/** * Check if identity is allowed to set the specified property in a catalog. * * @throws com.facebook.presto.spi.security.AccessDeniedException if not allowed */ default void checkCanSetCatalogSessionProperty(Identity identity, String catalogName, String propertyName) { denySetCatalogSessionProperty(propertyName); }
@Override public void checkCanRenameSchema(ConnectorTransactionHandle transactionHandle, Identity identity, String schemaName, String newSchemaName) { denyRenameSchema(schemaName, newSchemaName); }
@Override public void checkCanCreateSchema(ConnectorTransactionHandle transactionHandle, Identity identity, String schemaName) { denyCreateSchema(schemaName); }
@Override public void checkCanGrantTablePrivilege(TransactionId transactionId, Identity identity, Privilege privilege, QualifiedObjectName tableName, String grantee, boolean withGrantOption) { denyGrantTablePrivilege(privilege.name(), tableName.toString()); }
@Override public void checkCanRevokeTablePrivilege(TransactionId transactionId, Identity identity, Privilege privilege, QualifiedObjectName tableName, String revokee, boolean grantOptionFor) { denyRevokeTablePrivilege(privilege.name(), tableName.toString()); }
/** * Check if identity is allowed to grant to any other user the specified privilege on the specified table. * * @throws com.facebook.presto.spi.security.AccessDeniedException if not allowed */ default void checkCanGrantTablePrivilege(ConnectorTransactionHandle transactionHandle, Identity identity, Privilege privilege, SchemaTableName tableName, String grantee, boolean withGrantOption) { denyGrantTablePrivilege(privilege.toString(), tableName.toString()); }
/** * Check if identity is allowed to revoke the specified privilege on the specified table from any user. * * @throws com.facebook.presto.spi.security.AccessDeniedException if not allowed */ default void checkCanRevokeTablePrivilege(ConnectorTransactionHandle transactionHandle, Identity identity, Privilege privilege, SchemaTableName tableName, String revokee, boolean grantOptionFor) { denyRevokeTablePrivilege(privilege.toString(), tableName.toString()); } }
@Override public void checkCanDropSchema(ConnectorTransactionHandle transactionHandle, Identity identity, String schemaName) { denyDropSchema(schemaName); }
private static void denySetSessionProperty(String propertyName) { throw new AccessDeniedException("Cannot set catalog session property: " + propertyName); } }
@Override public void checkCanSetUser(Optional<Principal> principal, String userName) { denySetUser(principal, userName); }
@Override public void checkCanSetSystemSessionProperty(Identity identity, String propertyName) { denySetSystemSessionProperty(propertyName); }
@Override public void checkCanAccessCatalog(Identity identity, String catalogName) { denyCatalogAccess(catalogName); }
@Override public void checkCanShowSchemas(TransactionId transactionId, Identity identity, String catalogName) { denyShowSchemas(); }
@Override public void checkCanRevokeTablePrivilege(ConnectorTransactionHandle transaction, Identity identity, Privilege privilege, SchemaTableName tableName, String revokee, boolean grantOptionFor) { denyRevokeTablePrivilege(privilege.name(), tableName.toString()); } }
/** * Check if identity is allowed to grant the specified privilege to the grantee on the specified table. * * @throws com.facebook.presto.spi.security.AccessDeniedException if not allowed */ default void checkCanGrantTablePrivilege(Identity identity, Privilege privilege, CatalogSchemaTableName table, String grantee, boolean withGrantOption) { denyGrantTablePrivilege(privilege.toString(), table.toString()); }
@Override public void checkCanSetCatalogSessionProperty(TransactionId transactionId, Identity identity, String catalogName, String propertyName) { denySetCatalogSessionProperty(catalogName, propertyName); }
/** * Check if identity is allowed to revoke the specified privilege on the specified table from the revokee. * * @throws com.facebook.presto.spi.security.AccessDeniedException if not allowed */ default void checkCanRevokeTablePrivilege(Identity identity, Privilege privilege, CatalogSchemaTableName table, String revokee, boolean grantOptionFor) { denyRevokeTablePrivilege(privilege.toString(), table.toString()); } }
/** * Check if identity is allowed to rename the specified schema in this catalog. * * @throws com.facebook.presto.spi.security.AccessDeniedException if not allowed */ default void checkCanRenameSchema(ConnectorTransactionHandle transactionHandle, Identity identity, String schemaName, String newSchemaName) { denyRenameSchema(schemaName, newSchemaName); }
/** * Check if identity is allowed to access the specified catalog * * @throws com.facebook.presto.spi.security.AccessDeniedException if not allowed */ default void checkCanAccessCatalog(Identity identity, String catalogName) { denyCatalogAccess(catalogName); }
/** * Check if identity is allowed to set the specified property in this catalog. * * @throws com.facebook.presto.spi.security.AccessDeniedException if not allowed */ default void checkCanSetCatalogSessionProperty(ConnectorTransactionHandle transactionHandle, Identity identity, String propertyName) { denySetCatalogSessionProperty(propertyName); }