org.teiid.dqp.internal.process

Class DataRolePolicyDecider

java.lang.Object

org.teiid.dqp.internal.process.DataRolePolicyDecider

All Implemented Interfaces:

PolicyDecider

public class DataRolePolicyDecider
extends Object
implements PolicyDecider

Constructor Summary

Constructors

Constructor and Description
DataRolePolicyDecider()

Method Summary

Modifier and Type	Method and Description
Set<String>	getInaccessibleResources(DataPolicy.PermissionType action, Set<String> resources, DataPolicy.Context context, CommandContext commandContext) Returns the set of resources not allowed to be accessed by the current user.
boolean	hasRole(String roleName, CommandContext context) Called by the system hasRole function to determine role membership.
boolean	isTempAccessible(DataPolicy.PermissionType action, String resource, DataPolicy.Context context, CommandContext commandContext) Checks if the given temp table is accessible.
void	setAllowCreateTemporaryTablesByDefault(boolean allowCreateTemporaryTablesByDefault)
void	setAllowFunctionCallsByDefault(boolean allowFunctionCallsDefault)
boolean	validateCommand(CommandContext commandContext) Determines if an authorization check should proceed

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DataRolePolicyDecider

public DataRolePolicyDecider()

Method Detail

getInaccessibleResources

public Set<String> getInaccessibleResources(DataPolicy.PermissionType action,
                                            Set<String> resources,
                                            DataPolicy.Context context,
                                            CommandContext commandContext)

Description copied from interface: PolicyDecider

Returns the set of resources not allowed to be accessed by the current user. Resource names are given based upon the FQNs (NOTE these are non-SQL names - identifiers are not quoted).

Specified by:

getInaccessibleResources in interface PolicyDecider

context - in which the action is performed. For example you can have a context of DataPolicy.Context.UPDATE for a DataPolicy.PermissionType.READ for columns used in an UPDATE condition.

Returns:

the set of inaccessible resources, never null

hasRole

public boolean hasRole(String roleName,
                       CommandContext context)

Description copied from interface: PolicyDecider

Called by the system hasRole function to determine role membership.

Specified by:

hasRole in interface PolicyDecider

Returns:

true if the user has the given role name, otherwise false

isTempAccessible

public boolean isTempAccessible(DataPolicy.PermissionType action,
                                String resource,
                                DataPolicy.Context context,
                                CommandContext commandContext)

Description copied from interface: PolicyDecider

Checks if the given temp table is accessible. Typically as long as temp tables can be created, all operations are allowed. Resource names are given based upon the FQNs (NOTE these are non-SQL names - identifiers are not quoted).

Specified by:

isTempAccessible in interface PolicyDecider

context - in which the action is performed. For example you can have a context of DataPolicy.Context.UPDATE for a DataPolicy.PermissionType.READ for columns used in an UPDATE condition.

Returns:

true if the access is allowed, otherwise false

setAllowCreateTemporaryTablesByDefault

public void setAllowCreateTemporaryTablesByDefault(boolean allowCreateTemporaryTablesByDefault)

setAllowFunctionCallsByDefault

public void setAllowFunctionCallsByDefault(boolean allowFunctionCallsDefault)

validateCommand

public boolean validateCommand(CommandContext commandContext)

Description copied from interface: PolicyDecider

Determines if an authorization check should proceed

Specified by:

validateCommand in interface PolicyDecider

Returns: