Package org.teiid
Interface PolicyDecider
-
- All Known Implementing Classes:
DataRolePolicyDecider
public interface PolicyDecider
A policy decider that reports authorization decisions for further action. A decider may be called many times for a single user command. Typically there will be 1 call for every command/subquery/temp table access/function call.
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description Set<AbstractMetadataRecord>
getInaccessibleResources(DataPolicy.PermissionType action, Set<AbstractMetadataRecord> resources, DataPolicy.Context context, CommandContext commandContext)
Returns the set of resources not allowed to be accessed by the current user.boolean
hasRole(String roleName, CommandContext context)
Called by the system hasRole function to determine role membership.boolean
isLanguageAllowed(String language, CommandContext commandContext)
Returns true if the given language is allowedboolean
isTempAccessible(DataPolicy.PermissionType action, AbstractMetadataRecord resource, DataPolicy.Context context, CommandContext commandContext)
Checks if the temp table are accessible.boolean
validateCommand(CommandContext commandContext)
Determines if an authorization check should proceed
-
-
-
Method Detail
-
hasRole
boolean hasRole(String roleName, CommandContext context)
Called by the system hasRole function to determine role membership.- Parameters:
roleName
-context
-- Returns:
- true if the user has the given role name, otherwise false
-
getInaccessibleResources
Set<AbstractMetadataRecord> getInaccessibleResources(DataPolicy.PermissionType action, Set<AbstractMetadataRecord> resources, DataPolicy.Context context, CommandContext commandContext)
Returns the set of resources not allowed to be accessed by the current user.- Parameters:
action
- if context is METADATA, then action execute means a procedure or function, and read some other resourceresources
-context
- in which the action is performed. For example you can have a context ofDataPolicy.Context.UPDATE
for aDataPolicy.PermissionType.READ
for columns used in an UPDATE condition.commandContext
-- Returns:
- the set of inaccessible resources, never null
-
isLanguageAllowed
boolean isLanguageAllowed(String language, CommandContext commandContext)
Returns true if the given language is allowed- Parameters:
language
-commandContext
-- Returns:
-
isTempAccessible
boolean isTempAccessible(DataPolicy.PermissionType action, AbstractMetadataRecord resource, DataPolicy.Context context, CommandContext commandContext)
Checks if the temp table are accessible. Typically as long as temp tables can be created, all operations are allowed.- Parameters:
action
-resource
- will be null for general temp accesscontext
- in which the action is performed. For example you can have a context ofDataPolicy.Context.UPDATE
for aDataPolicy.PermissionType.READ
for columns used in an UPDATE condition.commandContext
-- Returns:
- true if the access is allowed, otherwise false
-
validateCommand
boolean validateCommand(CommandContext commandContext)
Determines if an authorization check should proceed- Parameters:
commandContext
-- Returns:
-
-