Examples with SystemSecurityContext io.trino.spi.security.SystemSecurityContext used on opensource projects

Search in sources :

Example 6 with SystemSecurityContext

use of io.trino.spi.security.SystemSecurityContext in project trino by trinodb.

the class TestFileBasedSystemAccessControl method testQueryNotSet.

@Test
public void testQueryNotSet() {
    SystemAccessControl accessControlManager = newFileBasedSystemAccessControl("file-based-system-catalog.json");
    accessControlManager.checkCanExecuteQuery(new SystemSecurityContext(bob, queryId));
    accessControlManager.checkCanViewQueryOwnedBy(new SystemSecurityContext(bob, queryId), any);
    assertEquals(accessControlManager.filterViewQueryOwnedBy(new SystemSecurityContext(bob, queryId), ImmutableSet.of("a", "b")), ImmutableSet.of("a", "b"));
    accessControlManager.checkCanKillQueryOwnedBy(new SystemSecurityContext(bob, queryId), any);
}
Also used : SystemSecurityContext(io.trino.spi.security.SystemSecurityContext) SystemAccessControl(io.trino.spi.security.SystemAccessControl) Test(org.testng.annotations.Test)

Example 7 with SystemSecurityContext

use of io.trino.spi.security.SystemSecurityContext in project trino by trinodb.

the class TestFileBasedSystemAccessControl method testQuery.

@Test
public void testQuery() {
    SystemAccessControl accessControlManager = newFileBasedSystemAccessControl("query.json");
    accessControlManager.checkCanExecuteQuery(new SystemSecurityContext(admin, queryId));
    accessControlManager.checkCanViewQueryOwnedBy(new SystemSecurityContext(admin, queryId), any);
    assertEquals(accessControlManager.filterViewQueryOwnedBy(new SystemSecurityContext(admin, queryId), ImmutableSet.of("a", "b")), ImmutableSet.of("a", "b"));
    accessControlManager.checkCanKillQueryOwnedBy(new SystemSecurityContext(admin, queryId), any);
    accessControlManager.checkCanExecuteQuery(new SystemSecurityContext(alice, queryId));
    accessControlManager.checkCanViewQueryOwnedBy(new SystemSecurityContext(alice, queryId), any);
    assertEquals(accessControlManager.filterViewQueryOwnedBy(new SystemSecurityContext(alice, queryId), ImmutableSet.of("a", "b")), ImmutableSet.of("a", "b"));
    assertThatThrownBy(() -> accessControlManager.checkCanKillQueryOwnedBy(new SystemSecurityContext(alice, queryId), any)).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot view query");
    assertThatThrownBy(() -> accessControlManager.checkCanExecuteQuery(new SystemSecurityContext(bob, queryId))).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot view query");
    assertThatThrownBy(() -> accessControlManager.checkCanViewQueryOwnedBy(new SystemSecurityContext(bob, queryId), any)).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot view query");
    assertEquals(accessControlManager.filterViewQueryOwnedBy(new SystemSecurityContext(bob, queryId), ImmutableSet.of("a", "b")), ImmutableSet.of());
    accessControlManager.checkCanKillQueryOwnedBy(new SystemSecurityContext(bob, queryId), any);
    accessControlManager.checkCanExecuteQuery(new SystemSecurityContext(dave, queryId));
    accessControlManager.checkCanViewQueryOwnedBy(new SystemSecurityContext(dave, queryId), alice);
    accessControlManager.checkCanViewQueryOwnedBy(new SystemSecurityContext(dave, queryId), dave);
    assertEquals(accessControlManager.filterViewQueryOwnedBy(new SystemSecurityContext(dave, queryId), ImmutableSet.of("alice", "bob", "dave", "admin")), ImmutableSet.of("alice", "dave"));
    assertThatThrownBy(() -> accessControlManager.checkCanKillQueryOwnedBy(new SystemSecurityContext(dave, queryId), alice)).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot view query");
    assertThatThrownBy(() -> accessControlManager.checkCanKillQueryOwnedBy(new SystemSecurityContext(dave, queryId), bob)).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot view query");
    assertThatThrownBy(() -> accessControlManager.checkCanViewQueryOwnedBy(new SystemSecurityContext(dave, queryId), bob)).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot view query");
    assertThatThrownBy(() -> accessControlManager.checkCanViewQueryOwnedBy(new SystemSecurityContext(dave, queryId), admin)).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot view query");
    Identity contractor = Identity.forUser("some-other-contractor").withGroups(ImmutableSet.of("contractors")).build();
    accessControlManager.checkCanExecuteQuery(new SystemSecurityContext(contractor, queryId));
    accessControlManager.checkCanViewQueryOwnedBy(new SystemSecurityContext(contractor, queryId), dave);
    assertThatThrownBy(() -> accessControlManager.checkCanKillQueryOwnedBy(new SystemSecurityContext(contractor, queryId), dave)).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot view query");
    accessControlManager.checkCanExecuteQuery(new SystemSecurityContext(nonAsciiUser, queryId));
    accessControlManager.checkCanViewQueryOwnedBy(new SystemSecurityContext(nonAsciiUser, queryId), any);
    assertEquals(accessControlManager.filterViewQueryOwnedBy(new SystemSecurityContext(nonAsciiUser, queryId), ImmutableSet.of("a", "b")), ImmutableSet.of("a", "b"));
    accessControlManager.checkCanKillQueryOwnedBy(new SystemSecurityContext(nonAsciiUser, queryId), any);
}
Also used : SystemSecurityContext(io.trino.spi.security.SystemSecurityContext) AccessDeniedException(io.trino.spi.security.AccessDeniedException) SystemAccessControl(io.trino.spi.security.SystemAccessControl) Identity(io.trino.spi.security.Identity) Test(org.testng.annotations.Test)

Example 8 with SystemSecurityContext

use of io.trino.spi.security.SystemSecurityContext in project trino by trinodb.

the class TestAccessControlManager method testColumnMaskOrdering.

@Test
public void testColumnMaskOrdering() {
    try (LocalQueryRunner queryRunner = LocalQueryRunner.create(TEST_SESSION)) {
        TransactionManager transactionManager = queryRunner.getTransactionManager();
        AccessControlManager accessControlManager = createAccessControlManager(transactionManager);
        accessControlManager.addSystemAccessControlFactory(new SystemAccessControlFactory() {

            @Override
            public String getName() {
                return "test";
            }

            @Override
            public SystemAccessControl create(Map<String, String> config) {
                return new SystemAccessControl() {

                    @Override
                    public Optional<ViewExpression> getColumnMask(SystemSecurityContext context, CatalogSchemaTableName tableName, String column, Type type) {
                        return Optional.of(new ViewExpression("user", Optional.empty(), Optional.empty(), "system mask"));
                    }

                    @Override
                    public void checkCanSetSystemSessionProperty(SystemSecurityContext context, String propertyName) {
                    }
                };
            }
        });
        accessControlManager.setSystemAccessControl("test", ImmutableMap.of());
        queryRunner.createCatalog("catalog", MockConnectorFactory.create(), ImmutableMap.of());
        accessControlManager.addCatalogAccessControl(new CatalogName("catalog"), new ConnectorAccessControl() {

            @Override
            public Optional<ViewExpression> getColumnMask(ConnectorSecurityContext context, SchemaTableName tableName, String column, Type type) {
                return Optional.of(new ViewExpression("user", Optional.empty(), Optional.empty(), "connector mask"));
            }

            @Override
            public void checkCanShowCreateTable(ConnectorSecurityContext context, SchemaTableName tableName) {
            }
        });
        transaction(transactionManager, accessControlManager).execute(transactionId -> {
            List<ViewExpression> masks = accessControlManager.getColumnMasks(context(transactionId), new QualifiedObjectName("catalog", "schema", "table"), "column", BIGINT);
            assertEquals(masks.get(0).getExpression(), "connector mask");
            assertEquals(masks.get(1).getExpression(), "system mask");
        });
    }
}
Also used : Optional(java.util.Optional) ConnectorAccessControl(io.trino.spi.connector.ConnectorAccessControl) ReadOnlySystemAccessControl(io.trino.plugin.base.security.ReadOnlySystemAccessControl) SystemAccessControl(io.trino.spi.security.SystemAccessControl) DefaultSystemAccessControl(io.trino.plugin.base.security.DefaultSystemAccessControl) AllowAllSystemAccessControl(io.trino.plugin.base.security.AllowAllSystemAccessControl) ConnectorSecurityContext(io.trino.spi.connector.ConnectorSecurityContext) SchemaTableName(io.trino.spi.connector.SchemaTableName) CatalogSchemaTableName(io.trino.spi.connector.CatalogSchemaTableName) LocalQueryRunner(io.trino.testing.LocalQueryRunner) CatalogSchemaTableName(io.trino.spi.connector.CatalogSchemaTableName) QualifiedObjectName(io.trino.metadata.QualifiedObjectName) ViewExpression(io.trino.spi.security.ViewExpression) SystemAccessControlFactory(io.trino.spi.security.SystemAccessControlFactory) SystemSecurityContext(io.trino.spi.security.SystemSecurityContext) Type(io.trino.spi.type.Type) TransactionManager(io.trino.transaction.TransactionManager) InMemoryTransactionManager.createTestTransactionManager(io.trino.transaction.InMemoryTransactionManager.createTestTransactionManager) CatalogName(io.trino.connector.CatalogName) Test(org.testng.annotations.Test)

Example 9 with SystemSecurityContext

use of io.trino.spi.security.SystemSecurityContext in project trino by trinodb.

the class FileBasedSystemAccessControl method filterColumns.

@Override
public Set<String> filterColumns(SystemSecurityContext context, CatalogSchemaTableName tableName, Set<String> columns) {
    if (!checkAnyTablePermission(context, tableName)) {
        return ImmutableSet.of();
    }
    if (INFORMATION_SCHEMA_NAME.equals(tableName.getSchemaTableName().getSchemaName())) {
        return columns;
    }
    Identity identity = context.getIdentity();
    CatalogTableAccessControlRule rule = tableRules.stream().filter(tableRule -> tableRule.matches(identity.getUser(), identity.getEnabledRoles(), identity.getGroups(), tableName)).findFirst().orElse(null);
    if (rule == null || rule.getPrivileges().isEmpty()) {
        return ImmutableSet.of();
    }
    // if user has privileges other than select, show all columns
    if (rule.getPrivileges().stream().anyMatch(privilege -> SELECT != privilege && GRANT_SELECT != privilege)) {
        return columns;
    }
    Set<String> restrictedColumns = rule.getRestrictedColumns();
    return columns.stream().filter(column -> !restrictedColumns.contains(column)).collect(toImmutableSet());
}
Also used : AccessDeniedException.denyReadSystemInformationAccess(io.trino.spi.security.AccessDeniedException.denyReadSystemInformationAccess) AccessDeniedException.denyDropTable(io.trino.spi.security.AccessDeniedException.denyDropTable) AccessDeniedException.denyGrantSchemaPrivilege(io.trino.spi.security.AccessDeniedException.denyGrantSchemaPrivilege) AccessDeniedException.denySetMaterializedViewProperties(io.trino.spi.security.AccessDeniedException.denySetMaterializedViewProperties) Suppliers.memoizeWithExpiration(com.google.common.base.Suppliers.memoizeWithExpiration) AccessDeniedException.denyInsertTable(io.trino.spi.security.AccessDeniedException.denyInsertTable) AccessDeniedException.denyShowCreateTable(io.trino.spi.security.AccessDeniedException.denyShowCreateTable) SystemSecurityContext(io.trino.spi.security.SystemSecurityContext) ALL(io.trino.plugin.base.security.CatalogAccessControlRule.AccessMode.ALL) AccessDeniedException.denySetSystemSessionProperty(io.trino.spi.security.AccessDeniedException.denySetSystemSessionProperty) AccessDeniedException.denyUpdateTableColumns(io.trino.spi.security.AccessDeniedException.denyUpdateTableColumns) Map(java.util.Map) AccessDeniedException.denyCreateTable(io.trino.spi.security.AccessDeniedException.denyCreateTable) AccessDeniedException.denyDeleteTable(io.trino.spi.security.AccessDeniedException.denyDeleteTable) AccessDeniedException.denyRenameSchema(io.trino.spi.security.AccessDeniedException.denyRenameSchema) AccessDeniedException.denyShowColumns(io.trino.spi.security.AccessDeniedException.denyShowColumns) AccessDeniedException.denyRenameMaterializedView(io.trino.spi.security.AccessDeniedException.denyRenameMaterializedView) OWNERSHIP(io.trino.plugin.base.security.TableAccessControlRule.TablePrivilege.OWNERSHIP) AccessDeniedException.denyDropSchema(io.trino.spi.security.AccessDeniedException.denyDropSchema) Set(java.util.Set) MILLISECONDS(java.util.concurrent.TimeUnit.MILLISECONDS) SchemaTableName(io.trino.spi.connector.SchemaTableName) AccessDeniedException.denyShowCreateSchema(io.trino.spi.security.AccessDeniedException.denyShowCreateSchema) TablePrivilege(io.trino.plugin.base.security.TableAccessControlRule.TablePrivilege) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) AccessDeniedException.denyRefreshMaterializedView(io.trino.spi.security.AccessDeniedException.denyRefreshMaterializedView) CatalogSchemaTableName(io.trino.spi.connector.CatalogSchemaTableName) AccessDeniedException.denyCreateRole(io.trino.spi.security.AccessDeniedException.denyCreateRole) Bootstrap(io.airlift.bootstrap.Bootstrap) ConfigBinder.configBinder(io.airlift.configuration.ConfigBinder.configBinder) AccessDeniedException.denyDenySchemaPrivilege(io.trino.spi.security.AccessDeniedException.denyDenySchemaPrivilege) AccessDeniedException.denySetUser(io.trino.spi.security.AccessDeniedException.denySetUser) AccessDeniedException.denyDenyTablePrivilege(io.trino.spi.security.AccessDeniedException.denyDenyTablePrivilege) AccessDeniedException.denyDropColumn(io.trino.spi.security.AccessDeniedException.denyDropColumn) SystemAccessControl(io.trino.spi.security.SystemAccessControl) AccessDeniedException.denySetViewAuthorization(io.trino.spi.security.AccessDeniedException.denySetViewAuthorization) AccessDeniedException.denySetSchemaAuthorization(io.trino.spi.security.AccessDeniedException.denySetSchemaAuthorization) AccessDeniedException.denyDropMaterializedView(io.trino.spi.security.AccessDeniedException.denyDropMaterializedView) Identity(io.trino.spi.security.Identity) ImmutableSet.toImmutableSet(com.google.common.collect.ImmutableSet.toImmutableSet) AccessDeniedException.denyViewQuery(io.trino.spi.security.AccessDeniedException.denyViewQuery) AccessDeniedException.denySelectTable(io.trino.spi.security.AccessDeniedException.denySelectTable) AccessDeniedException.denyCreateView(io.trino.spi.security.AccessDeniedException.denyCreateView) AccessDeniedException.denyCommentTable(io.trino.spi.security.AccessDeniedException.denyCommentTable) READ_ONLY(io.trino.plugin.base.security.CatalogAccessControlRule.AccessMode.READ_ONLY) UPDATE(io.trino.plugin.base.security.TableAccessControlRule.TablePrivilege.UPDATE) AccessDeniedException.denyRenameColumn(io.trino.spi.security.AccessDeniedException.denyRenameColumn) Paths(java.nio.file.Paths) AccessDeniedException.denyCatalogAccess(io.trino.spi.security.AccessDeniedException.denyCatalogAccess) AccessDeniedException.denyRenameView(io.trino.spi.security.AccessDeniedException.denyRenameView) AccessMode(io.trino.plugin.base.security.CatalogAccessControlRule.AccessMode) EventListener(io.trino.spi.eventlistener.EventListener) AccessDeniedException.denyAddColumn(io.trino.spi.security.AccessDeniedException.denyAddColumn) AccessDeniedException.denySetCatalogSessionProperty(io.trino.spi.security.AccessDeniedException.denySetCatalogSessionProperty) AccessDeniedException.denySetTableProperties(io.trino.spi.security.AccessDeniedException.denySetTableProperties) Duration(io.airlift.units.Duration) AccessDeniedException.denyRevokeTablePrivilege(io.trino.spi.security.AccessDeniedException.denyRevokeTablePrivilege) INSERT(io.trino.plugin.base.security.TableAccessControlRule.TablePrivilege.INSERT) DELETE(io.trino.plugin.base.security.TableAccessControlRule.TablePrivilege.DELETE) JsonUtils.parseJson(io.trino.plugin.base.util.JsonUtils.parseJson) AccessDeniedException.denyCreateSchema(io.trino.spi.security.AccessDeniedException.denyCreateSchema) CatalogSchemaName(io.trino.spi.connector.CatalogSchemaName) CatalogSchemaRoutineName(io.trino.spi.connector.CatalogSchemaRoutineName) AccessDeniedException.denyCreateMaterializedView(io.trino.spi.security.AccessDeniedException.denyCreateMaterializedView) AccessDeniedException.denyDropView(io.trino.spi.security.AccessDeniedException.denyDropView) AccessDeniedException.denyShowSchemas(io.trino.spi.security.AccessDeniedException.denyShowSchemas) ImmutableSet(com.google.common.collect.ImmutableSet) AccessDeniedException.denySetTableAuthorization(io.trino.spi.security.AccessDeniedException.denySetTableAuthorization) Predicate(java.util.function.Predicate) AccessDeniedException.denyTruncateTable(io.trino.spi.security.AccessDeniedException.denyTruncateTable) ViewExpression(io.trino.spi.security.ViewExpression) TrinoException(io.trino.spi.TrinoException) String.format(java.lang.String.format) List(java.util.List) Principal(java.security.Principal) Optional(java.util.Optional) SystemAccessControlFactory(io.trino.spi.security.SystemAccessControlFactory) Pattern(java.util.regex.Pattern) SELECT(io.trino.plugin.base.security.TableAccessControlRule.TablePrivilege.SELECT) GRANT_SELECT(io.trino.plugin.base.security.TableAccessControlRule.TablePrivilege.GRANT_SELECT) Logger(io.airlift.log.Logger) AccessDeniedException.denyRevokeSchemaPrivilege(io.trino.spi.security.AccessDeniedException.denyRevokeSchemaPrivilege) AccessDeniedException.denyWriteSystemInformationAccess(io.trino.spi.security.AccessDeniedException.denyWriteSystemInformationAccess) Type(io.trino.spi.type.Type) AccessDeniedException.denyDropRole(io.trino.spi.security.AccessDeniedException.denyDropRole) Function(java.util.function.Function) AccessDeniedException.denyCommentColumn(io.trino.spi.security.AccessDeniedException.denyCommentColumn) AccessDeniedException.denyCreateViewWithSelect(io.trino.spi.security.AccessDeniedException.denyCreateViewWithSelect) CONFIGURATION_INVALID(io.trino.spi.StandardErrorCode.CONFIGURATION_INVALID) ImmutableList(com.google.common.collect.ImmutableList) AccessDeniedException.denyShowTables(io.trino.spi.security.AccessDeniedException.denyShowTables) Objects.requireNonNull(java.util.Objects.requireNonNull) AccessDeniedException.denyRevokeRoles(io.trino.spi.security.AccessDeniedException.denyRevokeRoles) Privilege(io.trino.spi.security.Privilege) AccessDeniedException.denyRenameTable(io.trino.spi.security.AccessDeniedException.denyRenameTable) AccessDeniedException.denyShowRoleAuthorizationDescriptors(io.trino.spi.security.AccessDeniedException.denyShowRoleAuthorizationDescriptors) AccessDeniedException.denyImpersonateUser(io.trino.spi.security.AccessDeniedException.denyImpersonateUser) Injector(com.google.inject.Injector) AccessDeniedException.denyGrantRoles(io.trino.spi.security.AccessDeniedException.denyGrantRoles) SECURITY_REFRESH_PERIOD(io.trino.plugin.base.security.FileBasedAccessControlConfig.SECURITY_REFRESH_PERIOD) AccessDeniedException.denyGrantTablePrivilege(io.trino.spi.security.AccessDeniedException.denyGrantTablePrivilege) Identity(io.trino.spi.security.Identity)

Example 10 with SystemSecurityContext

use of io.trino.spi.security.SystemSecurityContext in project trino by trinodb.

the class FileBasedSystemAccessControl method checkCanSetSystemSessionProperty.

@Override
public void checkCanSetSystemSessionProperty(SystemSecurityContext context, String propertyName) {
    Identity identity = context.getIdentity();
    boolean allowed = sessionPropertyRules.stream().map(rule -> rule.match(identity.getUser(), identity.getEnabledRoles(), identity.getGroups(), propertyName)).flatMap(Optional::stream).findFirst().orElse(false);
    if (!allowed) {
        denySetSystemSessionProperty(propertyName);
    }
}
Also used : AccessDeniedException.denyReadSystemInformationAccess(io.trino.spi.security.AccessDeniedException.denyReadSystemInformationAccess) AccessDeniedException.denyDropTable(io.trino.spi.security.AccessDeniedException.denyDropTable) AccessDeniedException.denyGrantSchemaPrivilege(io.trino.spi.security.AccessDeniedException.denyGrantSchemaPrivilege) AccessDeniedException.denySetMaterializedViewProperties(io.trino.spi.security.AccessDeniedException.denySetMaterializedViewProperties) Suppliers.memoizeWithExpiration(com.google.common.base.Suppliers.memoizeWithExpiration) AccessDeniedException.denyInsertTable(io.trino.spi.security.AccessDeniedException.denyInsertTable) AccessDeniedException.denyShowCreateTable(io.trino.spi.security.AccessDeniedException.denyShowCreateTable) SystemSecurityContext(io.trino.spi.security.SystemSecurityContext) ALL(io.trino.plugin.base.security.CatalogAccessControlRule.AccessMode.ALL) AccessDeniedException.denySetSystemSessionProperty(io.trino.spi.security.AccessDeniedException.denySetSystemSessionProperty) AccessDeniedException.denyUpdateTableColumns(io.trino.spi.security.AccessDeniedException.denyUpdateTableColumns) Map(java.util.Map) AccessDeniedException.denyCreateTable(io.trino.spi.security.AccessDeniedException.denyCreateTable) AccessDeniedException.denyDeleteTable(io.trino.spi.security.AccessDeniedException.denyDeleteTable) AccessDeniedException.denyRenameSchema(io.trino.spi.security.AccessDeniedException.denyRenameSchema) AccessDeniedException.denyShowColumns(io.trino.spi.security.AccessDeniedException.denyShowColumns) AccessDeniedException.denyRenameMaterializedView(io.trino.spi.security.AccessDeniedException.denyRenameMaterializedView) OWNERSHIP(io.trino.plugin.base.security.TableAccessControlRule.TablePrivilege.OWNERSHIP) AccessDeniedException.denyDropSchema(io.trino.spi.security.AccessDeniedException.denyDropSchema) Set(java.util.Set) MILLISECONDS(java.util.concurrent.TimeUnit.MILLISECONDS) SchemaTableName(io.trino.spi.connector.SchemaTableName) AccessDeniedException.denyShowCreateSchema(io.trino.spi.security.AccessDeniedException.denyShowCreateSchema) TablePrivilege(io.trino.plugin.base.security.TableAccessControlRule.TablePrivilege) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) AccessDeniedException.denyRefreshMaterializedView(io.trino.spi.security.AccessDeniedException.denyRefreshMaterializedView) CatalogSchemaTableName(io.trino.spi.connector.CatalogSchemaTableName) AccessDeniedException.denyCreateRole(io.trino.spi.security.AccessDeniedException.denyCreateRole) Bootstrap(io.airlift.bootstrap.Bootstrap) ConfigBinder.configBinder(io.airlift.configuration.ConfigBinder.configBinder) AccessDeniedException.denyDenySchemaPrivilege(io.trino.spi.security.AccessDeniedException.denyDenySchemaPrivilege) AccessDeniedException.denySetUser(io.trino.spi.security.AccessDeniedException.denySetUser) AccessDeniedException.denyDenyTablePrivilege(io.trino.spi.security.AccessDeniedException.denyDenyTablePrivilege) AccessDeniedException.denyDropColumn(io.trino.spi.security.AccessDeniedException.denyDropColumn) SystemAccessControl(io.trino.spi.security.SystemAccessControl) AccessDeniedException.denySetViewAuthorization(io.trino.spi.security.AccessDeniedException.denySetViewAuthorization) AccessDeniedException.denySetSchemaAuthorization(io.trino.spi.security.AccessDeniedException.denySetSchemaAuthorization) AccessDeniedException.denyDropMaterializedView(io.trino.spi.security.AccessDeniedException.denyDropMaterializedView) Identity(io.trino.spi.security.Identity) ImmutableSet.toImmutableSet(com.google.common.collect.ImmutableSet.toImmutableSet) AccessDeniedException.denyViewQuery(io.trino.spi.security.AccessDeniedException.denyViewQuery) AccessDeniedException.denySelectTable(io.trino.spi.security.AccessDeniedException.denySelectTable) AccessDeniedException.denyCreateView(io.trino.spi.security.AccessDeniedException.denyCreateView) AccessDeniedException.denyCommentTable(io.trino.spi.security.AccessDeniedException.denyCommentTable) READ_ONLY(io.trino.plugin.base.security.CatalogAccessControlRule.AccessMode.READ_ONLY) UPDATE(io.trino.plugin.base.security.TableAccessControlRule.TablePrivilege.UPDATE) AccessDeniedException.denyRenameColumn(io.trino.spi.security.AccessDeniedException.denyRenameColumn) Paths(java.nio.file.Paths) AccessDeniedException.denyCatalogAccess(io.trino.spi.security.AccessDeniedException.denyCatalogAccess) AccessDeniedException.denyRenameView(io.trino.spi.security.AccessDeniedException.denyRenameView) AccessMode(io.trino.plugin.base.security.CatalogAccessControlRule.AccessMode) EventListener(io.trino.spi.eventlistener.EventListener) AccessDeniedException.denyAddColumn(io.trino.spi.security.AccessDeniedException.denyAddColumn) AccessDeniedException.denySetCatalogSessionProperty(io.trino.spi.security.AccessDeniedException.denySetCatalogSessionProperty) AccessDeniedException.denySetTableProperties(io.trino.spi.security.AccessDeniedException.denySetTableProperties) Duration(io.airlift.units.Duration) AccessDeniedException.denyRevokeTablePrivilege(io.trino.spi.security.AccessDeniedException.denyRevokeTablePrivilege) INSERT(io.trino.plugin.base.security.TableAccessControlRule.TablePrivilege.INSERT) DELETE(io.trino.plugin.base.security.TableAccessControlRule.TablePrivilege.DELETE) JsonUtils.parseJson(io.trino.plugin.base.util.JsonUtils.parseJson) AccessDeniedException.denyCreateSchema(io.trino.spi.security.AccessDeniedException.denyCreateSchema) CatalogSchemaName(io.trino.spi.connector.CatalogSchemaName) CatalogSchemaRoutineName(io.trino.spi.connector.CatalogSchemaRoutineName) AccessDeniedException.denyCreateMaterializedView(io.trino.spi.security.AccessDeniedException.denyCreateMaterializedView) AccessDeniedException.denyDropView(io.trino.spi.security.AccessDeniedException.denyDropView) AccessDeniedException.denyShowSchemas(io.trino.spi.security.AccessDeniedException.denyShowSchemas) ImmutableSet(com.google.common.collect.ImmutableSet) AccessDeniedException.denySetTableAuthorization(io.trino.spi.security.AccessDeniedException.denySetTableAuthorization) Predicate(java.util.function.Predicate) AccessDeniedException.denyTruncateTable(io.trino.spi.security.AccessDeniedException.denyTruncateTable) ViewExpression(io.trino.spi.security.ViewExpression) TrinoException(io.trino.spi.TrinoException) String.format(java.lang.String.format) List(java.util.List) Principal(java.security.Principal) Optional(java.util.Optional) SystemAccessControlFactory(io.trino.spi.security.SystemAccessControlFactory) Pattern(java.util.regex.Pattern) SELECT(io.trino.plugin.base.security.TableAccessControlRule.TablePrivilege.SELECT) GRANT_SELECT(io.trino.plugin.base.security.TableAccessControlRule.TablePrivilege.GRANT_SELECT) Logger(io.airlift.log.Logger) AccessDeniedException.denyRevokeSchemaPrivilege(io.trino.spi.security.AccessDeniedException.denyRevokeSchemaPrivilege) AccessDeniedException.denyWriteSystemInformationAccess(io.trino.spi.security.AccessDeniedException.denyWriteSystemInformationAccess) Type(io.trino.spi.type.Type) AccessDeniedException.denyDropRole(io.trino.spi.security.AccessDeniedException.denyDropRole) Function(java.util.function.Function) AccessDeniedException.denyCommentColumn(io.trino.spi.security.AccessDeniedException.denyCommentColumn) AccessDeniedException.denyCreateViewWithSelect(io.trino.spi.security.AccessDeniedException.denyCreateViewWithSelect) CONFIGURATION_INVALID(io.trino.spi.StandardErrorCode.CONFIGURATION_INVALID) ImmutableList(com.google.common.collect.ImmutableList) AccessDeniedException.denyShowTables(io.trino.spi.security.AccessDeniedException.denyShowTables) Objects.requireNonNull(java.util.Objects.requireNonNull) AccessDeniedException.denyRevokeRoles(io.trino.spi.security.AccessDeniedException.denyRevokeRoles) Privilege(io.trino.spi.security.Privilege) AccessDeniedException.denyRenameTable(io.trino.spi.security.AccessDeniedException.denyRenameTable) AccessDeniedException.denyShowRoleAuthorizationDescriptors(io.trino.spi.security.AccessDeniedException.denyShowRoleAuthorizationDescriptors) AccessDeniedException.denyImpersonateUser(io.trino.spi.security.AccessDeniedException.denyImpersonateUser) Injector(com.google.inject.Injector) AccessDeniedException.denyGrantRoles(io.trino.spi.security.AccessDeniedException.denyGrantRoles) SECURITY_REFRESH_PERIOD(io.trino.plugin.base.security.FileBasedAccessControlConfig.SECURITY_REFRESH_PERIOD) AccessDeniedException.denyGrantTablePrivilege(io.trino.spi.security.AccessDeniedException.denyGrantTablePrivilege) Optional(java.util.Optional) Identity(io.trino.spi.security.Identity)

Aggregations

SystemAccessControl (io.trino.spi.security.SystemAccessControl)15 SystemSecurityContext (io.trino.spi.security.SystemSecurityContext)15 Test (org.testng.annotations.Test)10 Identity (io.trino.spi.security.Identity)7 CatalogSchemaName (io.trino.spi.connector.CatalogSchemaName)6 CatalogSchemaTableName (io.trino.spi.connector.CatalogSchemaTableName)6 SchemaTableName (io.trino.spi.connector.SchemaTableName)6 AccessDeniedException (io.trino.spi.security.AccessDeniedException)6 Suppliers.memoizeWithExpiration (com.google.common.base.Suppliers.memoizeWithExpiration)5 ImmutableList (com.google.common.collect.ImmutableList)5 ImmutableSet (com.google.common.collect.ImmutableSet)5 ImmutableSet.toImmutableSet (com.google.common.collect.ImmutableSet.toImmutableSet)5 Injector (com.google.inject.Injector)5 Bootstrap (io.airlift.bootstrap.Bootstrap)5 ConfigBinder.configBinder (io.airlift.configuration.ConfigBinder.configBinder)5 Logger (io.airlift.log.Logger)5 Duration (io.airlift.units.Duration)5 AccessMode (io.trino.plugin.base.security.CatalogAccessControlRule.AccessMode)5 ALL (io.trino.plugin.base.security.CatalogAccessControlRule.AccessMode.ALL)5 READ_ONLY (io.trino.plugin.base.security.CatalogAccessControlRule.AccessMode.READ_ONLY)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial