use of io.trino.plugin.base.security.CatalogAccessControlRule.AccessMode.READ_ONLY in project trino by trinodb.
the class FileBasedSystemAccessControl method checkCanSelectFromColumns.
@Override
public void checkCanSelectFromColumns(SystemSecurityContext context, CatalogSchemaTableName table, Set<String> columns) {
if (!canAccessCatalog(context, table.getCatalogName(), READ_ONLY)) {
denySelectTable(table.toString());
}
if (INFORMATION_SCHEMA_NAME.equals(table.getSchemaTableName().getSchemaName())) {
return;
}
Identity identity = context.getIdentity();
boolean allowed = tableRules.stream().filter(rule -> rule.matches(identity.getUser(), identity.getEnabledRoles(), identity.getGroups(), table)).map(rule -> rule.canSelectColumns(columns)).findFirst().orElse(false);
if (!allowed) {
denySelectTable(table.toString());
}
}
Aggregations