilege hivePrivilege = toHivePrivilege(privilege); if (hivePrivilege == null || !getGrantOptionForPrivilege(transaction, identity, privilege, tableName)) { denyRevokeTablePrivilege(privilege.name(), tableName.toString()); } }
private static Map<SchemaTableName, KafkaTopicDescription> createTpchTopicDescriptions(Metadata metadata, Iterable<TpchTable<?>> tables) throws Exception { JsonCodec<KafkaTopicDescription> topicDescriptionJsonCodec = new CodecSupplier<>(KafkaTopicDescription.class, metadata).get(); ImmutableMap.Builder<SchemaTableName, KafkaTopicDescription> topicDescriptions = ImmutableMap.builder(); for (TpchTable<?> table : tables) { String tableName = table.getTableName(); SchemaTableName tpchTable = new SchemaTableName(TPCH_SCHEMA, tableName); topicDescriptions.put(loadTpchTopicDescription(topicDescriptionJsonCodec, tpchTable.toString(), tpchTable)); } return topicDescriptions.build(); }