Class OpenMetadataAccessSecurityConnector
java.lang.Object
org.odpi.openmetadata.frameworks.connectors.Connector
org.odpi.openmetadata.frameworks.connectors.ConnectorBase
org.odpi.openmetadata.metadatasecurity.connectors.OpenMetadataSecurityConnector
org.odpi.openmetadata.metadatasecurity.accessconnector.OpenMetadataAccessSecurityConnector
- All Implemented Interfaces:
AuditLoggingComponent,SecureConnectorExtension,VirtualConnectorExtension,OpenMetadataElementSecurity,OpenMetadataPlatformSecurity,OpenMetadataRepositorySecurity,OpenMetadataServerSecurity,OpenMetadataServiceSecurity,OpenMetadataUserSecurity
public class OpenMetadataAccessSecurityConnector
extends OpenMetadataSecurityConnector
implements OpenMetadataPlatformSecurity, OpenMetadataRepositorySecurity, OpenMetadataServerSecurity, OpenMetadataServiceSecurity, OpenMetadataElementSecurity, OpenMetadataUserSecurity
OpenMetadataAccessSecurityConnector provides a specific security connector for Egeria's runtime
users that overrides the default behavior of the default open metadata security connectors that does
not allow any access to anything. It provides a demonstration of how to implement a security connector that uses
an external secrets store.
-
Nested Class Summary
Nested classes/interfaces inherited from class org.odpi.openmetadata.frameworks.connectors.ConnectorBase
ConnectorBase.ProtectedConnection -
Field Summary
Fields inherited from class org.odpi.openmetadata.metadatasecurity.connectors.OpenMetadataSecurityConnector
connectorName, localServerUserId, serverName, serverRootURL, unknownTypeNameFields inherited from class org.odpi.openmetadata.frameworks.connectors.ConnectorBase
auditLog, connectedAssetProperties, connectionBean, connectionProperties, connectorInstanceId, embeddedConnectors, messageFormatter, secretsStoreConnectorMap -
Constructor Summary
ConstructorsConstructorDescriptionConstructor sets up the security policies -
Method Summary
Modifier and TypeMethodDescriptionprotected booleancheckNameInGroup(String name, NamedList list) This method performs the nested look up of a user's name in the groups.getUserAccount(String userId) Retrieve information about a specific user.protected StringresolveElementGroupName(String pattern, String qualifiedName, String operationName) Return a group name using a pattern.protected StringresolveOwnershipGroupName(String pattern, List<Classification> classifications, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) Return a group name using a pattern.protected StringresolveServerGroupName(String pattern, String name) Return a group name using a pattern.protected StringresolveServerServiceOperationGroupName(String pattern, String serverName, String serviceName, String operationName) Return a group name using a pattern.protected StringresolveServiceGroupName(String pattern, String serviceName, String operationName) Return a group name using a pattern.selectConnection(String userId, EntityDetail assetEntity, List<EntityDetail> connectionEntities, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) Use the security connector to make a choice on which connection to supply to the requesting user.setSupportedZonesForUser(List<String> supportedZones, String serviceName, String user) Determine the appropriate setting for the supported zones depending on the user and the default supported zones set up for the service.voidstart()Indicates that the connector is completely configured and can begin processing.protected booleanvalidateClassificationAccess(String entityGUID, String entityTypeName, List<Classification> classifications, OpenMetadataUserAccount userAccount, AccessOperation operation, String createdBy, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) Determine whether the classifications provide access or restrict access to the elementbooleanvalidateEntityReferenceCopySave(String userId, EntityDetail instance) Tests for whether a reference copy should be saved to the repository.booleanvalidateRelationshipReferenceCopySave(String userId, Relationship instance) Tests for whether a reference copy should be saved to the repository.protected booleanvalidateSecurityTagAccess(String entityGUID, String entityTypeName, List<Classification> classifications, OpenMetadataUserAccount userAccount, AccessOperation operation, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) Determine whether the security tags provide access to the elementvoidCheck that the calling user is authorized to issue diagnostic requests to the OMAG Server Platform.voidCheck that the calling user is authorized to issue operator requests to the OMAG Server Platform.voidvalidateUserAsServerAdmin(String userId) Check that the calling user is authorized to update the configuration for a server.voidCheck that the calling user is authorized to issue operator requests to the OMAG Server.voidvalidateUserAsServerOperator(String userId) Check that the calling user is authorized to issue operator requests to the OMAG Server.voidvalidateUserForAnchorAddFeedback(String userId, EntityDetail anchorEntity, EntityDetail feedbackEntity, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) Tests for whether a specific user should have the right to attach feedback - such as comments, ratings, tags and likes, to the anchor or member element.voidvalidateUserForAnchorAttach(String userId, EntityDetail anchorEntity, EntityDetail attachingEntity, String relationshipName, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) Tests for whether a specific user should have the right to link unanchored elementsvoidvalidateUserForAnchorClassify(String userId, EntityDetail anchorEntity, String classificationName, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) Tests for whether a specific user should have the right to add or update a classification on this anchor or member element.voidvalidateUserForAnchorDeclassify(String userId, EntityDetail anchorEntity, String classificationName, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) Tests for whether a specific user should have the right to remove a classification from this anchor or member elementvoidvalidateUserForAnchorDeleteFeedback(String userId, EntityDetail anchorEntity, EntityDetail feedbackEntity, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) Tests for whether a specific user should have the right to detach feedback - such as comments, ratings, tags and likes, to the anchor or member element.voidvalidateUserForAnchorDetach(String userId, EntityDetail anchorEntity, EntityDetail detachingEntity, String relationshipName, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) Tests for whether a specific user should have the right to link unanchored elementsvoidvalidateUserForAnchorMemberAdd(String userId, EntityDetail anchorEntity, EntityDetail newMemberEntity, String relationshipName, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) Tests for whether a specific user should have the right to attach feedback - such as comments, ratings, tags and likes, to the element.voidvalidateUserForAnchorMemberDelete(String userId, EntityDetail anchorEntity, EntityDetail obsoleteEntity, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) Tests for whether a specific user should have the right to delete an element and all of its contents.voidvalidateUserForAnchorMemberRead(String userId, EntityDetail anchorEntity, EntityDetail requestedEntity, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) Tests for whether a specific user should have read access to a specific element and its contents.voidvalidateUserForAnchorMemberStatusUpdate(String userId, EntityDetail anchorEntity, EntityDetail originalEntity, InstanceStatus newStatus, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) Tests for whether a specific user should have the right to update the instance status of an element.voidvalidateUserForAnchorMemberUpdate(String userId, EntityDetail anchorEntity, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) Tests for whether a specific user should have the right to update elements attached directly to an anchor such as glossary terms and categories attached to an element.voidvalidateUserForElementAddFeedback(String userId, EntityDetail originalEntity, EntityDetail feedbackEntity, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) Tests for whether a specific user should have the right to attach feedback - such as comments, ratings, tags and likes, to the element.voidvalidateUserForElementAttach(String userId, EntityDetail startingEntity, EntityDetail attachingEntity, String relationshipName, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) Tests for whether a specific user should have the right to link unanchored elements to this elementvoidvalidateUserForElementClassify(String userId, EntityDetail originalEntity, String classificationName, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) Tests for whether a specific user should have the right to add or update a classification on this element.voidvalidateUserForElementCreate(String userId, String entityTypeGUID, String entityTypeName, InstanceProperties newProperties, List<Classification> classifications, InstanceStatus instanceStatus, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) Tests for whether a specific user should have the right to create an element.voidvalidateUserForElementDeclassify(String userId, EntityDetail originalEntity, String classificationName, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) Tests for whether a specific user should have the right to remove a classification from this elementvoidvalidateUserForElementDelete(String userId, EntityDetail entity, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) Tests for whether a specific user should have the right to delete an element and all of its contents.voidvalidateUserForElementDeleteFeedback(String userId, EntityDetail originalEntity, EntityDetail feedbackEntity, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) Tests for whether a specific user should have the right to detach feedback - such as comments, ratings, tags and likes, to the element.voidvalidateUserForElementDetach(String userId, EntityDetail startingEntity, EntityDetail detachingEntity, String relationshipName, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) Tests for whether a specific user should have the right to link unanchored elements to this elementvoidvalidateUserForElementDetailUpdate(String userId, EntityDetail originalEntity, InstanceProperties newEntityProperties, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) Tests for whether a specific user should have the right to update the properties of an element.voidvalidateUserForElementRead(String userId, EntityDetail requestedEntity, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) Tests for whether a specific user should have read access to a specific element and its contents.voidvalidateUserForElementStatusUpdate(String userId, EntityDetail originalEntity, InstanceStatus newStatus, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) Tests for whether a specific user should have the right to update the properties of an element.voidvalidateUserForEntityClassificationAdd(String userId, String metadataCollectionName, EntitySummary instance, String classificationName, InstanceProperties properties) Tests for whether a specific user should have the right to add a classification to an entity instance within a repository.voidvalidateUserForEntityClassificationDelete(String userId, String metadataCollectionName, EntitySummary instance, String classificationName) Tests for whether a specific user should have the right to delete a classification from an entity instance within a repository.voidvalidateUserForEntityClassificationUpdate(String userId, String metadataCollectionName, EntitySummary instance, String classificationName, InstanceProperties properties) Tests for whether a specific user should have the right to update the classification for an entity instance within a repository.voidvalidateUserForEntityCreate(String userId, String metadataCollectionName, String entityTypeGUID, InstanceProperties initialProperties, List<Classification> initialClassifications, InstanceStatus initialStatus) Tests for whether a specific user should have the right to create an instance within a repository.voidvalidateUserForEntityDelete(String userId, String metadataCollectionName, EntityDetail instance) Tests for whether a specific user should have the right to delete an instance within a repository.voidvalidateUserForEntityProxyRead(String userId, String metadataCollectionName, EntityProxy instance) Tests for whether a specific user should have read access to a specific instance within a repository.validateUserForEntityRead(String userId, String metadataCollectionName, EntityDetail instance) Tests for whether a specific user should have read access to a specific instance within a repository.voidvalidateUserForEntityReHoming(String userId, String metadataCollectionName, EntityDetail instance, String newHomeMetadataCollectionId, String newHomeMetadataCollectionName) Tests for whether a specific user should have the right to change the home of an instance within a repository.voidvalidateUserForEntityReIdentification(String userId, String metadataCollectionName, EntityDetail instance, String newGUID) Tests for whether a specific user should have the right to change the guid on an instance within a repository.voidvalidateUserForEntityRestore(String userId, String metadataCollectionName, String deletedEntityGUID) Tests for whether a specific user should have the right to restore an instance within a repository.voidvalidateUserForEntityReTyping(String userId, String metadataCollectionName, EntityDetail instance, TypeDefSummary newTypeDefSummary) Tests for whether a specific user should have the right to change the type name of an instance within a repository.voidvalidateUserForEntitySummaryRead(String userId, String metadataCollectionName, EntitySummary instance) Tests for whether a specific user should have read access to a specific instance within a repository.voidvalidateUserForEntityUpdate(String userId, String metadataCollectionName, EntityDetail instance) Tests for whether a specific user should have the right to update an instance within a repository.voidvalidateUserForNewServer(String userId) Check that the calling user is authorized to create new servers.voidvalidateUserForRelationshipCreate(String userId, String metadataCollectionName, String relationshipTypeGUID, InstanceProperties initialProperties, EntitySummary entityOneSummary, EntitySummary entityTwoSummary, InstanceStatus initialStatus) Tests for whether a specific user should have the right to create an instance within a repository.voidvalidateUserForRelationshipDelete(String userId, String metadataCollectionName, Relationship instance) Tests for whether a specific user should have the right to delete an instance within a repository.validateUserForRelationshipRead(String userId, String metadataCollectionName, Relationship instance) Tests for whether a specific user should have read access to a specific instance within a repository.voidvalidateUserForRelationshipReHoming(String userId, String metadataCollectionName, Relationship instance, String newHomeMetadataCollectionId, String newHomeMetadataCollectionName) Tests for whether a specific user should have the right to change the home of a instance within a repository.voidvalidateUserForRelationshipReIdentification(String userId, String metadataCollectionName, Relationship instance, String newGUID) Tests for whether a specific user should have the right to change the guid on an instance within a repository.voidvalidateUserForRelationshipRestore(String userId, String metadataCollectionName, String deletedRelationshipGUID) Tests for whether a specific user should have the right to restore an instance within a repository.voidvalidateUserForRelationshipReTyping(String userId, String metadataCollectionName, Relationship instance, TypeDefSummary newTypeDefSummary) Tests for whether a specific user should have the right to change the type name of an instance within a repository.voidvalidateUserForRelationshipUpdate(String userId, String metadataCollectionName, Relationship instance) Tests for whether a specific user should have the right to update an instance within a repository.voidvalidateUserForServer(String userId) Check that the calling user is authorized to issue a (any) request to the OMAG Server Platform.voidvalidateUserForService(String userId, String serviceName) Check that the calling user is authorized to issue this request.voidvalidateUserForServiceOperation(String userId, String serviceName, String serviceOperationName) Check that the calling user is authorized to issue this specific request.voidvalidateUserForTypeCreate(String userId, String metadataCollectionName, AttributeTypeDef attributeTypeDef) Tests for whether a specific user should have the right to create a type within a repository.voidvalidateUserForTypeCreate(String userId, String metadataCollectionName, TypeDef typeDef) Tests for whether a specific user should have the right to create a type within a repository.voidvalidateUserForTypeDelete(String userId, String metadataCollectionName, AttributeTypeDef attributeTypeDef) Tests for whether a specific user should have the right to delete a type within a repository.voidvalidateUserForTypeDelete(String userId, String metadataCollectionName, TypeDef typeDef) Tests for whether a specific user should have the right to delete a type within a repository.voidvalidateUserForTypeRead(String userId, String metadataCollectionName, AttributeTypeDef attributeTypeDef) Tests for whether a specific user should have read access to a specific type within a repository.voidvalidateUserForTypeRead(String userId, String metadataCollectionName, TypeDef typeDef) Tests for whether a specific user should have read access to a specific type within a repository.voidvalidateUserForTypeReIdentify(String userId, String metadataCollectionName, AttributeTypeDef originalAttributeTypeDef, String newTypeDefGUID, String newTypeDefName) Tests for whether a specific user should have the right to change the identifiers for a type within a repository.voidvalidateUserForTypeReIdentify(String userId, String metadataCollectionName, TypeDef originalTypeDef, String newTypeDefGUID, String newTypeDefName) Tests for whether a specific user should have the right to change the identifiers for a type within a repository.voidvalidateUserForTypeUpdate(String userId, String metadataCollectionName, TypeDef typeDef, TypeDefPatch patch) Tests for whether a specific user should have the right to update a typeDef within a repository.protected booleanvalidateUserInGroup(String userId, String groupName) This method does the lookup of the user and group in the secrets store.protected booleanvalidateUserInGroup(OpenMetadataUserAccount userAccount, String groupName) This method does the lookup of the user and group in the secrets store.protected booleanvalidateZoneAccess(String entityGUID, String entityTypeName, List<Classification> classifications, OpenMetadataUserAccount userAccount, String createdBy, boolean isUserOwner, AccessOperation operation, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) Determine whether the security tags provide access to the elementMethods inherited from class org.odpi.openmetadata.metadatasecurity.connectors.OpenMetadataSecurityConnector
disconnect, getConnectorComponentDescription, logConnectorDisconnecting, logConnectorStarting, printZoneList, setAuditLog, setLocalServerUserId, setServerName, setServerPlatformURL, throwMissingAnchor, throwUnauthorizedAddFeedback, throwUnauthorizedAnchorAccess, throwUnauthorizedElementAccess, throwUnauthorizedInstanceAccess, throwUnauthorizedInstanceChange, throwUnauthorizedInstanceCreate, throwUnauthorizedPlatformAccess, throwUnauthorizedServerAccess, throwUnauthorizedServiceAccess, throwUnauthorizedTypeAccess, throwUnauthorizedTypeChange, throwUnauthorizedZoneChange, throwUnknownUserMethods inherited from class org.odpi.openmetadata.frameworks.connectors.ConnectorBase
combineConfigurationProperties, disconnectConnectors, equals, getArrayConfigurationProperty, getArrayConfigurationProperty, getArrayConfigurationProperty, getAssetTypeName, getBooleanConfigurationProperty, getConnectedAssetProperties, getConnection, getConnectorInstanceId, getDateConfigurationProperty, getIntConfigurationProperty, getLongConfigurationProperty, getNetworkAddresses, getStringConfigurationProperty, getStringConfigurationProperty, getSuppliedPlaceholderProperties, hashCode, initialize, initializeConnectedAssetProperties, initializeEmbeddedConnectors, initializeSecretsStoreConnector, isActive, logExceptionRecord, logRecord, logRecord, throwMissingConfigurationProperty, throwMissingResource, throwNoAsset, throwWrongTypeOfAsset, throwWrongTypeOfResource, throwWrongTypeOfRootSchema, toStringMethods inherited from class org.odpi.openmetadata.frameworks.connectors.Connector
clearStatisticProperty, clearStatisticTimestamp, getConnectorStatistics, getStatisticCounter, getStatisticProperty, getStatisticTimestamp, incrementStatisticCounter, initializeStatisticCounter, setStatisticProperty, setStatisticTimestampMethods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, waitMethods inherited from interface org.odpi.openmetadata.metadatasecurity.OpenMetadataPlatformSecurity
setServerPlatformURL
-
Constructor Details
-
OpenMetadataAccessSecurityConnector
public OpenMetadataAccessSecurityConnector()Constructor sets up the security policies
-
-
Method Details
-
start
Indicates that the connector is completely configured and can begin processing.- Overrides:
startin classOpenMetadataSecurityConnector- Throws:
ConnectorCheckedException- there is a problem within the connector.
-
getUserAccount
Retrieve information about a specific user. This is used during a user's request for a token- Specified by:
getUserAccountin interfaceOpenMetadataUserSecurity- Parameters:
userId- calling user- Returns:
- security properties about the user
- Throws:
UserNotAuthorizedException- user not recognized - or supplied an incorrect password
-
resolveServerGroupName
Return a group name using a pattern.- Parameters:
pattern- pattern to usename- name of resource- Returns:
- formatted name or null which means ignore
-
resolveServiceGroupName
Return a group name using a pattern.- Parameters:
pattern- pattern to useserviceName- name of serviceoperationName- requested operation- Returns:
- formatted name or null which means ignore
-
resolveElementGroupName
protected String resolveElementGroupName(String pattern, String qualifiedName, String operationName) Return a group name using a pattern.- Parameters:
pattern- pattern to usequalifiedName- qualified name of resourceoperationName- requested operation- Returns:
- formatted name or null which means ignore
-
resolveOwnershipGroupName
protected String resolveOwnershipGroupName(String pattern, List<Classification> classifications, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) Return a group name using a pattern.- Parameters:
pattern- pattern to useclassifications- classifications associated with an elementrepositoryHelper- manipulates repository service objectsserviceName- calling servicemethodName- calling method- Returns:
- formatted name or null which means ignore
-
resolveServerServiceOperationGroupName
protected String resolveServerServiceOperationGroupName(String pattern, String serverName, String serviceName, String operationName) Return a group name using a pattern.- Parameters:
pattern- pattern to useserverName- name of serverserviceName- name of serviceoperationName- requested operation- Returns:
- formatted name
-
validateUserInGroup
protected boolean validateUserInGroup(String userId, String groupName) throws UserNotAuthorizedException This method does the lookup of the user and group in the secrets store.- Parameters:
userId- calling usergroupName- group that they should be a member of- Returns:
- boolean indicating that they are not members of the group
- Throws:
UserNotAuthorizedException- bad user id
-
validateUserInGroup
This method does the lookup of the user and group in the secrets store.- Parameters:
userAccount- calling usergroupName- group that they should be a member of- Returns:
- boolean indicating that they are not members of the group
-
checkNameInGroup
This method performs the nested look up of a user's name in the groups.- Parameters:
name- name from the user accountlist- list of names- Returns:
- boolean
-
validateUserForNewServer
Check that the calling user is authorized to create new servers.- Specified by:
validateUserForNewServerin interfaceOpenMetadataPlatformSecurity- Overrides:
validateUserForNewServerin classOpenMetadataSecurityConnector- Parameters:
userId- calling user- Throws:
UserNotAuthorizedException- the user is not authorized to access this platform
-
validateUserAsOperatorForPlatform
Check that the calling user is authorized to issue operator requests to the OMAG Server Platform.- Specified by:
validateUserAsOperatorForPlatformin interfaceOpenMetadataPlatformSecurity- Overrides:
validateUserAsOperatorForPlatformin classOpenMetadataSecurityConnector- Parameters:
userId- calling user- Throws:
UserNotAuthorizedException- the user is not authorized to issue operator commands to this platform
-
validateUserAsInvestigatorForPlatform
Check that the calling user is authorized to issue diagnostic requests to the OMAG Server Platform.- Specified by:
validateUserAsInvestigatorForPlatformin interfaceOpenMetadataPlatformSecurity- Overrides:
validateUserAsInvestigatorForPlatformin classOpenMetadataSecurityConnector- Parameters:
userId- calling user- Throws:
UserNotAuthorizedException- the user is not authorized to issue diagnostic commands to this platform
-
validateUserForServer
Check that the calling user is authorized to issue a (any) request to the OMAG Server Platform.- Specified by:
validateUserForServerin interfaceOpenMetadataServerSecurity- Overrides:
validateUserForServerin classOpenMetadataSecurityConnector- Parameters:
userId- calling user- Throws:
UserNotAuthorizedException- the user is not authorized to access this function
-
validateUserAsServerAdmin
Check that the calling user is authorized to update the configuration for a server.- Specified by:
validateUserAsServerAdminin interfaceOpenMetadataServerSecurity- Overrides:
validateUserAsServerAdminin classOpenMetadataSecurityConnector- Parameters:
userId- calling user- Throws:
UserNotAuthorizedException- the user is not authorized to change configuration
-
validateUserAsServerOperator
Check that the calling user is authorized to issue operator requests to the OMAG Server.- Specified by:
validateUserAsServerOperatorin interfaceOpenMetadataServerSecurity- Overrides:
validateUserAsServerOperatorin classOpenMetadataSecurityConnector- Parameters:
userId- calling user- Throws:
UserNotAuthorizedException- the user is not authorized to issue operator commands to this server
-
validateUserAsServerInvestigator
Check that the calling user is authorized to issue operator requests to the OMAG Server.- Specified by:
validateUserAsServerInvestigatorin interfaceOpenMetadataServerSecurity- Overrides:
validateUserAsServerInvestigatorin classOpenMetadataSecurityConnector- Parameters:
userId- calling user- Throws:
UserNotAuthorizedException- the user is not authorized to issue diagnostic commands to this server
-
validateUserForService
public void validateUserForService(String userId, String serviceName) throws UserNotAuthorizedException Check that the calling user is authorized to issue this request.- Specified by:
validateUserForServicein interfaceOpenMetadataServiceSecurity- Overrides:
validateUserForServicein classOpenMetadataSecurityConnector- Parameters:
userId- calling userserviceName- name of called service- Throws:
UserNotAuthorizedException- the user is not authorized to access this service
-
validateUserForServiceOperation
public void validateUserForServiceOperation(String userId, String serviceName, String serviceOperationName) throws UserNotAuthorizedException Check that the calling user is authorized to issue this specific request.- Specified by:
validateUserForServiceOperationin interfaceOpenMetadataServiceSecurity- Overrides:
validateUserForServiceOperationin classOpenMetadataSecurityConnector- Parameters:
userId- calling userserviceName- name of called serviceserviceOperationName- name of called operation- Throws:
UserNotAuthorizedException- the user is not authorized to access this service
-
setSupportedZonesForUser
public List<String> setSupportedZonesForUser(List<String> supportedZones, String serviceName, String user) throws UserNotAuthorizedException Determine the appropriate setting for the supported zones depending on the user and the default supported zones set up for the service. This is called whenever an asset is accessed.- Overrides:
setSupportedZonesForUserin classOpenMetadataSecurityConnector- Parameters:
supportedZones- default setting of the supported zones for the serviceserviceName- name of the called serviceuser- name of the user- Returns:
- list of supported zones for the user
- Throws:
UserNotAuthorizedException- unknown user
-
validateSecurityTagAccess
protected boolean validateSecurityTagAccess(String entityGUID, String entityTypeName, List<Classification> classifications, OpenMetadataUserAccount userAccount, AccessOperation operation, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException Determine whether the security tags provide access to the element- Parameters:
entityGUID- unique identifier of entityentityTypeName- type of entityclassifications- list of classifications from entityuserAccount- calling useroperation- operation that they wish to performrepositoryHelper- manipulates repository service objectsserviceName- calling servicemethodName- calling method- Returns:
- true=the user has access; false=no information on access for this user
- Throws:
UserNotAuthorizedException- the user is not authorized for this type of access
-
validateZoneAccess
protected boolean validateZoneAccess(String entityGUID, String entityTypeName, List<Classification> classifications, OpenMetadataUserAccount userAccount, String createdBy, boolean isUserOwner, AccessOperation operation, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException Determine whether the security tags provide access to the element- Parameters:
entityGUID- unique identifier of entityentityTypeName- type of entityclassifications- list of classifications from entityuserAccount- calling usercreatedBy- original creator of the entityisUserOwner- is the user an owneroperation- operation that they wish to performrepositoryHelper- manipulates repository service objectsserviceName- calling servicemethodName- calling method- Returns:
- true=the user has access; false=no information on access for this user
- Throws:
UserNotAuthorizedException- the user is not authorized for this type of access
-
validateClassificationAccess
protected boolean validateClassificationAccess(String entityGUID, String entityTypeName, List<Classification> classifications, OpenMetadataUserAccount userAccount, AccessOperation operation, String createdBy, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException Determine whether the classifications provide access or restrict access to the element- Parameters:
entityGUID- unique identifier of entityentityTypeName- type of entityclassifications- list of classifications from entityuserAccount- calling useroperation- operation that they wish to performcreatedBy- original creator of the entityrepositoryHelper- manipulates repository service objectsserviceName- calling servicemethodName- calling method- Returns:
- true=the user has access; false=no information on access for this user
- Throws:
UserNotAuthorizedException- the user is not authorized for this type of access to this entity
-
validateUserForElementCreate
public void validateUserForElementCreate(String userId, String entityTypeGUID, String entityTypeName, InstanceProperties newProperties, List<Classification> classifications, InstanceStatus instanceStatus, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to create an element.- Specified by:
validateUserForElementCreatein interfaceOpenMetadataElementSecurity- Parameters:
userId- identifier of userentityTypeGUID- unique identifier of the type of entity to createentityTypeName- unique name of the type of entity to createnewProperties- properties for new entityclassifications- classifications for new entityinstanceStatus- status for new entityrepositoryHelper- manipulates repository service objectsserviceName- calling servicemethodName- calling method- Throws:
UserNotAuthorizedException- the user is not authorized to perform this command
-
validateUserForElementRead
public void validateUserForElementRead(String userId, EntityDetail requestedEntity, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException Tests for whether a specific user should have read access to a specific element and its contents.- Specified by:
validateUserForElementReadin interfaceOpenMetadataElementSecurity- Parameters:
userId- calling userrequestedEntity- entity requested by the callerrepositoryHelper- helper for OMRS objectsserviceName- calling servicemethodName- calling method- Throws:
UserNotAuthorizedException- user not authorized to issue this request
-
validateUserForAnchorMemberRead
public void validateUserForAnchorMemberRead(String userId, EntityDetail anchorEntity, EntityDetail requestedEntity, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException Tests for whether a specific user should have read access to a specific element and its contents.- Specified by:
validateUserForAnchorMemberReadin interfaceOpenMetadataElementSecurity- Parameters:
userId- calling useranchorEntity- entity for the anchor (if extracted - may be null)requestedEntity- entity requested by the callerrepositoryHelper- helper for OMRS objectsserviceName- calling servicemethodName- calling method- Throws:
UserNotAuthorizedException- user not authorized to issue this request
-
validateUserForElementDetailUpdate
public void validateUserForElementDetailUpdate(String userId, EntityDetail originalEntity, InstanceProperties newEntityProperties, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to update the properties of an element.- Specified by:
validateUserForElementDetailUpdatein interfaceOpenMetadataElementSecurity- Parameters:
userId- identifier of useroriginalEntity- original entity detailsnewEntityProperties- new propertiesrepositoryHelper- helper for OMRS objectsserviceName- calling servicemethodName- calling method- Throws:
UserNotAuthorizedException- the user is not authorized to change this element
-
validateUserForElementStatusUpdate
public void validateUserForElementStatusUpdate(String userId, EntityDetail originalEntity, InstanceStatus newStatus, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to update the properties of an element.- Specified by:
validateUserForElementStatusUpdatein interfaceOpenMetadataElementSecurity- Parameters:
userId- identifier of useroriginalEntity- original entity detailsnewStatus- new value for statusrepositoryHelper- helper for OMRS objectsserviceName- calling servicemethodName- calling method- Throws:
UserNotAuthorizedException- the user is not authorized to change this element
-
validateUserForElementAttach
public void validateUserForElementAttach(String userId, EntityDetail startingEntity, EntityDetail attachingEntity, String relationshipName, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to link unanchored elements to this element- Specified by:
validateUserForElementAttachin interfaceOpenMetadataElementSecurity- Parameters:
userId- identifier of userstartingEntity- end 1 detailsattachingEntity- end 1 detailsrelationshipName- name of the relationshiprepositoryHelper- helper for OMRS objectsserviceName- calling servicemethodName- calling method- Throws:
UserNotAuthorizedException- the user is not authorized to change this element
-
validateUserForElementDetach
public void validateUserForElementDetach(String userId, EntityDetail startingEntity, EntityDetail detachingEntity, String relationshipName, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to link unanchored elements to this element- Specified by:
validateUserForElementDetachin interfaceOpenMetadataElementSecurity- Parameters:
userId- identifier of userstartingEntity- end 1 detailsdetachingEntity- end 2 detailsrelationshipName- name of the relationshiprepositoryHelper- helper for OMRS objectsserviceName- calling servicemethodName- calling method- Throws:
UserNotAuthorizedException- the user is not authorized to change this element
-
validateUserForElementAddFeedback
public void validateUserForElementAddFeedback(String userId, EntityDetail originalEntity, EntityDetail feedbackEntity, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to attach feedback - such as comments, ratings, tags and likes, to the element.- Specified by:
validateUserForElementAddFeedbackin interfaceOpenMetadataElementSecurity- Parameters:
userId- identifier of useroriginalEntity- original entity detailsfeedbackEntity- feedback elementrepositoryHelper- helper for OMRS objectsserviceName- calling servicemethodName- calling method- Throws:
UserNotAuthorizedException- the user is not authorized to change this element
-
validateUserForElementDeleteFeedback
public void validateUserForElementDeleteFeedback(String userId, EntityDetail originalEntity, EntityDetail feedbackEntity, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to detach feedback - such as comments, ratings, tags and likes, to the element.- Specified by:
validateUserForElementDeleteFeedbackin interfaceOpenMetadataElementSecurity- Parameters:
userId- identifier of useroriginalEntity- original entity detailsfeedbackEntity- feedback elementrepositoryHelper- helper for OMRS objectsserviceName- calling servicemethodName- calling method- Throws:
UserNotAuthorizedException- the user is not authorized to change this element
-
validateUserForElementClassify
public void validateUserForElementClassify(String userId, EntityDetail originalEntity, String classificationName, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to add or update a classification on this element.- Specified by:
validateUserForElementClassifyin interfaceOpenMetadataElementSecurity- Parameters:
userId- identifier of useroriginalEntity- original entity detailsclassificationName- name of the classificationrepositoryHelper- helper for OMRS objectsserviceName- calling servicemethodName- calling method- Throws:
UserNotAuthorizedException- the user is not authorized to change this element
-
validateUserForElementDeclassify
public void validateUserForElementDeclassify(String userId, EntityDetail originalEntity, String classificationName, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to remove a classification from this element- Specified by:
validateUserForElementDeclassifyin interfaceOpenMetadataElementSecurity- Parameters:
userId- identifier of useroriginalEntity- original entity detailsclassificationName- name of the classificationrepositoryHelper- helper for OMRS objectsserviceName- calling servicemethodName- calling method- Throws:
UserNotAuthorizedException- the user is not authorized to change this element
-
validateUserForAnchorMemberUpdate
public void validateUserForAnchorMemberUpdate(String userId, EntityDetail anchorEntity, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to update elements attached directly to an anchor such as glossary terms and categories attached to an element. These updates could be to their properties, classifications and relationships.- Specified by:
validateUserForAnchorMemberUpdatein interfaceOpenMetadataElementSecurity- Parameters:
userId- identifier of useranchorEntity- element detailsrepositoryHelper- helper for OMRS objectsserviceName- calling servicemethodName- calling method- Throws:
UserNotAuthorizedException- the user is not authorized to change this element
-
validateUserForAnchorMemberStatusUpdate
public void validateUserForAnchorMemberStatusUpdate(String userId, EntityDetail anchorEntity, EntityDetail originalEntity, InstanceStatus newStatus, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to update the instance status of an element.- Specified by:
validateUserForAnchorMemberStatusUpdatein interfaceOpenMetadataElementSecurity- Parameters:
userId- identifier of useranchorEntity- anchor detailsrepositoryHelper- helper for OMRS objectsserviceName- calling servicemethodName- calling methodoriginalEntity- entity being updatednewStatus- new value for status- Throws:
UserNotAuthorizedException- the user is not authorized to change this element
-
validateUserForAnchorAttach
public void validateUserForAnchorAttach(String userId, EntityDetail anchorEntity, EntityDetail attachingEntity, String relationshipName, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to link unanchored elements- Specified by:
validateUserForAnchorAttachin interfaceOpenMetadataElementSecurity- Parameters:
userId- identifier of useranchorEntity- anchor detailsattachingEntity- new elementrelationshipName- name of the relationshiprepositoryHelper- helper for OMRS objectsserviceName- calling servicemethodName- calling method- Throws:
UserNotAuthorizedException- the user is not authorized to change this element
-
validateUserForAnchorDetach
public void validateUserForAnchorDetach(String userId, EntityDetail anchorEntity, EntityDetail detachingEntity, String relationshipName, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to link unanchored elements- Specified by:
validateUserForAnchorDetachin interfaceOpenMetadataElementSecurity- Parameters:
userId- identifier of useranchorEntity- anchor detailsdetachingEntity- obsolete elementrelationshipName- name of the relationshiprepositoryHelper- helper for OMRS objectsserviceName- calling servicemethodName- calling method- Throws:
UserNotAuthorizedException- the user is not authorized to change this element
-
validateUserForAnchorAddFeedback
public void validateUserForAnchorAddFeedback(String userId, EntityDetail anchorEntity, EntityDetail feedbackEntity, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to attach feedback - such as comments, ratings, tags and likes, to the anchor or member element.- Specified by:
validateUserForAnchorAddFeedbackin interfaceOpenMetadataElementSecurity- Parameters:
userId- identifier of useranchorEntity- anchor detailsfeedbackEntity- feedback elementrepositoryHelper- helper for OMRS objectsserviceName- calling servicemethodName- calling method- Throws:
UserNotAuthorizedException- the user is not authorized to change this element
-
validateUserForAnchorDeleteFeedback
public void validateUserForAnchorDeleteFeedback(String userId, EntityDetail anchorEntity, EntityDetail feedbackEntity, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to detach feedback - such as comments, ratings, tags and likes, to the anchor or member element.- Specified by:
validateUserForAnchorDeleteFeedbackin interfaceOpenMetadataElementSecurity- Parameters:
userId- identifier of useranchorEntity- anchor detailsfeedbackEntity- feedback elementrepositoryHelper- helper for OMRS objectsserviceName- calling servicemethodName- calling method- Throws:
UserNotAuthorizedException- the user is not authorized to change this element
-
validateUserForAnchorClassify
public void validateUserForAnchorClassify(String userId, EntityDetail anchorEntity, String classificationName, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to add or update a classification on this anchor or member element.- Specified by:
validateUserForAnchorClassifyin interfaceOpenMetadataElementSecurity- Parameters:
userId- identifier of useranchorEntity- anchor detailsclassificationName- name of the classificationrepositoryHelper- helper for OMRS objectsserviceName- calling servicemethodName- calling method- Throws:
UserNotAuthorizedException- the user is not authorized to change this element
-
validateUserForAnchorDeclassify
public void validateUserForAnchorDeclassify(String userId, EntityDetail anchorEntity, String classificationName, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to remove a classification from this anchor or member element- Specified by:
validateUserForAnchorDeclassifyin interfaceOpenMetadataElementSecurity- Parameters:
userId- identifier of useranchorEntity- anchor detailsclassificationName- name of the classificationrepositoryHelper- helper for OMRS objectsserviceName- calling servicemethodName- calling method- Throws:
UserNotAuthorizedException- the user is not authorized to change this element
-
validateUserForAnchorMemberDelete
public void validateUserForAnchorMemberDelete(String userId, EntityDetail anchorEntity, EntityDetail obsoleteEntity, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to delete an element and all of its contents.- Specified by:
validateUserForAnchorMemberDeletein interfaceOpenMetadataElementSecurity- Parameters:
userId- identifier of userobsoleteEntity- original element detailsrepositoryHelper- helper for OMRS objectsserviceName- calling servicemethodName- calling method- Throws:
UserNotAuthorizedException- the user is not authorized to change this element
-
validateUserForElementDelete
public void validateUserForElementDelete(String userId, EntityDetail entity, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to delete an element and all of its contents.- Specified by:
validateUserForElementDeletein interfaceOpenMetadataElementSecurity- Parameters:
userId- identifier of userentity- original element detailsrepositoryHelper- helper for OMRS objectsserviceName- calling servicemethodName- calling method- Throws:
UserNotAuthorizedException- the user is not authorized to change this element
-
validateUserForAnchorMemberAdd
public void validateUserForAnchorMemberAdd(String userId, EntityDetail anchorEntity, EntityDetail newMemberEntity, String relationshipName, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to attach feedback - such as comments, ratings, tags and likes, to the element.- Specified by:
validateUserForAnchorMemberAddin interfaceOpenMetadataElementSecurity- Parameters:
userId- identifier of useranchorEntity- anchor detailsnewMemberEntity- feedback elementrelationshipName- name of the relationshiprepositoryHelper- helper for OMRS objectsserviceName- calling servicemethodName- calling method- Throws:
UserNotAuthorizedException- the user is not authorized to change this element
-
selectConnection
public EntityDetail selectConnection(String userId, EntityDetail assetEntity, List<EntityDetail> connectionEntities, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException Use the security connector to make a choice on which connection to supply to the requesting user.- Specified by:
selectConnectionin interfaceOpenMetadataElementSecurity- Parameters:
userId- calling userIdassetEntity- associated asset - may be nullconnectionEntities- list of retrieved connectionsrepositoryHelper- for working with OMRS objectsserviceName- calling servicemethodName- calling method- Returns:
- single connection entity, or null
- Throws:
UserNotAuthorizedException- the user is not able to use any of the connections
-
validateUserForTypeCreate
public void validateUserForTypeCreate(String userId, String metadataCollectionName, TypeDef typeDef) throws UserNotAuthorizedException Tests for whether a specific user should have the right to create a type within a repository.- Specified by:
validateUserForTypeCreatein interfaceOpenMetadataRepositorySecurity- Overrides:
validateUserForTypeCreatein classOpenMetadataSecurityConnector- Parameters:
userId- identifier of usermetadataCollectionName- configurable name of the metadata collectiontypeDef- type details- Throws:
UserNotAuthorizedException- the user is not authorized to maintain types
-
validateUserForTypeCreate
public void validateUserForTypeCreate(String userId, String metadataCollectionName, AttributeTypeDef attributeTypeDef) throws UserNotAuthorizedException Tests for whether a specific user should have the right to create a type within a repository.- Specified by:
validateUserForTypeCreatein interfaceOpenMetadataRepositorySecurity- Overrides:
validateUserForTypeCreatein classOpenMetadataSecurityConnector- Parameters:
userId- identifier of usermetadataCollectionName- configurable name of the metadata collectionattributeTypeDef- type details- Throws:
UserNotAuthorizedException- the user is not authorized to maintain types
-
validateUserForTypeRead
public void validateUserForTypeRead(String userId, String metadataCollectionName, TypeDef typeDef) throws UserNotAuthorizedException Tests for whether a specific user should have read access to a specific type within a repository.- Specified by:
validateUserForTypeReadin interfaceOpenMetadataRepositorySecurity- Overrides:
validateUserForTypeReadin classOpenMetadataSecurityConnector- Parameters:
userId- identifier of usermetadataCollectionName- configurable name of the metadata collectiontypeDef- type details- Throws:
UserNotAuthorizedException- the user is not authorized to retrieve types
-
validateUserForTypeRead
public void validateUserForTypeRead(String userId, String metadataCollectionName, AttributeTypeDef attributeTypeDef) throws UserNotAuthorizedException Tests for whether a specific user should have read access to a specific type within a repository.- Specified by:
validateUserForTypeReadin interfaceOpenMetadataRepositorySecurity- Overrides:
validateUserForTypeReadin classOpenMetadataSecurityConnector- Parameters:
userId- identifier of usermetadataCollectionName- configurable name of the metadata collectionattributeTypeDef- type details- Throws:
UserNotAuthorizedException- the user is not authorized to retrieve types
-
validateUserForTypeUpdate
public void validateUserForTypeUpdate(String userId, String metadataCollectionName, TypeDef typeDef, TypeDefPatch patch) throws UserNotAuthorizedException Tests for whether a specific user should have the right to update a typeDef within a repository.- Specified by:
validateUserForTypeUpdatein interfaceOpenMetadataRepositorySecurity- Overrides:
validateUserForTypeUpdatein classOpenMetadataSecurityConnector- Parameters:
userId- identifier of usermetadataCollectionName- configurable name of the metadata collectiontypeDef- current typeDef detailspatch- proposed changes to type- Throws:
UserNotAuthorizedException- the user is not authorized to maintain types
-
validateUserForTypeDelete
public void validateUserForTypeDelete(String userId, String metadataCollectionName, TypeDef typeDef) throws UserNotAuthorizedException Tests for whether a specific user should have the right to delete a type within a repository.- Specified by:
validateUserForTypeDeletein interfaceOpenMetadataRepositorySecurity- Overrides:
validateUserForTypeDeletein classOpenMetadataSecurityConnector- Parameters:
userId- identifier of usermetadataCollectionName- configurable name of the metadata collectiontypeDef- type details- Throws:
UserNotAuthorizedException- the user is not authorized to maintain types
-
validateUserForTypeDelete
public void validateUserForTypeDelete(String userId, String metadataCollectionName, AttributeTypeDef attributeTypeDef) throws UserNotAuthorizedException Tests for whether a specific user should have the right to delete a type within a repository.- Specified by:
validateUserForTypeDeletein interfaceOpenMetadataRepositorySecurity- Overrides:
validateUserForTypeDeletein classOpenMetadataSecurityConnector- Parameters:
userId- identifier of usermetadataCollectionName- configurable name of the metadata collectionattributeTypeDef- type details- Throws:
UserNotAuthorizedException- the user is not authorized to maintain types
-
validateUserForTypeReIdentify
public void validateUserForTypeReIdentify(String userId, String metadataCollectionName, TypeDef originalTypeDef, String newTypeDefGUID, String newTypeDefName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to change the identifiers for a type within a repository.- Specified by:
validateUserForTypeReIdentifyin interfaceOpenMetadataRepositorySecurity- Overrides:
validateUserForTypeReIdentifyin classOpenMetadataSecurityConnector- Parameters:
userId- identifier of usermetadataCollectionName- configurable name of the metadata collectionoriginalTypeDef- type detailsnewTypeDefGUID- the new identifier for the type.newTypeDefName- new name for this type.- Throws:
UserNotAuthorizedException- the user is not authorized to maintain types
-
validateUserForTypeReIdentify
public void validateUserForTypeReIdentify(String userId, String metadataCollectionName, AttributeTypeDef originalAttributeTypeDef, String newTypeDefGUID, String newTypeDefName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to change the identifiers for a type within a repository.- Specified by:
validateUserForTypeReIdentifyin interfaceOpenMetadataRepositorySecurity- Overrides:
validateUserForTypeReIdentifyin classOpenMetadataSecurityConnector- Parameters:
userId- identifier of usermetadataCollectionName- configurable name of the metadata collectionoriginalAttributeTypeDef- type detailsnewTypeDefGUID- the new identifier for the type.newTypeDefName- new name for this type.- Throws:
UserNotAuthorizedException- the user is not authorized to maintain types
-
validateUserForEntityCreate
public void validateUserForEntityCreate(String userId, String metadataCollectionName, String entityTypeGUID, InstanceProperties initialProperties, List<Classification> initialClassifications, InstanceStatus initialStatus) throws UserNotAuthorizedException Tests for whether a specific user should have the right to create an instance within a repository.- Specified by:
validateUserForEntityCreatein interfaceOpenMetadataRepositorySecurity- Overrides:
validateUserForEntityCreatein classOpenMetadataSecurityConnector- Parameters:
userId- identifier of usermetadataCollectionName- configurable name of the metadata collectionentityTypeGUID- unique identifier (guid) for the new entity's type.initialProperties- initial list of properties for the new entity null means no properties.initialClassifications- initial list of classifications for the new entity null means no classifications.initialStatus- initial status typically DRAFT, PREPARED or ACTIVE.- Throws:
UserNotAuthorizedException- the user is not authorized to maintain instances
-
validateUserForEntityRead
public EntityDetail validateUserForEntityRead(String userId, String metadataCollectionName, EntityDetail instance) throws UserNotAuthorizedException Tests for whether a specific user should have read access to a specific instance within a repository.- Specified by:
validateUserForEntityReadin interfaceOpenMetadataRepositorySecurity- Overrides:
validateUserForEntityReadin classOpenMetadataSecurityConnector- Parameters:
userId- identifier of usermetadataCollectionName- configurable name of the metadata collectioninstance- instance details- Returns:
- entity to return (maybe altered by the connector)
- Throws:
UserNotAuthorizedException- the user is not authorized to retrieve instances
-
validateUserForEntitySummaryRead
public void validateUserForEntitySummaryRead(String userId, String metadataCollectionName, EntitySummary instance) throws UserNotAuthorizedException Tests for whether a specific user should have read access to a specific instance within a repository.- Specified by:
validateUserForEntitySummaryReadin interfaceOpenMetadataRepositorySecurity- Overrides:
validateUserForEntitySummaryReadin classOpenMetadataSecurityConnector- Parameters:
userId- identifier of usermetadataCollectionName- configurable name of the metadata collectioninstance- instance details- Throws:
UserNotAuthorizedException- the user is not authorized to retrieve instances
-
validateUserForEntityProxyRead
public void validateUserForEntityProxyRead(String userId, String metadataCollectionName, EntityProxy instance) throws UserNotAuthorizedException Tests for whether a specific user should have read access to a specific instance within a repository.- Specified by:
validateUserForEntityProxyReadin interfaceOpenMetadataRepositorySecurity- Overrides:
validateUserForEntityProxyReadin classOpenMetadataSecurityConnector- Parameters:
userId- identifier of usermetadataCollectionName- configurable name of the metadata collectioninstance- instance details- Throws:
UserNotAuthorizedException- the user is not authorized to retrieve instances
-
validateUserForEntityUpdate
public void validateUserForEntityUpdate(String userId, String metadataCollectionName, EntityDetail instance) throws UserNotAuthorizedException Tests for whether a specific user should have the right to update an instance within a repository.- Specified by:
validateUserForEntityUpdatein interfaceOpenMetadataRepositorySecurity- Overrides:
validateUserForEntityUpdatein classOpenMetadataSecurityConnector- Parameters:
userId- identifier of usermetadataCollectionName- configurable name of the metadata collectioninstance- instance details- Throws:
UserNotAuthorizedException- the user is not authorized to maintain instances
-
validateUserForEntityClassificationAdd
public void validateUserForEntityClassificationAdd(String userId, String metadataCollectionName, EntitySummary instance, String classificationName, InstanceProperties properties) throws UserNotAuthorizedException Tests for whether a specific user should have the right to add a classification to an entity instance within a repository.- Specified by:
validateUserForEntityClassificationAddin interfaceOpenMetadataRepositorySecurity- Overrides:
validateUserForEntityClassificationAddin classOpenMetadataSecurityConnector- Parameters:
userId- identifier of usermetadataCollectionName- configurable name of the metadata collectioninstance- instance detailsclassificationName- String name for the classification.properties- list of properties for the classification.- Throws:
UserNotAuthorizedException- the user is not authorized to maintain instances
-
validateUserForEntityClassificationUpdate
public void validateUserForEntityClassificationUpdate(String userId, String metadataCollectionName, EntitySummary instance, String classificationName, InstanceProperties properties) throws UserNotAuthorizedException Tests for whether a specific user should have the right to update the classification for an entity instance within a repository.- Specified by:
validateUserForEntityClassificationUpdatein interfaceOpenMetadataRepositorySecurity- Overrides:
validateUserForEntityClassificationUpdatein classOpenMetadataSecurityConnector- Parameters:
userId- identifier of usermetadataCollectionName- configurable name of the metadata collectioninstance- instance detailsclassificationName- String name for the classification.properties- list of properties for the classification.- Throws:
UserNotAuthorizedException- the user is not authorized to maintain instances
-
validateUserForEntityClassificationDelete
public void validateUserForEntityClassificationDelete(String userId, String metadataCollectionName, EntitySummary instance, String classificationName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to delete a classification from an entity instance within a repository.- Specified by:
validateUserForEntityClassificationDeletein interfaceOpenMetadataRepositorySecurity- Overrides:
validateUserForEntityClassificationDeletein classOpenMetadataSecurityConnector- Parameters:
userId- identifier of usermetadataCollectionName- configurable name of the metadata collectioninstance- instance detailsclassificationName- String name for the classification.- Throws:
UserNotAuthorizedException- the user is not authorized to maintain instances
-
validateUserForEntityDelete
public void validateUserForEntityDelete(String userId, String metadataCollectionName, EntityDetail instance) throws UserNotAuthorizedException Tests for whether a specific user should have the right to delete an instance within a repository.- Specified by:
validateUserForEntityDeletein interfaceOpenMetadataRepositorySecurity- Overrides:
validateUserForEntityDeletein classOpenMetadataSecurityConnector- Parameters:
userId- identifier of usermetadataCollectionName- configurable name of the metadata collectioninstance- instance details- Throws:
UserNotAuthorizedException- the user is not authorized to maintain instances
-
validateUserForEntityRestore
public void validateUserForEntityRestore(String userId, String metadataCollectionName, String deletedEntityGUID) throws UserNotAuthorizedException Tests for whether a specific user should have the right to restore an instance within a repository.- Specified by:
validateUserForEntityRestorein interfaceOpenMetadataRepositorySecurity- Overrides:
validateUserForEntityRestorein classOpenMetadataSecurityConnector- Parameters:
userId- identifier of usermetadataCollectionName- configurable name of the metadata collectiondeletedEntityGUID- String unique identifier (guid) for the entity.- Throws:
UserNotAuthorizedException- the user is not authorized to maintain instances
-
validateUserForEntityReIdentification
public void validateUserForEntityReIdentification(String userId, String metadataCollectionName, EntityDetail instance, String newGUID) throws UserNotAuthorizedException Tests for whether a specific user should have the right to change the guid on an instance within a repository.- Specified by:
validateUserForEntityReIdentificationin interfaceOpenMetadataRepositorySecurity- Overrides:
validateUserForEntityReIdentificationin classOpenMetadataSecurityConnector- Parameters:
userId- identifier of usermetadataCollectionName- configurable name of the metadata collectioninstance- instance detailsnewGUID- the new guid for the instance.- Throws:
UserNotAuthorizedException- the user is not authorized to maintain instances
-
validateUserForEntityReTyping
public void validateUserForEntityReTyping(String userId, String metadataCollectionName, EntityDetail instance, TypeDefSummary newTypeDefSummary) throws UserNotAuthorizedException Tests for whether a specific user should have the right to change the type name of an instance within a repository.- Specified by:
validateUserForEntityReTypingin interfaceOpenMetadataRepositorySecurity- Overrides:
validateUserForEntityReTypingin classOpenMetadataSecurityConnector- Parameters:
userId- identifier of usermetadataCollectionName- configurable name of the metadata collectioninstance- instance detailsnewTypeDefSummary- details of this instance's new TypeDef.- Throws:
UserNotAuthorizedException- the user is not authorized to maintain instances
-
validateUserForEntityReHoming
public void validateUserForEntityReHoming(String userId, String metadataCollectionName, EntityDetail instance, String newHomeMetadataCollectionId, String newHomeMetadataCollectionName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to change the home of an instance within a repository.- Specified by:
validateUserForEntityReHomingin interfaceOpenMetadataRepositorySecurity- Overrides:
validateUserForEntityReHomingin classOpenMetadataSecurityConnector- Parameters:
userId- identifier of usermetadataCollectionName- configurable name of the metadata collectioninstance- instance detailsnewHomeMetadataCollectionId- unique identifier for the new home metadata collection/repository.newHomeMetadataCollectionName- display name for the new home metadata collection/repository.- Throws:
UserNotAuthorizedException- the user is not authorized to maintain instances
-
validateUserForRelationshipCreate
public void validateUserForRelationshipCreate(String userId, String metadataCollectionName, String relationshipTypeGUID, InstanceProperties initialProperties, EntitySummary entityOneSummary, EntitySummary entityTwoSummary, InstanceStatus initialStatus) throws UserNotAuthorizedException Tests for whether a specific user should have the right to create an instance within a repository.- Specified by:
validateUserForRelationshipCreatein interfaceOpenMetadataRepositorySecurity- Overrides:
validateUserForRelationshipCreatein classOpenMetadataSecurityConnector- Parameters:
userId- identifier of usermetadataCollectionName- configurable name of the metadata collectionrelationshipTypeGUID- unique identifier (guid) for the new relationship's type.initialProperties- initial list of properties for the new entity null means no properties.entityOneSummary- the unique identifier of one of the entities that the relationship is connecting together.entityTwoSummary- the unique identifier of the other entity that the relationship is connecting together.initialStatus- initial status typically DRAFT, PREPARED or ACTIVE.- Throws:
UserNotAuthorizedException- the user is not authorized to maintain instances
-
validateUserForRelationshipRead
public Relationship validateUserForRelationshipRead(String userId, String metadataCollectionName, Relationship instance) throws UserNotAuthorizedException Tests for whether a specific user should have read access to a specific instance within a repository.- Specified by:
validateUserForRelationshipReadin interfaceOpenMetadataRepositorySecurity- Overrides:
validateUserForRelationshipReadin classOpenMetadataSecurityConnector- Parameters:
userId- identifier of usermetadataCollectionName- configurable name of the metadata collectioninstance- instance details- Returns:
- relationship to return (maybe altered by the connector)
- Throws:
UserNotAuthorizedException- the user is not authorized to retrieve instances
-
validateUserForRelationshipUpdate
public void validateUserForRelationshipUpdate(String userId, String metadataCollectionName, Relationship instance) throws UserNotAuthorizedException Tests for whether a specific user should have the right to update an instance within a repository.- Specified by:
validateUserForRelationshipUpdatein interfaceOpenMetadataRepositorySecurity- Overrides:
validateUserForRelationshipUpdatein classOpenMetadataSecurityConnector- Parameters:
userId- identifier of usermetadataCollectionName- configurable name of the metadata collectioninstance- instance details- Throws:
UserNotAuthorizedException- the user is not authorized to maintain instances
-
validateUserForRelationshipDelete
public void validateUserForRelationshipDelete(String userId, String metadataCollectionName, Relationship instance) throws UserNotAuthorizedException Tests for whether a specific user should have the right to delete an instance within a repository.- Specified by:
validateUserForRelationshipDeletein interfaceOpenMetadataRepositorySecurity- Overrides:
validateUserForRelationshipDeletein classOpenMetadataSecurityConnector- Parameters:
userId- identifier of usermetadataCollectionName- configurable name of the metadata collectioninstance- instance details- Throws:
UserNotAuthorizedException- the user is not authorized to maintain instances
-
validateUserForRelationshipRestore
public void validateUserForRelationshipRestore(String userId, String metadataCollectionName, String deletedRelationshipGUID) throws UserNotAuthorizedException Tests for whether a specific user should have the right to restore an instance within a repository.- Specified by:
validateUserForRelationshipRestorein interfaceOpenMetadataRepositorySecurity- Overrides:
validateUserForRelationshipRestorein classOpenMetadataSecurityConnector- Parameters:
userId- identifier of usermetadataCollectionName- configurable name of the metadata collectiondeletedRelationshipGUID- String unique identifier (guid) for the relationship.- Throws:
UserNotAuthorizedException- the user is not authorized to maintain instances
-
validateUserForRelationshipReIdentification
public void validateUserForRelationshipReIdentification(String userId, String metadataCollectionName, Relationship instance, String newGUID) throws UserNotAuthorizedException Tests for whether a specific user should have the right to change the guid on an instance within a repository.- Specified by:
validateUserForRelationshipReIdentificationin interfaceOpenMetadataRepositorySecurity- Overrides:
validateUserForRelationshipReIdentificationin classOpenMetadataSecurityConnector- Parameters:
userId- identifier of usermetadataCollectionName- configurable name of the metadata collectioninstance- instance detailsnewGUID- the new guid for the instance.- Throws:
UserNotAuthorizedException- the user is not authorized to maintain instances
-
validateUserForRelationshipReTyping
public void validateUserForRelationshipReTyping(String userId, String metadataCollectionName, Relationship instance, TypeDefSummary newTypeDefSummary) throws UserNotAuthorizedException Tests for whether a specific user should have the right to change the type name of an instance within a repository.- Specified by:
validateUserForRelationshipReTypingin interfaceOpenMetadataRepositorySecurity- Overrides:
validateUserForRelationshipReTypingin classOpenMetadataSecurityConnector- Parameters:
userId- identifier of usermetadataCollectionName- configurable name of the metadata collectioninstance- instance detailsnewTypeDefSummary- details of this instance's new TypeDef.- Throws:
UserNotAuthorizedException- the user is not authorized to maintain instances
-
validateUserForRelationshipReHoming
public void validateUserForRelationshipReHoming(String userId, String metadataCollectionName, Relationship instance, String newHomeMetadataCollectionId, String newHomeMetadataCollectionName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to change the home of a instance within a repository.- Specified by:
validateUserForRelationshipReHomingin interfaceOpenMetadataRepositorySecurity- Overrides:
validateUserForRelationshipReHomingin classOpenMetadataSecurityConnector- Parameters:
userId- identifier of usermetadataCollectionName- configurable name of the metadata collectioninstance- instance detailsnewHomeMetadataCollectionId- unique identifier for the new home metadata collection/repository.newHomeMetadataCollectionName- display name for the new home metadata collection/repository.- Throws:
UserNotAuthorizedException- the user is not authorized to maintain instances
-
validateEntityReferenceCopySave
public boolean validateEntityReferenceCopySave(String userId, EntityDetail instance) throws UserNotAuthorizedException Tests for whether a reference copy should be saved to the repository.- Specified by:
validateEntityReferenceCopySavein interfaceOpenMetadataRepositorySecurity- Parameters:
userId- identifier of userinstance- instance details- Returns:
- flag indicating whether the reference copy should be saved
- Throws:
UserNotAuthorizedException- the user is not authorized to maintain instances
-
validateRelationshipReferenceCopySave
public boolean validateRelationshipReferenceCopySave(String userId, Relationship instance) throws UserNotAuthorizedException Tests for whether a reference copy should be saved to the repository.- Specified by:
validateRelationshipReferenceCopySavein interfaceOpenMetadataRepositorySecurity- Parameters:
userId- identifier of userinstance- instance details- Returns:
- flag indicating whether the reference copy should be saved
- Throws:
UserNotAuthorizedException- the user is not authorized to maintain instances
-