Package org.odpi.openmetadata.metadatasecurity

Interface OpenMetadataAssetSecurity

All Known Implementing Classes:
CocoPharmaSecretsSecurityConnector, CocoPharmaServerSecurityConnector
public interface OpenMetadataAssetSecurity
OpenMetadataAssetSecurity is able to intercede as the zones are set up in an asset and validates what a user is allowed to do with to Assets (often using the zone values). The methods are given access to the whole asset to allow a variety of values to be tested.

  • Method Details

    • setSupportedZonesForUser

      List<String> setSupportedZonesForUser(List<String> supportedZones, String serviceName, String user) throws InvalidParameterException, PropertyServerException
      Determine the appropriate setting for the supported zones depending on the user and the default supported zones set up for the service. This is called whenever an asset is accessed.
      Parameters:
      supportedZones - default setting of the supported zones for the service
      serviceName - name of the called service
      user - name of the user
      Returns:
      list of supported zones for the user
      Throws:
      InvalidParameterException - one of the parameter values is invalid
      PropertyServerException - there is a problem calculating the zones

    • setAssetZonesToDefault

      List<String> setAssetZonesToDefault(List<String> defaultZones, Asset asset) throws InvalidParameterException, PropertyServerException
      Determine the appropriate setting for the asset zones depending on the content of the asset and the default zones. This is called whenever a new asset is created.
      Parameters:
      defaultZones - setting of the default zones for the service
      asset - initial values for the asset
      Returns:
      list of zones to set in the asset
      Throws:
      InvalidParameterException - one of the asset values is invalid
      PropertyServerException - there is a problem calculating the zones

    • verifyAssetZones

      List<String> verifyAssetZones(List<String> defaultZones, List<String> supportedZones, List<String> publishZones, Asset originalAsset, Asset updatedAsset) throws InvalidParameterException, PropertyServerException
      Determine the appropriate setting for the asset zones depending on the content of the asset and the settings of both default zones and supported zones. This method is called whenever an asset's values are changed.
      Parameters:
      defaultZones - setting of the default zones for the service
      supportedZones - setting of the supported zones for the service
      publishZones - setting of the publish zones for the service
      originalAsset - original values for the asset
      updatedAsset - updated values for the asset
      Returns:
      list of zones to set in the asset
      Throws:
      InvalidParameterException - one of the asset values is invalid
      PropertyServerException - there is a problem calculating the zones

    • validateUserForAssetCreate

      void validateUserForAssetCreate(String userId, Asset asset) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to create an asset.
      Parameters:
      userId - identifier of user
      asset - new asset details
      Throws:
      UserNotAuthorizedException - the user is not authorized to change this asset

    • validateUserForAssetRead

      void validateUserForAssetRead(String userId, Asset asset) throws UserNotAuthorizedException
      Tests for whether a specific user should have read access to a specific asset.
      Parameters:
      userId - identifier of user
      asset - asset details
      Throws:
      UserNotAuthorizedException - the user is not authorized to access this asset

    • validateUserForAssetDetailUpdate

      void validateUserForAssetDetailUpdate(String userId, Asset originalAsset, AssetAuditHeader originalAssetAuditHeader, Asset newAsset) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to update an asset. This is used for a general asset update, which may include changes to the zones and the ownership.
      Parameters:
      userId - identifier of user
      originalAsset - original asset details
      originalAssetAuditHeader - details of the asset's audit header
      newAsset - new asset details
      Throws:
      UserNotAuthorizedException - the user is not authorized to change this asset

    • validateUserForAssetAttachmentUpdate

      void validateUserForAssetAttachmentUpdate(String userId, Asset asset) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to update elements attached directly to an asset such as schema and connections.
      Parameters:
      userId - identifier of user
      asset - original asset details
      Throws:
      UserNotAuthorizedException - the user is not authorized to change this asset

    • validateUserForAssetFeedback

      void validateUserForAssetFeedback(String userId, Asset asset) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to attach feedback - such as comments, ratings, tags and likes, to the asset.
      Parameters:
      userId - identifier of user
      asset - original asset details
      Throws:
      UserNotAuthorizedException - the user is not authorized to change this asset

    • validateUserForAssetDelete

      void validateUserForAssetDelete(String userId, Asset asset) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to delete an asset.
      Parameters:
      userId - identifier of user
      asset - original asset details
      Throws:
      UserNotAuthorizedException - the user is not authorized to change this asset