Class OpenMetadataSecurityConnector

All Implemented Interfaces:
AuditLoggingComponent, SecureConnectorExtension, VirtualConnectorExtension
Direct Known Subclasses:
CocoPharmaSecretsSecurityConnector

public class OpenMetadataSecurityConnector extends ConnectorBase implements AuditLoggingComponent
OpenMetadataServerSecurityConnector provides the base class for an Open Metadata Security Connector for both the platform and a server. This connector is configured in an OMAG Configuration Document. Its default behavior is to reject every request. It generates well-defined exceptions and audit log messages. Override these to define the required access for the deployment environment. The methods in this base class can be called if access is to be denied as a way of making use of the message logging and exceptions.
  • Field Details

    • serverRootURL

      protected String serverRootURL
    • serverName

      protected String serverName
    • localServerUserId

      protected String localServerUserId
    • connectorName

      protected String connectorName
    • unknownTypeName

      protected final String unknownTypeName
      See Also:
  • Constructor Details

    • OpenMetadataSecurityConnector

      public OpenMetadataSecurityConnector()
  • Method Details

    • logConnectorStarting

      protected void logConnectorStarting()
      Write a log message to say that the connector is initializing.
    • logConnectorDisconnecting

      protected void logConnectorDisconnecting()
      Write an audit log message to say that the connector is stopping.
    • setServerPlatformURL

      public void setServerPlatformURL(String serverURLRoot)
      Set up the URL Root for the platform where this is running.
      Parameters:
      serverURLRoot - url root
    • throwUnauthorizedPlatformAccess

      protected void throwUnauthorizedPlatformAccess(String userId, String methodName) throws UserNotAuthorizedException
      Write an audit log message and throw exception to record an unauthorized access.
      Parameters:
      userId - calling user
      methodName - calling method
      Throws:
      UserNotAuthorizedException - the authorization check failed
    • getAssetGUID

      protected String getAssetGUID(Asset asset)
      Return a string representing the unique identifier for the asset. If the asset is null then the guid is "null", if the guid is null then the result is "null-guid".
      Parameters:
      asset - asset to test
      Returns:
      string identifier for messages
    • printZoneList

      protected String printZoneList(List<String> zones)
      Return a string representing the list of zones.
      Parameters:
      zones - zones to output
      Returns:
      string for messages
    • getConnectionQualifiedName

      protected String getConnectionQualifiedName(Connection connection)
      Return a string representing the unique identifier for the connection. If the connection is null then the guid is "null", if the guid is null then the result is "null-name".
      Parameters:
      connection - connection to test
      Returns:
      string identifier for messages
    • getInstanceGUID

      protected String getInstanceGUID(InstanceHeader instance)
      Return a string representing the unique identifier for a repository instance. If the instance is null then the guid is "null", if the guid is null then the result is "null-guid".
      Parameters:
      instance - instance to test
      Returns:
      string identifier for messages
    • throwUnauthorizedServerAccess

      protected void throwUnauthorizedServerAccess(String userId, String methodName) throws UserNotAuthorizedException
      Write an audit log message and throw exception to record an unauthorized access.
      Parameters:
      userId - calling user
      methodName - calling method
      Throws:
      UserNotAuthorizedException - the authorization check failed
    • throwUnauthorizedServiceAccess

      protected void throwUnauthorizedServiceAccess(String userId, String serviceName, String serviceOperationName, String methodName) throws UserNotAuthorizedException
      Write an audit log message and throw exception to record an unauthorized access.
      Parameters:
      userId - calling user
      serviceName - name of service
      serviceOperationName - name of operation
      methodName - calling method
      Throws:
      UserNotAuthorizedException - the authorization check failed
    • throwUnauthorizedTypeAccess

      protected void throwUnauthorizedTypeAccess(String userId, String typeGUID, String typeName, String methodName) throws UserNotAuthorizedException
      Write an audit log message and throw exception to record an unauthorized access.
      Parameters:
      userId - calling user
      typeGUID - uniqueId of type
      typeName - name of type
      methodName - calling method
      Throws:
      UserNotAuthorizedException - the authorization check failed
    • throwUnauthorizedTypeChange

      protected void throwUnauthorizedTypeChange(String userId, String typeGUID, String typeName, String methodName) throws UserNotAuthorizedException
      Write an audit log message and throw exception to record an unauthorized access.
      Parameters:
      userId - calling user
      typeGUID - uniqueId of type
      typeName - name of type
      methodName - calling method
      Throws:
      UserNotAuthorizedException - the authorization check failed
    • throwUnauthorizedInstanceCreate

      protected void throwUnauthorizedInstanceCreate(String userId, String typeGUID, String methodName) throws UserNotAuthorizedException
      Write an audit log message and throw exception to record an unauthorized access.
      Parameters:
      userId - calling user
      typeGUID - uniqueId of type
      methodName - calling method
      Throws:
      UserNotAuthorizedException - the authorization check failed
    • throwUnauthorizedInstanceAccess

      protected void throwUnauthorizedInstanceAccess(String userId, String instanceGUID, String typeName, String methodName) throws UserNotAuthorizedException
      Write an audit log message and throw exception to record an unauthorized access.
      Parameters:
      userId - calling user
      instanceGUID - uniqueId of type
      typeName - name of type
      methodName - calling method
      Throws:
      UserNotAuthorizedException - the authorization check failed
    • throwUnauthorizedInstanceChange

      protected void throwUnauthorizedInstanceChange(String userId, String instanceGUID, String typeName, String methodName) throws UserNotAuthorizedException
      Write an audit log message and throw exception to record an unauthorized access.
      Parameters:
      userId - calling user
      instanceGUID - uniqueId of type
      typeName - name of type
      methodName - calling method
      Throws:
      UserNotAuthorizedException - the authorization check failed
    • throwUnauthorizedAssetAccess

      protected void throwUnauthorizedAssetAccess(String userId, Asset asset, String methodName) throws UserNotAuthorizedException
      Write an audit log message and throw exception to record an unauthorized access.
      Parameters:
      userId - calling user
      asset - asset being accessed
      methodName - calling method
      Throws:
      UserNotAuthorizedException - the authorization check failed
    • throwUnknownUser

      protected void throwUnknownUser(String userId, Exception underLyingException, String methodName) throws UserNotAuthorizedException
      Write an audit log message and throw exception to record an unauthorized access.
      Parameters:
      userId - calling user
      underLyingException - optional exception
      methodName - calling method
      Throws:
      UserNotAuthorizedException - the authorization check failed
    • throwUnauthorizedAssetChange

      protected void throwUnauthorizedAssetChange(String userId, Asset asset, String methodName) throws UserNotAuthorizedException
      Write an audit log message and throw exception to record an unauthorized access.
      Parameters:
      userId - calling user
      asset - asset being accessed
      methodName - calling method
      Throws:
      UserNotAuthorizedException - the authorization check failed
    • throwUnauthorizedAssetCreate

      protected void throwUnauthorizedAssetCreate(String userId, Asset asset, String methodName) throws UserNotAuthorizedException
      Write an audit log message and throw exception to record an unauthorized access.
      Parameters:
      userId - calling user
      asset - asset being accessed
      methodName - calling method
      Throws:
      UserNotAuthorizedException - the authorization check failed
    • throwIncompleteAsset

      protected void throwIncompleteAsset(String userId, Asset asset, String propertyName, String methodName) throws UserNotAuthorizedException
      Write an audit log message and throw exception to record an unauthorized access.
      Parameters:
      userId - calling user
      asset - asset being accessed
      propertyName - name of property that is missing
      methodName - calling method
      Throws:
      UserNotAuthorizedException - the authorization check failed
    • throwUnauthorizedZoneChange

      protected void throwUnauthorizedZoneChange(String userId, Asset asset, List<String> originalZones, List<String> newZones, String methodName) throws UserNotAuthorizedException
      Write an audit log message and throw exception to record an unauthorized access.
      Parameters:
      userId - calling user
      asset - asset being accessed
      originalZones - previous value of the zone membership for the asset being accessed
      newZones - new value of the zone membership for the asset being accessed
      methodName - calling method
      Throws:
      UserNotAuthorizedException - the authorization check failed
    • throwUnauthorizedAssetFeedback

      protected void throwUnauthorizedAssetFeedback(String userId, Asset asset, String methodName) throws UserNotAuthorizedException
      Write an audit log message and throw exception to record an unauthorized access.
      Parameters:
      userId - calling user
      asset - asset in error
      methodName - calling method
      Throws:
      UserNotAuthorizedException - the user is not authorized to access this zone
    • throwUnauthorizedConnectionAccess

      protected void throwUnauthorizedConnectionAccess(String userId, Connection connection, String methodName) throws UserNotAuthorizedException
      Write an audit log message and throw exception to record an unauthorized access.
      Parameters:
      userId - calling user
      connection - connection to validate
      methodName - calling method
      Throws:
      UserNotAuthorizedException - the authorization check failed
    • throwMissingGlossary

      protected void throwMissingGlossary(String userId, String operation, String methodName) throws UserNotAuthorizedException
      Write an audit log message and throw exception to record an unauthorized access.
      Parameters:
      userId - calling user
      operation - of requested operation
      methodName - calling method
      Throws:
      UserNotAuthorizedException - the authorization check failed
    • throwUnauthorizedGlossaryAccess

      protected void throwUnauthorizedGlossaryAccess(String userId, String operation, Glossary glossary, String methodName) throws UserNotAuthorizedException
      Write an audit log message and throw exception to record an unauthorized access.
      Parameters:
      userId - calling user
      operation - of requested operation
      methodName - calling method
      Throws:
      UserNotAuthorizedException - the authorization check failed
    • setAuditLog

      public void setAuditLog(AuditLog auditLog)
      Receive an audit log object that can be used to record audit log messages. The caller has initialized it with the correct component description and log destinations.
      Specified by:
      setAuditLog in interface AuditLoggingComponent
      Parameters:
      auditLog - audit log object
    • getConnectorComponentDescription

      public ComponentDescription getConnectorComponentDescription()
      Return the component description that is used by this connector in the audit log.
      Specified by:
      getConnectorComponentDescription in interface AuditLoggingComponent
      Returns:
      id, name, description, wiki page URL.
    • setServerName

      public void setServerName(String serverName)
      Set the name of the server that this connector is supporting.
      Parameters:
      serverName - name of server
    • setLocalServerUserId

      public void setLocalServerUserId(String userId)
      Provide the local server's userId. This is used for requests that originate from within the local server.
      Parameters:
      userId - local server's userId
    • start

      public void start() throws ConnectorCheckedException
      Indicates that the connector is completely configured and can begin processing.
      Overrides:
      start in class ConnectorBase
      Throws:
      ConnectorCheckedException - there is a problem within the connector.
    • setSupportedZonesForUser

      protected List<String> setSupportedZonesForUser(List<String> supportedZones, String serviceName, String user) throws InvalidParameterException, PropertyServerException
      Determine the appropriate setting for the supported zones depending on the user and the default supported zones set up for the service. This is called whenever an asset is accessed.
      Parameters:
      supportedZones - default setting of the supported zones for the service
      serviceName - name of the called service
      user - name of the user
      Returns:
      list of supported zones for the user
      Throws:
      InvalidParameterException - one of the parameter values is invalid
      PropertyServerException - there is a problem calculating the zones
    • setAssetZonesToDefault

      protected List<String> setAssetZonesToDefault(List<String> defaultZones, Asset asset) throws InvalidParameterException, PropertyServerException
      Determine the appropriate setting for the asset zones depending on the content of the asset and the default zones. This is called whenever a new asset is created. The default behavior is to use the default values, unless the zones have been explicitly set up, in which case, they are left unchanged.
      Parameters:
      defaultZones - setting of the default zones for the service
      asset - initial values for the asset
      Returns:
      list of zones to set in the asset
      Throws:
      InvalidParameterException - one of the asset values is invalid
      PropertyServerException - there is a problem calculating the zones
    • verifyAssetZones

      protected List<String> verifyAssetZones(List<String> defaultZones, List<String> supportedZones, List<String> publishZones, Asset originalAsset, Asset updatedAsset) throws InvalidParameterException, PropertyServerException
      Determine the appropriate setting for the asset zones depending on the content of the asset and the settings of both default zones and supported zones. This method is called whenever an asset's values are changed. The default behavior is to keep the updated zones as they are.
      Parameters:
      defaultZones - setting of the default zones for the service
      supportedZones - setting of the supported zones for the service
      publishZones - setting of the publishZones for the service
      originalAsset - original values for the asset
      updatedAsset - updated values for the asset
      Returns:
      list of zones to set in the asset
      Throws:
      InvalidParameterException - one of the asset values is invalid
      PropertyServerException - there is a problem calculating the zones
    • validateUserForNewServer

      public void validateUserForNewServer(String userId) throws UserNotAuthorizedException
      Check that the calling user is authorized to create new servers.
      Parameters:
      userId - calling user
      Throws:
      UserNotAuthorizedException - the user is not authorized to access this platform
    • validateUserAsOperatorForPlatform

      public void validateUserAsOperatorForPlatform(String userId) throws UserNotAuthorizedException
      Check that the calling user is authorized to issue operator requests to the OMAG Server Platform.
      Parameters:
      userId - calling user
      Throws:
      UserNotAuthorizedException - the user is not authorized to issue operator commands to this platform
    • validateUserAsInvestigatorForPlatform

      public void validateUserAsInvestigatorForPlatform(String userId) throws UserNotAuthorizedException
      Check that the calling user is authorized to issue diagnostic requests to the OMAG Server Platform.
      Parameters:
      userId - calling user
      Throws:
      UserNotAuthorizedException - the user is not authorized to issue diagnostic commands to this platform
    • validateUserForServer

      protected void validateUserForServer(String userId) throws UserNotAuthorizedException
      Check that the calling user is authorized to issue a (any) request to the OMAG Server Platform.
      Parameters:
      userId - calling user
      Throws:
      UserNotAuthorizedException - the user is not authorized to access this function
    • validateUserAsServerAdmin

      protected void validateUserAsServerAdmin(String userId) throws UserNotAuthorizedException
      Check that the calling user is authorized to update the configuration for a server.
      Parameters:
      userId - calling user
      Throws:
      UserNotAuthorizedException - the user is not authorized to change configuration
    • validateUserAsServerOperator

      protected void validateUserAsServerOperator(String userId) throws UserNotAuthorizedException
      Check that the calling user is authorized to issue operator requests to the OMAG Server.
      Parameters:
      userId - calling user
      Throws:
      UserNotAuthorizedException - the user is not authorized to issue operator commands to this server
    • validateUserAsServerInvestigator

      protected void validateUserAsServerInvestigator(String userId) throws UserNotAuthorizedException
      Check that the calling user is authorized to issue operator requests to the OMAG Server.
      Parameters:
      userId - calling user
      Throws:
      UserNotAuthorizedException - the user is not authorized to issue diagnostic commands to this server
    • validateUserForService

      protected void validateUserForService(String userId, String serviceName) throws UserNotAuthorizedException
      Check that the calling user is authorized to issue this request.
      Parameters:
      userId - calling user
      serviceName - name of called service
      Throws:
      UserNotAuthorizedException - the user is not authorized to access this service
    • validateUserForServiceOperation

      protected void validateUserForServiceOperation(String userId, String serviceName, String serviceOperationName) throws UserNotAuthorizedException
      Check that the calling user is authorized to issue this specific request.
      Parameters:
      userId - calling user
      serviceName - name of called service
      serviceOperationName - name of called operation
      Throws:
      UserNotAuthorizedException - the user is not authorized to access this service
    • validateUserForConnection

      protected void validateUserForConnection(String userId, Connection connection) throws UserNotAuthorizedException
      Tests for whether a specific user should have access to a connection.
      Parameters:
      userId - identifier of user
      connection - connection object
      Throws:
      UserNotAuthorizedException - the user is not authorized to access this service
    • validateUserForAssetConnectionList

      protected Connection validateUserForAssetConnectionList(String userId, Asset asset, List<Connection> connections) throws UserNotAuthorizedException
      Select a connection from the list of connections attached to an asset.
      Parameters:
      userId - calling user
      asset - asset requested by caller
      connections - list of attached connections
      Returns:
      selected connection or null (pretend there are no connections attached to the asset) or
      Throws:
      UserNotAuthorizedException - the user is not authorized to access this service
    • validateUserForAssetCreate

      protected void validateUserForAssetCreate(String userId, Asset asset) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to create an asset within a zone.
      Parameters:
      userId - identifier of user
      asset - asset details
      Throws:
      UserNotAuthorizedException - the user is not authorized to change this asset
    • validateUserForAssetRead

      protected void validateUserForAssetRead(String userId, Asset asset) throws UserNotAuthorizedException
      Tests for whether a specific user should have read access to a specific asset within a zone.
      Parameters:
      userId - identifier of user
      asset - asset to test
      Throws:
      UserNotAuthorizedException - the user is not authorized to access this asset
    • validateUserForAssetDetailUpdate

      protected void validateUserForAssetDetailUpdate(String userId, Asset originalAsset, AssetAuditHeader originalAssetAuditHeader, Asset newAsset) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to update an asset. This is used for a general asset update, which may include changes to the zones and the ownership.
      Parameters:
      userId - identifier of user
      originalAsset - original asset details
      originalAssetAuditHeader - details of the asset's audit header
      newAsset - new asset details
      Throws:
      UserNotAuthorizedException - the user is not authorized to change this asset
    • validateUserForAssetAttachmentUpdate

      protected void validateUserForAssetAttachmentUpdate(String userId, Asset asset) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to update elements attached directly to an asset such as schema and connections.
      Parameters:
      userId - identifier of user
      asset - original asset details
      Throws:
      UserNotAuthorizedException - the user is not authorized to change this asset
    • validateUserForAssetFeedback

      protected void validateUserForAssetFeedback(String userId, Asset asset) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to attach feedback - such as comments, ratings, tags and likes, to the asset.
      Parameters:
      userId - identifier of user
      asset - original asset details
      Throws:
      UserNotAuthorizedException - the user is not authorized to change this asset
    • validateUserForAssetDelete

      protected void validateUserForAssetDelete(String userId, Asset asset) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to delete an asset within a zone.
      Parameters:
      userId - identifier of user
      asset - asset details
      Throws:
      UserNotAuthorizedException - the user is not authorized to change this asset
    • validateUserForTypeCreate

      protected void validateUserForTypeCreate(String userId, String metadataCollectionName, TypeDef typeDef) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to create a type within a repository.
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      typeDef - type details
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain types
    • validateUserForTypeCreate

      protected void validateUserForTypeCreate(String userId, String metadataCollectionName, AttributeTypeDef attributeTypeDef) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to create a type within a repository.
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      attributeTypeDef - type details
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain types
    • validateUserForTypeRead

      protected void validateUserForTypeRead(String userId, String metadataCollectionName, TypeDef typeDef) throws UserNotAuthorizedException
      Tests for whether a specific user should have read access to a specific type within a repository.
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      typeDef - type details
      Throws:
      UserNotAuthorizedException - the user is not authorized to retrieve types
    • validateUserForTypeRead

      protected void validateUserForTypeRead(String userId, String metadataCollectionName, AttributeTypeDef attributeTypeDef) throws UserNotAuthorizedException
      Tests for whether a specific user should have read access to a specific type within a repository.
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      attributeTypeDef - type details
      Throws:
      UserNotAuthorizedException - the user is not authorized to retrieve types
    • validateUserForTypeUpdate

      protected void validateUserForTypeUpdate(String userId, String metadataCollectionName, TypeDef typeDef, TypeDefPatch patch) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to update a typeDef within a repository.
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      typeDef - current typeDef details
      patch - proposed changes to type
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain types
    • validateUserForTypeDelete

      protected void validateUserForTypeDelete(String userId, String metadataCollectionName, TypeDef typeDef) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to delete a type within a repository.
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      typeDef - type details
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain types
    • validateUserForTypeDelete

      protected void validateUserForTypeDelete(String userId, String metadataCollectionName, AttributeTypeDef attributeTypeDef) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to delete a type within a repository.
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      attributeTypeDef - type details
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain types
    • validateUserForTypeReIdentify

      protected void validateUserForTypeReIdentify(String userId, String metadataCollectionName, TypeDef originalTypeDef, String newTypeDefGUID, String newTypeDefName) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to change the identifiers for a type within a repository.
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      originalTypeDef - type details
      newTypeDefGUID - the new identifier for the type.
      newTypeDefName - new name for this type.
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain types
    • validateUserForTypeReIdentify

      protected void validateUserForTypeReIdentify(String userId, String metadataCollectionName, AttributeTypeDef originalAttributeTypeDef, String newTypeDefGUID, String newTypeDefName) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to change the identifiers for a type within a repository.
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      originalAttributeTypeDef - type details
      newTypeDefGUID - the new identifier for the type.
      newTypeDefName - new name for this type.
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain types
    • validateUserForEntityCreate

      protected void validateUserForEntityCreate(String userId, String metadataCollectionName, String entityTypeGUID, InstanceProperties initialProperties, List<Classification> initialClassifications, InstanceStatus initialStatus) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to create an instance within a repository.
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      entityTypeGUID - unique identifier (guid) for the new entity's type.
      initialProperties - initial list of properties for the new entity null means no properties.
      initialClassifications - initial list of classifications for the new entity null means no classifications.
      initialStatus - initial status typically DRAFT, PREPARED or ACTIVE.
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain instances
    • validateUserForEntityRead

      protected EntityDetail validateUserForEntityRead(String userId, String metadataCollectionName, EntityDetail instance) throws UserNotAuthorizedException
      Tests for whether a specific user should have read access to a specific instance within a repository.
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      instance - instance details
      Returns:
      entity to return (maybe altered by the connector)
      Throws:
      UserNotAuthorizedException - the user is not authorized to retrieve instances
    • validateUserForEntitySummaryRead

      protected void validateUserForEntitySummaryRead(String userId, String metadataCollectionName, EntitySummary instance) throws UserNotAuthorizedException
      Tests for whether a specific user should have read access to a specific instance within a repository.
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      instance - instance details
      Throws:
      UserNotAuthorizedException - the user is not authorized to retrieve instances
    • validateUserForEntityProxyRead

      protected void validateUserForEntityProxyRead(String userId, String metadataCollectionName, EntityProxy instance) throws UserNotAuthorizedException
      Tests for whether a specific user should have read access to a specific instance within a repository.
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      instance - instance details
      Throws:
      UserNotAuthorizedException - the user is not authorized to retrieve instances
    • validateUserForEntityUpdate

      protected void validateUserForEntityUpdate(String userId, String metadataCollectionName, EntityDetail instance) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to update an instance within a repository.
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      instance - instance details
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain instances
    • validateUserForEntityClassificationAdd

      protected void validateUserForEntityClassificationAdd(String userId, String metadataCollectionName, EntitySummary instance, String classificationName, InstanceProperties properties) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to add a classification to an entity instance within a repository.
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      instance - instance details
      classificationName - String name for the classification.
      properties - list of properties for the classification.
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain instances
    • validateUserForEntityClassificationUpdate

      protected void validateUserForEntityClassificationUpdate(String userId, String metadataCollectionName, EntitySummary instance, String classificationName, InstanceProperties properties) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to update the classification for an entity instance within a repository.
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      instance - instance details
      classificationName - String name for the classification.
      properties - list of properties for the classification.
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain instances
    • validateUserForEntityClassificationDelete

      protected void validateUserForEntityClassificationDelete(String userId, String metadataCollectionName, EntitySummary instance, String classificationName) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to delete a classification from an entity instance within a repository.
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      instance - instance details
      classificationName - String name for the classification.
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain instances
    • validateUserForEntityDelete

      protected void validateUserForEntityDelete(String userId, String metadataCollectionName, EntityDetail instance) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to delete an instance within a repository.
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      instance - instance details
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain instances
    • validateUserForEntityRestore

      protected void validateUserForEntityRestore(String userId, String metadataCollectionName, String deletedEntityGUID) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to restore an instance within a repository.
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      deletedEntityGUID - String unique identifier (guid) for the entity.
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain instances
    • validateUserForEntityReIdentification

      protected void validateUserForEntityReIdentification(String userId, String metadataCollectionName, EntityDetail instance, String newGUID) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to change the guid on an instance within a repository.
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      instance - instance details
      newGUID - the new guid for the instance.
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain instances
    • validateUserForEntityReTyping

      protected void validateUserForEntityReTyping(String userId, String metadataCollectionName, EntityDetail instance, TypeDefSummary newTypeDefSummary) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to change an instance's type within a repository.
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      instance - instance details
      newTypeDefSummary - details of this instance's new TypeDef.
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain instances
    • validateUserForEntityReHoming

      protected void validateUserForEntityReHoming(String userId, String metadataCollectionName, EntityDetail instance, String newHomeMetadataCollectionId, String newHomeMetadataCollectionName) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to change the home of an instance within a repository.
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      instance - instance details
      newHomeMetadataCollectionId - unique identifier for the new home metadata collection/repository.
      newHomeMetadataCollectionName - display name for the new home metadata collection/repository.
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain instances
    • validateUserForRelationshipCreate

      protected void validateUserForRelationshipCreate(String userId, String metadataCollectionName, String relationshipTypeGUID, InstanceProperties initialProperties, EntitySummary entityOneSummary, EntitySummary entityTwoSummary, InstanceStatus initialStatus) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to create an instance within a repository.
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      relationshipTypeGUID - unique identifier (guid) for the new relationship's type.
      initialProperties - initial list of properties for the new entity null means no properties.
      entityOneSummary - the unique identifier of one of the entities that the relationship is connecting together.
      entityTwoSummary - the unique identifier of the other entity that the relationship is connecting together.
      initialStatus - initial status typically DRAFT, PREPARED or ACTIVE.
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain instances
    • validateUserForRelationshipRead

      protected Relationship validateUserForRelationshipRead(String userId, String metadataCollectionName, Relationship instance) throws UserNotAuthorizedException
      Tests for whether a specific user should have read access to a specific instance within a repository.
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      instance - instance details
      Returns:
      relationship
      Throws:
      UserNotAuthorizedException - the user is not authorized to retrieve instances
    • validateUserForRelationshipUpdate

      protected void validateUserForRelationshipUpdate(String userId, String metadataCollectionName, Relationship instance) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to update an instance within a repository.
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      instance - instance details
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain instances
    • validateUserForRelationshipDelete

      protected void validateUserForRelationshipDelete(String userId, String metadataCollectionName, Relationship instance) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to delete an instance within a repository.
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      instance - instance details
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain instances
    • validateUserForRelationshipRestore

      protected void validateUserForRelationshipRestore(String userId, String metadataCollectionName, String deletedRelationshipGUID) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to restore an instance within a repository.
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      deletedRelationshipGUID - String unique identifier (guid) for the relationship.
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain instances
    • validateUserForRelationshipReIdentification

      protected void validateUserForRelationshipReIdentification(String userId, String metadataCollectionName, Relationship instance, String newGUID) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to change the guid on an instance within a repository.
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      instance - instance details
      newGUID - the new guid for the instance.
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain instances
    • validateUserForRelationshipReTyping

      protected void validateUserForRelationshipReTyping(String userId, String metadataCollectionName, Relationship instance, TypeDefSummary newTypeDefSummary) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to change an instance's type within a repository.
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      instance - instance details
      newTypeDefSummary - details of this instance's new TypeDef.
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain instances
    • validateUserForRelationshipReHoming

      protected void validateUserForRelationshipReHoming(String userId, String metadataCollectionName, Relationship instance, String newHomeMetadataCollectionId, String newHomeMetadataCollectionName) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to change the home of an instance within a repository.
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      instance - instance details
      newHomeMetadataCollectionId - unique identifier for the new home metadata collection/repository.
      newHomeMetadataCollectionName - display name for the new home metadata collection/repository.
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain instances
    • disconnect

      public void disconnect() throws ConnectorCheckedException
      Free up any resources held since the connector is no longer needed.
      Overrides:
      disconnect in class ConnectorBase
      Throws:
      ConnectorCheckedException - there is a problem within the connector.