Interface OpenMetadataAssetSecurity


  • public interface OpenMetadataAssetSecurity
    OpenMetadataAssetSecurity is able to intercede as the zones are set up in an asset and validates what a user is allowed to do with to Assets (often using the zone values). The methods are given access to the whole asset to allow a variety of values to be tested.
    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      java.util.List<java.lang.String> setAssetZonesToDefault​(java.util.List<java.lang.String> defaultZones, Asset asset)
      Determine the appropriate setting for the asset zones depending on the content of the asset and the default zones.
      java.util.List<java.lang.String> setSupportedZonesForUser​(java.util.List<java.lang.String> supportedZones, java.lang.String serviceName, java.lang.String user)
      Determine the appropriate setting for the supported zones depending on the user and the default supported zones set up for the service.
      void validateUserForAssetAttachmentUpdate​(java.lang.String userId, Asset asset)
      Tests for whether a specific user should have the right to update elements attached directly to an asset such as schema and connections.
      void validateUserForAssetCreate​(java.lang.String userId, Asset asset)
      Tests for whether a specific user should have the right to create an asset.
      void validateUserForAssetDelete​(java.lang.String userId, Asset asset)
      Tests for whether a specific user should have the right to delete an asset.
      void validateUserForAssetDetailUpdate​(java.lang.String userId, Asset originalAsset, AssetAuditHeader originalAssetAuditHeader, Asset newAsset)
      Tests for whether a specific user should have the right to update an asset.
      void validateUserForAssetFeedback​(java.lang.String userId, Asset asset)
      Tests for whether a specific user should have the right to attach feedback - such as comments, ratings, tags and likes, to the asset.
      void validateUserForAssetRead​(java.lang.String userId, Asset asset)
      Tests for whether a specific user should have read access to a specific asset.
      java.util.List<java.lang.String> verifyAssetZones​(java.util.List<java.lang.String> defaultZones, java.util.List<java.lang.String> supportedZones, java.util.List<java.lang.String> publishZones, Asset originalAsset, Asset updatedAsset)
      Determine the appropriate setting for the asset zones depending on the content of the asset and the settings of both default zones and supported zones.
    • Method Detail

      • setSupportedZonesForUser

        java.util.List<java.lang.String> setSupportedZonesForUser​(java.util.List<java.lang.String> supportedZones,
                                                                  java.lang.String serviceName,
                                                                  java.lang.String user)
                                                           throws InvalidParameterException,
                                                                  PropertyServerException
        Determine the appropriate setting for the supported zones depending on the user and the default supported zones set up for the service. This is called whenever an asset is accessed.
        Parameters:
        supportedZones - default setting of the supported zones for the service
        serviceName - name of the called service
        user - name of the user
        Returns:
        list of supported zones for the user
        Throws:
        InvalidParameterException - one of the parameter values is invalid
        PropertyServerException - there is a problem calculating the zones
      • setAssetZonesToDefault

        java.util.List<java.lang.String> setAssetZonesToDefault​(java.util.List<java.lang.String> defaultZones,
                                                                Asset asset)
                                                         throws InvalidParameterException,
                                                                PropertyServerException
        Determine the appropriate setting for the asset zones depending on the content of the asset and the default zones. This is called whenever a new asset is created.
        Parameters:
        defaultZones - setting of the default zones for the service
        asset - initial values for the asset
        Returns:
        list of zones to set in the asset
        Throws:
        InvalidParameterException - one of the asset values is invalid
        PropertyServerException - there is a problem calculating the zones
      • verifyAssetZones

        java.util.List<java.lang.String> verifyAssetZones​(java.util.List<java.lang.String> defaultZones,
                                                          java.util.List<java.lang.String> supportedZones,
                                                          java.util.List<java.lang.String> publishZones,
                                                          Asset originalAsset,
                                                          Asset updatedAsset)
                                                   throws InvalidParameterException,
                                                          PropertyServerException
        Determine the appropriate setting for the asset zones depending on the content of the asset and the settings of both default zones and supported zones. This method is called whenever an asset's values are changed.
        Parameters:
        defaultZones - setting of the default zones for the service
        supportedZones - setting of the supported zones for the service
        publishZones - setting of the publish zones for the service
        originalAsset - original values for the asset
        updatedAsset - updated values for the asset
        Returns:
        list of zones to set in the asset
        Throws:
        InvalidParameterException - one of the asset values is invalid
        PropertyServerException - there is a problem calculating the zones
      • validateUserForAssetCreate

        void validateUserForAssetCreate​(java.lang.String userId,
                                        Asset asset)
                                 throws UserNotAuthorizedException
        Tests for whether a specific user should have the right to create an asset.
        Parameters:
        userId - identifier of user
        asset - new asset details
        Throws:
        UserNotAuthorizedException - the user is not authorized to change this asset
      • validateUserForAssetRead

        void validateUserForAssetRead​(java.lang.String userId,
                                      Asset asset)
                               throws UserNotAuthorizedException
        Tests for whether a specific user should have read access to a specific asset.
        Parameters:
        userId - identifier of user
        asset - asset details
        Throws:
        UserNotAuthorizedException - the user is not authorized to access this asset
      • validateUserForAssetDetailUpdate

        void validateUserForAssetDetailUpdate​(java.lang.String userId,
                                              Asset originalAsset,
                                              AssetAuditHeader originalAssetAuditHeader,
                                              Asset newAsset)
                                       throws UserNotAuthorizedException
        Tests for whether a specific user should have the right to update an asset. This is used for a general asset update, which may include changes to the zones and the ownership.
        Parameters:
        userId - identifier of user
        originalAsset - original asset details
        originalAssetAuditHeader - details of the asset's audit header
        newAsset - new asset details
        Throws:
        UserNotAuthorizedException - the user is not authorized to change this asset
      • validateUserForAssetAttachmentUpdate

        void validateUserForAssetAttachmentUpdate​(java.lang.String userId,
                                                  Asset asset)
                                           throws UserNotAuthorizedException
        Tests for whether a specific user should have the right to update elements attached directly to an asset such as schema and connections.
        Parameters:
        userId - identifier of user
        asset - original asset details
        Throws:
        UserNotAuthorizedException - the user is not authorized to change this asset
      • validateUserForAssetFeedback

        void validateUserForAssetFeedback​(java.lang.String userId,
                                          Asset asset)
                                   throws UserNotAuthorizedException
        Tests for whether a specific user should have the right to attach feedback - such as comments, ratings, tags and likes, to the asset.
        Parameters:
        userId - identifier of user
        asset - original asset details
        Throws:
        UserNotAuthorizedException - the user is not authorized to change this asset
      • validateUserForAssetDelete

        void validateUserForAssetDelete​(java.lang.String userId,
                                        Asset asset)
                                 throws UserNotAuthorizedException
        Tests for whether a specific user should have the right to delete an asset.
        Parameters:
        userId - identifier of user
        asset - original asset details
        Throws:
        UserNotAuthorizedException - the user is not authorized to change this asset