PolicyDecider (Teiid 10.0.0.Final API)

All Known Implementing Classes:

DataRolePolicyDecider
```
public interface PolicyDecider
```
A policy decider that reports authorization decisions for further action. A decider may be called many times for a single user command. Typically there will be 1 call for every command/subquery/temp table access/function call.

Method Summary

All Methods Instance Methods Abstract Methods
Modifier and Type	Method and Description
`Set<String>`	`getInaccessibleResources(DataPolicy.PermissionType action, Set<String> resources, DataPolicy.Context context, CommandContext commandContext)` Returns the set of resources not allowed to be accessed by the current user.
`boolean`	`hasRole(String roleName, CommandContext context)` Called by the system hasRole function to determine role membership.
`boolean`	`isTempAccessible(DataPolicy.PermissionType action, String resource, DataPolicy.Context context, CommandContext commandContext)` Checks if the given temp table is accessible.
`boolean`	`validateCommand(CommandContext commandContext)` Determines if an authorization check should proceed

- Method Detail
  - hasRole
```
boolean hasRole(String roleName,
                CommandContext context)
```
    Called by the system hasRole function to determine role membership.
    
    Parameters:
    
    roleName -
    
    context -
    
    Returns:
    
    true if the user has the given role name, otherwise false
  - getInaccessibleResources
```
Set<String> getInaccessibleResources(DataPolicy.PermissionType action,
                                     Set<String> resources,
                                     DataPolicy.Context context,
                                     CommandContext commandContext)
```
    Returns the set of resources not allowed to be accessed by the current user. Resource names are given based upon the FQNs (NOTE these are non-SQL names - identifiers are not quoted).
    
    Parameters:
    
    action -
    
    resources -
    
    context - in which the action is performed. For example you can have a context of DataPolicy.Context.UPDATE for a DataPolicy.PermissionType.READ for columns used in an UPDATE condition.
    
    commandContext -
    
    Returns:
    
    the set of inaccessible resources, never null
  - isTempAccessible
```
boolean isTempAccessible(DataPolicy.PermissionType action,
                         String resource,
                         DataPolicy.Context context,
                         CommandContext commandContext)
```
    Checks if the given temp table is accessible. Typically as long as temp tables can be created, all operations are allowed. Resource names are given based upon the FQNs (NOTE these are non-SQL names - identifiers are not quoted).
    
    Parameters:
    
    action -
    
    resource -
    
    context - in which the action is performed. For example you can have a context of DataPolicy.Context.UPDATE for a DataPolicy.PermissionType.READ for columns used in an UPDATE condition.
    
    commandContext -
    
    Returns:
    
    true if the access is allowed, otherwise false
  - validateCommand
```
boolean validateCommand(CommandContext commandContext)
```
    Determines if an authorization check should proceed
    
    Parameters:
    
    commandContext -
    
    Returns:

Interface PolicyDecider

Method Summary

Method Detail

hasRole

getInaccessibleResources

isTempAccessible

validateCommand