Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.teiid
Interface PolicyDecider

public interface PolicyDecider

A policy decider that reports authorization decisions for further action. A decider may be called many times for a single user command. Typically there will be 1 call for every command/subquery/temp table access/function call.

Method Summary
 java.util.Set<java.lang.String> getInaccessibleResources(DataPolicy.PermissionType action, java.util.Set<java.lang.String> resources, DataPolicy.Context context, CommandContext commandContext)
          Returns the set of resources not allowed to be accessed by the current user.
 boolean hasRole(java.lang.String roleName, CommandContext context)
          Called by the system hasRole function to determine role membership.
 boolean isTempAccessable(DataPolicy.PermissionType action, java.lang.String resource, DataPolicy.Context context, CommandContext commandContext)
          Checks if the given temp table is accessible.
 boolean validateCommand(CommandContext commandContext)
          Determines if an authorization check should proceed
 

Method Detail

hasRole

boolean hasRole(java.lang.String roleName,
                CommandContext context)
Called by the system hasRole function to determine role membership.

Parameters:
roleName -
context -
Returns:
true if the user has the given role name, otherwise false

getInaccessibleResources

java.util.Set<java.lang.String> getInaccessibleResources(DataPolicy.PermissionType action,
                                                         java.util.Set<java.lang.String> resources,
                                                         DataPolicy.Context context,
                                                         CommandContext commandContext)
Returns the set of resources not allowed to be accessed by the current user. Resource names are given based upon the FQNs (NOTE these are non-SQL names - identifiers are not quoted).

Parameters:
action -
resources -
context - in which the action is performed. For example you can have a context of DataPolicy.Context.UPDATE for a DataPolicy.PermissionType.READ for columns used in an UPDATE condition.
commandContext -
Returns:
the set of inaccessible resources, never null

isTempAccessable

boolean isTempAccessable(DataPolicy.PermissionType action,
                         java.lang.String resource,
                         DataPolicy.Context context,
                         CommandContext commandContext)
Checks if the given temp table is accessible. Typically as long as temp tables can be created, all operations are allowed. Resource names are given based upon the FQNs (NOTE these are non-SQL names - identifiers are not quoted).

Parameters:
action -
resource -
context - in which the action is performed. For example you can have a context of DataPolicy.Context.UPDATE for a DataPolicy.PermissionType.READ for columns used in an UPDATE condition.
commandContext -
Returns:
true if the access is allowed, otherwise false

validateCommand

boolean validateCommand(CommandContext commandContext)
Determines if an authorization check should proceed

Parameters:
commandContext -
Returns:
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2011. All Rights Reserved.