Class OpenMetadataServerSecurityConnector

  • All Implemented Interfaces:
    AuditLoggingComponent

    public class OpenMetadataServerSecurityConnector
    extends ConnectorBase
    implements AuditLoggingComponent
    OpenMetadataServerSecurityConnector provides the base class for an Open Metadata Security Connector for a server. This connector is configured in an OMAG Configuration Document. Its default behavior is to reject every request. It generates well-defined exceptions and audit log messages. Override these to define the required access for the deployment environment. The methods in this base class can be called if access is to be denied as a way of making use of the message logging and exceptions.
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void disconnect()
      Free up any resources held since the connector is no longer needed.
      protected java.lang.String getAssetGUID​(Asset asset)
      Return a string representing the unique identifier for the asset.
      protected java.lang.String getConnectionQualifiedName​(Connection connection)
      Return a string representing the unique identifier for the connection.
      ComponentDescription getConnectorComponentDescription()
      Return the component description that is used by this connector in the audit log.
      protected java.lang.String getInstanceGUID​(org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.InstanceHeader instance)
      Return a string representing the unique identifier for a repository instance.
      protected void logConnectorDisconnecting()
      Write an audit log message to say that the connector is stopping.
      protected void logConnectorStarting()
      Write an audit log message to say that the connector is initializing.
      protected java.lang.String printZoneList​(java.util.List<java.lang.String> zones)
      Return a string representing the list of zones.
      protected java.util.List<java.lang.String> setAssetZonesToDefault​(java.util.List<java.lang.String> defaultZones, Asset asset)
      Determine the appropriate setting for the asset zones depending on the content of the asset and the default zones.
      void setAuditLog​(AuditLog auditLog)
      Receive an audit log object that can be used to record audit log messages.
      void setLocalServerUserId​(java.lang.String userId)
      Provide the local server's userId.
      void setServerName​(java.lang.String serverName)
      Set the name of the server that this connector is supporting.
      protected java.util.List<java.lang.String> setSupportedZonesForUser​(java.util.List<java.lang.String> supportedZones, java.lang.String serviceName, java.lang.String user)
      Determine the appropriate setting for the supported zones depending on the user and the default supported zones set up for the service.
      void start()
      Indicates that the connector is completely configured and can begin processing.
      protected void throwIncompleteAsset​(java.lang.String userId, Asset asset, java.lang.String propertyName, java.lang.String methodName)
      Write an audit log message and throw exception to record an unauthorized access.
      protected void throwUnauthorizedAssetAccess​(java.lang.String userId, Asset asset, java.lang.String methodName)
      Write an audit log message and throw exception to record an unauthorized access.
      protected void throwUnauthorizedAssetChange​(java.lang.String userId, Asset asset, java.lang.String methodName)
      Write an audit log message and throw exception to record an unauthorized access.
      protected void throwUnauthorizedAssetCreate​(java.lang.String userId, Asset asset, java.lang.String methodName)
      Write an audit log message and throw exception to record an unauthorized access.
      protected void throwUnauthorizedAssetFeedback​(java.lang.String userId, Asset asset, java.lang.String methodName)
      Write an audit log message and throw exception to record an unauthorized access.
      protected void throwUnauthorizedConnectionAccess​(java.lang.String userId, Connection connection, java.lang.String methodName)
      Write an audit log message and throw exception to record an unauthorized access.
      protected void throwUnauthorizedInstanceAccess​(java.lang.String userId, java.lang.String instanceGUID, java.lang.String typeName, java.lang.String methodName)
      Write an audit log message and throw exception to record an unauthorized access.
      protected void throwUnauthorizedInstanceChange​(java.lang.String userId, java.lang.String instanceGUID, java.lang.String typeName, java.lang.String methodName)
      Write an audit log message and throw exception to record an unauthorized access.
      protected void throwUnauthorizedInstanceCreate​(java.lang.String userId, java.lang.String typeGUID, java.lang.String methodName)
      Write an audit log message and throw exception to record an unauthorized access.
      protected void throwUnauthorizedServerAccess​(java.lang.String userId, java.lang.String methodName)
      Write an audit log message and throw exception to record an unauthorized access.
      protected void throwUnauthorizedServiceAccess​(java.lang.String userId, java.lang.String serviceName, java.lang.String serviceOperationName, java.lang.String methodName)
      Write an audit log message and throw exception to record an unauthorized access.
      protected void throwUnauthorizedTypeAccess​(java.lang.String userId, java.lang.String typeGUID, java.lang.String typeName, java.lang.String methodName)
      Write an audit log message and throw exception to record an unauthorized access.
      protected void throwUnauthorizedTypeChange​(java.lang.String userId, java.lang.String typeGUID, java.lang.String typeName, java.lang.String methodName)
      Write an audit log message and throw exception to record an unauthorized access.
      protected void throwUnauthorizedZoneChange​(java.lang.String userId, Asset asset, java.util.List<java.lang.String> originalZones, java.util.List<java.lang.String> newZones, java.lang.String methodName)
      Write an audit log message and throw exception to record an unauthorized access.
      protected void validateUserAsServerAdmin​(java.lang.String userId)
      Check that the calling user is authorized to update the configuration for a server.
      protected void validateUserAsServerInvestigator​(java.lang.String userId)
      Check that the calling user is authorized to issue operator requests to the OMAG Server.
      protected void validateUserAsServerOperator​(java.lang.String userId)
      Check that the calling user is authorized to issue operator requests to the OMAG Server.
      protected void validateUserForAssetAttachmentUpdate​(java.lang.String userId, Asset asset)
      Tests for whether a specific user should have the right to update elements attached directly to an asset such as schema and connections.
      protected Connection validateUserForAssetConnectionList​(java.lang.String userId, Asset asset, java.util.List<Connection> connections)
      Select a connection from the list of connections attached to an asset.
      protected void validateUserForAssetCreate​(java.lang.String userId, Asset asset)
      Tests for whether a specific user should have the right to create an asset within a zone.
      protected void validateUserForAssetDelete​(java.lang.String userId, Asset asset)
      Tests for whether a specific user should have the right to delete an asset within a zone.
      protected void validateUserForAssetDetailUpdate​(java.lang.String userId, Asset originalAsset, AssetAuditHeader originalAssetAuditHeader, Asset newAsset)
      Tests for whether a specific user should have the right to update an asset.
      protected void validateUserForAssetFeedback​(java.lang.String userId, Asset asset)
      Tests for whether a specific user should have the right to attach feedback - such as comments, ratings, tags and likes, to the asset.
      protected void validateUserForAssetRead​(java.lang.String userId, Asset asset)
      Tests for whether a specific user should have read access to a specific asset within a zone.
      protected void validateUserForConnection​(java.lang.String userId, Connection connection)
      Tests for whether a specific user should have access to a connection.
      protected void validateUserForEntityClassificationAdd​(java.lang.String userId, java.lang.String metadataCollectionName, org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.EntitySummary instance, java.lang.String classificationName, org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.InstanceProperties properties)
      Tests for whether a specific user should have the right to add a classification to an entity instance within a repository.
      protected void validateUserForEntityClassificationDelete​(java.lang.String userId, java.lang.String metadataCollectionName, org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.EntitySummary instance, java.lang.String classificationName)
      Tests for whether a specific user should have the right to delete a classification from an entity instance within a repository.
      protected void validateUserForEntityClassificationUpdate​(java.lang.String userId, java.lang.String metadataCollectionName, org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.EntitySummary instance, java.lang.String classificationName, org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.InstanceProperties properties)
      Tests for whether a specific user should have the right to update the classification for an entity instance within a repository.
      protected void validateUserForEntityCreate​(java.lang.String userId, java.lang.String metadataCollectionName, java.lang.String entityTypeGUID, org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.InstanceProperties initialProperties, java.util.List<org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.Classification> initialClassifications, org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.InstanceStatus initialStatus)
      Tests for whether a specific user should have the right to create a instance within a repository.
      protected void validateUserForEntityDelete​(java.lang.String userId, java.lang.String metadataCollectionName, org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.EntityDetail instance)
      Tests for whether a specific user should have the right to delete a instance within a repository.
      protected void validateUserForEntityProxyRead​(java.lang.String userId, java.lang.String metadataCollectionName, org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.EntityProxy instance)
      Tests for whether a specific user should have read access to a specific instance within a repository.
      protected org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.EntityDetail validateUserForEntityRead​(java.lang.String userId, java.lang.String metadataCollectionName, org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.EntityDetail instance)
      Tests for whether a specific user should have read access to a specific instance within a repository.
      protected void validateUserForEntityReHoming​(java.lang.String userId, java.lang.String metadataCollectionName, org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.EntityDetail instance, java.lang.String newHomeMetadataCollectionId, java.lang.String newHomeMetadataCollectionName)
      Tests for whether a specific user should have the right to change the home of a instance within a repository.
      protected void validateUserForEntityReIdentification​(java.lang.String userId, java.lang.String metadataCollectionName, org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.EntityDetail instance, java.lang.String newGUID)
      Tests for whether a specific user should have the right to change the guid on a instance within a repository.
      protected void validateUserForEntityRestore​(java.lang.String userId, java.lang.String metadataCollectionName, java.lang.String deletedEntityGUID)
      Tests for whether a specific user should have the right to restore a instance within a repository.
      protected void validateUserForEntityReTyping​(java.lang.String userId, java.lang.String metadataCollectionName, org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.EntityDetail instance, org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.typedefs.TypeDefSummary newTypeDefSummary)
      Tests for whether a specific user should have the right to change the type of a instance within a repository.
      protected void validateUserForEntitySummaryRead​(java.lang.String userId, java.lang.String metadataCollectionName, org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.EntitySummary instance)
      Tests for whether a specific user should have read access to a specific instance within a repository.
      protected void validateUserForEntityUpdate​(java.lang.String userId, java.lang.String metadataCollectionName, org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.EntityDetail instance)
      Tests for whether a specific user should have the right to update a instance within a repository.
      protected void validateUserForRelationshipCreate​(java.lang.String userId, java.lang.String metadataCollectionName, java.lang.String relationshipTypeGUID, org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.InstanceProperties initialProperties, org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.EntitySummary entityOneSummary, org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.EntitySummary entityTwoSummary, org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.InstanceStatus initialStatus)
      Tests for whether a specific user should have the right to create a instance within a repository.
      protected void validateUserForRelationshipDelete​(java.lang.String userId, java.lang.String metadataCollectionName, org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.Relationship instance)
      Tests for whether a specific user should have the right to delete a instance within a repository.
      protected org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.Relationship validateUserForRelationshipRead​(java.lang.String userId, java.lang.String metadataCollectionName, org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.Relationship instance)
      Tests for whether a specific user should have read access to a specific instance within a repository.
      protected void validateUserForRelationshipReHoming​(java.lang.String userId, java.lang.String metadataCollectionName, org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.Relationship instance, java.lang.String newHomeMetadataCollectionId, java.lang.String newHomeMetadataCollectionName)
      Tests for whether a specific user should have the right to change the home of a instance within a repository.
      protected void validateUserForRelationshipReIdentification​(java.lang.String userId, java.lang.String metadataCollectionName, org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.Relationship instance, java.lang.String newGUID)
      Tests for whether a specific user should have the right to change the guid on a instance within a repository.
      protected void validateUserForRelationshipRestore​(java.lang.String userId, java.lang.String metadataCollectionName, java.lang.String deletedRelationshipGUID)
      Tests for whether a specific user should have the right to restore a instance within a repository.
      protected void validateUserForRelationshipReTyping​(java.lang.String userId, java.lang.String metadataCollectionName, org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.Relationship instance, org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.typedefs.TypeDefSummary newTypeDefSummary)
      Tests for whether a specific user should have the right to change the type of a instance within a repository.
      protected void validateUserForRelationshipUpdate​(java.lang.String userId, java.lang.String metadataCollectionName, org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.Relationship instance)
      Tests for whether a specific user should have the right to update a instance within a repository.
      protected void validateUserForServer​(java.lang.String userId)
      Check that the calling user is authorized to issue a (any) request to the OMAG Server Platform.
      protected void validateUserForService​(java.lang.String userId, java.lang.String serviceName)
      Check that the calling user is authorized to issue this request.
      protected void validateUserForServiceOperation​(java.lang.String userId, java.lang.String serviceName, java.lang.String serviceOperationName)
      Check that the calling user is authorized to issue this specific request.
      protected void validateUserForTypeCreate​(java.lang.String userId, java.lang.String metadataCollectionName, org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.typedefs.AttributeTypeDef attributeTypeDef)
      Tests for whether a specific user should have the right to create a type within a repository.
      protected void validateUserForTypeCreate​(java.lang.String userId, java.lang.String metadataCollectionName, org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.typedefs.TypeDef typeDef)
      Tests for whether a specific user should have the right to create a type within a repository.
      protected void validateUserForTypeDelete​(java.lang.String userId, java.lang.String metadataCollectionName, org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.typedefs.AttributeTypeDef attributeTypeDef)
      Tests for whether a specific user should have the right to delete a type within a repository.
      protected void validateUserForTypeDelete​(java.lang.String userId, java.lang.String metadataCollectionName, org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.typedefs.TypeDef typeDef)
      Tests for whether a specific user should have the right to delete a type within a repository.
      protected void validateUserForTypeRead​(java.lang.String userId, java.lang.String metadataCollectionName, org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.typedefs.AttributeTypeDef attributeTypeDef)
      Tests for whether a specific user should have read access to a specific type within a repository.
      protected void validateUserForTypeRead​(java.lang.String userId, java.lang.String metadataCollectionName, org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.typedefs.TypeDef typeDef)
      Tests for whether a specific user should have read access to a specific type within a repository.
      protected void validateUserForTypeReIdentify​(java.lang.String userId, java.lang.String metadataCollectionName, org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.typedefs.AttributeTypeDef originalAttributeTypeDef, java.lang.String newTypeDefGUID, java.lang.String newTypeDefName)
      Tests for whether a specific user should have the right to change the identifiers for a type within a repository.
      protected void validateUserForTypeReIdentify​(java.lang.String userId, java.lang.String metadataCollectionName, org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.typedefs.TypeDef originalTypeDef, java.lang.String newTypeDefGUID, java.lang.String newTypeDefName)
      Tests for whether a specific user should have the right to change the identifiers for a type within a repository.
      protected void validateUserForTypeUpdate​(java.lang.String userId, java.lang.String metadataCollectionName, org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.typedefs.TypeDef typeDef, org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.typedefs.TypeDefPatch patch)
      Tests for whether a specific user should have the right to update a typeDef within a repository.
      protected java.util.List<java.lang.String> verifyAssetZones​(java.util.List<java.lang.String> defaultZones, java.util.List<java.lang.String> supportedZones, java.util.List<java.lang.String> publishZones, Asset originalAsset, Asset updatedAsset)
      Determine the appropriate setting for the asset zones depending on the content of the asset and the settings of both default zones and supported zones.
      • Methods inherited from class java.lang.Object

        clone, finalize, getClass, notify, notifyAll, wait, wait, wait
    • Field Detail

      • serverName

        protected java.lang.String serverName
      • localServerUserId

        protected java.lang.String localServerUserId
      • connectorName

        protected java.lang.String connectorName
    • Constructor Detail

      • OpenMetadataServerSecurityConnector

        public OpenMetadataServerSecurityConnector()
    • Method Detail

      • logConnectorStarting

        protected void logConnectorStarting()
        Write an audit log message to say that the connector is initializing.
      • logConnectorDisconnecting

        protected void logConnectorDisconnecting()
        Write an audit log message to say that the connector is stopping.
      • getAssetGUID

        protected java.lang.String getAssetGUID​(Asset asset)
        Return a string representing the unique identifier for the asset. If the asset is null then the guid is "null", if the guid is null then the result is "null-guid".
        Parameters:
        asset - asset to test
        Returns:
        string identifier for messages
      • printZoneList

        protected java.lang.String printZoneList​(java.util.List<java.lang.String> zones)
        Return a string representing the list of zones.
        Parameters:
        zones - zones to output
        Returns:
        string for messages
      • getConnectionQualifiedName

        protected java.lang.String getConnectionQualifiedName​(Connection connection)
        Return a string representing the unique identifier for the connection. If the connection is null then the guid is "null", if the guid is null then the result is "null-name".
        Parameters:
        connection - connection to test
        Returns:
        string identifier for messages
      • getInstanceGUID

        protected java.lang.String getInstanceGUID​(org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.InstanceHeader instance)
        Return a string representing the unique identifier for a repository instance. If the instance is null then the guid is "null", if the guid is null then the result is "null-guid".
        Parameters:
        instance - instance to test
        Returns:
        string identifier for messages
      • throwUnauthorizedServerAccess

        protected void throwUnauthorizedServerAccess​(java.lang.String userId,
                                                     java.lang.String methodName)
                                              throws UserNotAuthorizedException
        Write an audit log message and throw exception to record an unauthorized access.
        Parameters:
        userId - calling user
        methodName - calling method
        Throws:
        UserNotAuthorizedException - the authorization check failed
      • throwUnauthorizedServiceAccess

        protected void throwUnauthorizedServiceAccess​(java.lang.String userId,
                                                      java.lang.String serviceName,
                                                      java.lang.String serviceOperationName,
                                                      java.lang.String methodName)
                                               throws UserNotAuthorizedException
        Write an audit log message and throw exception to record an unauthorized access.
        Parameters:
        userId - calling user
        serviceName - name of service
        serviceOperationName - name of operation
        methodName - calling method
        Throws:
        UserNotAuthorizedException - the authorization check failed
      • throwUnauthorizedTypeAccess

        protected void throwUnauthorizedTypeAccess​(java.lang.String userId,
                                                   java.lang.String typeGUID,
                                                   java.lang.String typeName,
                                                   java.lang.String methodName)
                                            throws UserNotAuthorizedException
        Write an audit log message and throw exception to record an unauthorized access.
        Parameters:
        userId - calling user
        typeGUID - uniqueId of type
        typeName - name of type
        methodName - calling method
        Throws:
        UserNotAuthorizedException - the authorization check failed
      • throwUnauthorizedTypeChange

        protected void throwUnauthorizedTypeChange​(java.lang.String userId,
                                                   java.lang.String typeGUID,
                                                   java.lang.String typeName,
                                                   java.lang.String methodName)
                                            throws UserNotAuthorizedException
        Write an audit log message and throw exception to record an unauthorized access.
        Parameters:
        userId - calling user
        typeGUID - uniqueId of type
        typeName - name of type
        methodName - calling method
        Throws:
        UserNotAuthorizedException - the authorization check failed
      • throwUnauthorizedInstanceCreate

        protected void throwUnauthorizedInstanceCreate​(java.lang.String userId,
                                                       java.lang.String typeGUID,
                                                       java.lang.String methodName)
                                                throws UserNotAuthorizedException
        Write an audit log message and throw exception to record an unauthorized access.
        Parameters:
        userId - calling user
        typeGUID - uniqueId of type
        methodName - calling method
        Throws:
        UserNotAuthorizedException - the authorization check failed
      • throwUnauthorizedInstanceAccess

        protected void throwUnauthorizedInstanceAccess​(java.lang.String userId,
                                                       java.lang.String instanceGUID,
                                                       java.lang.String typeName,
                                                       java.lang.String methodName)
                                                throws UserNotAuthorizedException
        Write an audit log message and throw exception to record an unauthorized access.
        Parameters:
        userId - calling user
        instanceGUID - uniqueId of type
        typeName - name of type
        methodName - calling method
        Throws:
        UserNotAuthorizedException - the authorization check failed
      • throwUnauthorizedInstanceChange

        protected void throwUnauthorizedInstanceChange​(java.lang.String userId,
                                                       java.lang.String instanceGUID,
                                                       java.lang.String typeName,
                                                       java.lang.String methodName)
                                                throws UserNotAuthorizedException
        Write an audit log message and throw exception to record an unauthorized access.
        Parameters:
        userId - calling user
        instanceGUID - uniqueId of type
        typeName - name of type
        methodName - calling method
        Throws:
        UserNotAuthorizedException - the authorization check failed
      • throwUnauthorizedAssetAccess

        protected void throwUnauthorizedAssetAccess​(java.lang.String userId,
                                                    Asset asset,
                                                    java.lang.String methodName)
                                             throws UserNotAuthorizedException
        Write an audit log message and throw exception to record an unauthorized access.
        Parameters:
        userId - calling user
        asset - asset being accessed
        methodName - calling method
        Throws:
        UserNotAuthorizedException - the authorization check failed
      • throwUnauthorizedAssetChange

        protected void throwUnauthorizedAssetChange​(java.lang.String userId,
                                                    Asset asset,
                                                    java.lang.String methodName)
                                             throws UserNotAuthorizedException
        Write an audit log message and throw exception to record an unauthorized access.
        Parameters:
        userId - calling user
        asset - asset being accessed
        methodName - calling method
        Throws:
        UserNotAuthorizedException - the authorization check failed
      • throwUnauthorizedAssetCreate

        protected void throwUnauthorizedAssetCreate​(java.lang.String userId,
                                                    Asset asset,
                                                    java.lang.String methodName)
                                             throws UserNotAuthorizedException
        Write an audit log message and throw exception to record an unauthorized access.
        Parameters:
        userId - calling user
        asset - asset being accessed
        methodName - calling method
        Throws:
        UserNotAuthorizedException - the authorization check failed
      • throwIncompleteAsset

        protected void throwIncompleteAsset​(java.lang.String userId,
                                            Asset asset,
                                            java.lang.String propertyName,
                                            java.lang.String methodName)
                                     throws UserNotAuthorizedException
        Write an audit log message and throw exception to record an unauthorized access.
        Parameters:
        userId - calling user
        asset - asset being accessed
        propertyName - name of property that is missing
        methodName - calling method
        Throws:
        UserNotAuthorizedException - the authorization check failed
      • throwUnauthorizedZoneChange

        protected void throwUnauthorizedZoneChange​(java.lang.String userId,
                                                   Asset asset,
                                                   java.util.List<java.lang.String> originalZones,
                                                   java.util.List<java.lang.String> newZones,
                                                   java.lang.String methodName)
                                            throws UserNotAuthorizedException
        Write an audit log message and throw exception to record an unauthorized access.
        Parameters:
        userId - calling user
        asset - asset being accessed
        originalZones - previous value of the zone membership for the asset being accessed
        newZones - new value of the zone membership for the asset being accessed
        methodName - calling method
        Throws:
        UserNotAuthorizedException - the authorization check failed
      • throwUnauthorizedAssetFeedback

        protected void throwUnauthorizedAssetFeedback​(java.lang.String userId,
                                                      Asset asset,
                                                      java.lang.String methodName)
                                               throws UserNotAuthorizedException
        Write an audit log message and throw exception to record an unauthorized access.
        Parameters:
        userId - calling user
        asset - asset in error
        methodName - calling method
        Throws:
        UserNotAuthorizedException - the user is not authorized to access this zone
      • throwUnauthorizedConnectionAccess

        protected void throwUnauthorizedConnectionAccess​(java.lang.String userId,
                                                         Connection connection,
                                                         java.lang.String methodName)
                                                  throws UserNotAuthorizedException
        Write an audit log message and throw exception to record an unauthorized access.
        Parameters:
        userId - calling user
        connection - connection to validate
        methodName - calling method
        Throws:
        UserNotAuthorizedException - the authorization check failed
      • setAuditLog

        public void setAuditLog​(AuditLog auditLog)
        Receive an audit log object that can be used to record audit log messages. The caller has initialized it with the correct component description and log destinations.
        Specified by:
        setAuditLog in interface AuditLoggingComponent
        Parameters:
        auditLog - audit log object
      • setServerName

        public void setServerName​(java.lang.String serverName)
        Set the name of the server that this connector is supporting.
        Parameters:
        serverName - name of server
      • setLocalServerUserId

        public void setLocalServerUserId​(java.lang.String userId)
        Provide the local server's userId. This is used for requests that originate from within the local server.
        Parameters:
        userId - local server's userId
      • setSupportedZonesForUser

        protected java.util.List<java.lang.String> setSupportedZonesForUser​(java.util.List<java.lang.String> supportedZones,
                                                                            java.lang.String serviceName,
                                                                            java.lang.String user)
                                                                     throws InvalidParameterException,
                                                                            PropertyServerException
        Determine the appropriate setting for the supported zones depending on the user and the default supported zones set up for the service. This is called whenever an asset is accessed.
        Parameters:
        supportedZones - default setting of the supported zones for the service
        serviceName - name of the called service
        user - name of the user
        Returns:
        list of supported zones for the user
        Throws:
        InvalidParameterException - one of the parameter values is invalid
        PropertyServerException - there is a problem calculating the zones
      • setAssetZonesToDefault

        protected java.util.List<java.lang.String> setAssetZonesToDefault​(java.util.List<java.lang.String> defaultZones,
                                                                          Asset asset)
                                                                   throws InvalidParameterException,
                                                                          PropertyServerException
        Determine the appropriate setting for the asset zones depending on the content of the asset and the default zones. This is called whenever a new asset is created. The default behavior is to use the default values, unless the zones have been explicitly set up, in which case, they are left unchanged.
        Parameters:
        defaultZones - setting of the default zones for the service
        asset - initial values for the asset
        Returns:
        list of zones to set in the asset
        Throws:
        InvalidParameterException - one of the asset values is invalid
        PropertyServerException - there is a problem calculating the zones
      • verifyAssetZones

        protected java.util.List<java.lang.String> verifyAssetZones​(java.util.List<java.lang.String> defaultZones,
                                                                    java.util.List<java.lang.String> supportedZones,
                                                                    java.util.List<java.lang.String> publishZones,
                                                                    Asset originalAsset,
                                                                    Asset updatedAsset)
                                                             throws InvalidParameterException,
                                                                    PropertyServerException
        Determine the appropriate setting for the asset zones depending on the content of the asset and the settings of both default zones and supported zones. This method is called whenever an asset's values are changed. The default behavior is to keep the updated zones as they are.
        Parameters:
        defaultZones - setting of the default zones for the service
        supportedZones - setting of the supported zones for the service
        publishZones - setting of the publishZones for the service
        originalAsset - original values for the asset
        updatedAsset - updated values for the asset
        Returns:
        list of zones to set in the asset
        Throws:
        InvalidParameterException - one of the asset values is invalid
        PropertyServerException - there is a problem calculating the zones
      • validateUserForServer

        protected void validateUserForServer​(java.lang.String userId)
                                      throws UserNotAuthorizedException
        Check that the calling user is authorized to issue a (any) request to the OMAG Server Platform.
        Parameters:
        userId - calling user
        Throws:
        UserNotAuthorizedException - the user is not authorized to access this function
      • validateUserAsServerAdmin

        protected void validateUserAsServerAdmin​(java.lang.String userId)
                                          throws UserNotAuthorizedException
        Check that the calling user is authorized to update the configuration for a server.
        Parameters:
        userId - calling user
        Throws:
        UserNotAuthorizedException - the user is not authorized to change configuration
      • validateUserAsServerOperator

        protected void validateUserAsServerOperator​(java.lang.String userId)
                                             throws UserNotAuthorizedException
        Check that the calling user is authorized to issue operator requests to the OMAG Server.
        Parameters:
        userId - calling user
        Throws:
        UserNotAuthorizedException - the user is not authorized to issue operator commands to this server
      • validateUserAsServerInvestigator

        protected void validateUserAsServerInvestigator​(java.lang.String userId)
                                                 throws UserNotAuthorizedException
        Check that the calling user is authorized to issue operator requests to the OMAG Server.
        Parameters:
        userId - calling user
        Throws:
        UserNotAuthorizedException - the user is not authorized to issue diagnostic commands to this server
      • validateUserForService

        protected void validateUserForService​(java.lang.String userId,
                                              java.lang.String serviceName)
                                       throws UserNotAuthorizedException
        Check that the calling user is authorized to issue this request.
        Parameters:
        userId - calling user
        serviceName - name of called service
        Throws:
        UserNotAuthorizedException - the user is not authorized to access this service
      • validateUserForServiceOperation

        protected void validateUserForServiceOperation​(java.lang.String userId,
                                                       java.lang.String serviceName,
                                                       java.lang.String serviceOperationName)
                                                throws UserNotAuthorizedException
        Check that the calling user is authorized to issue this specific request.
        Parameters:
        userId - calling user
        serviceName - name of called service
        serviceOperationName - name of called operation
        Throws:
        UserNotAuthorizedException - the user is not authorized to access this service
      • validateUserForConnection

        protected void validateUserForConnection​(java.lang.String userId,
                                                 Connection connection)
                                          throws UserNotAuthorizedException
        Tests for whether a specific user should have access to a connection.
        Parameters:
        userId - identifier of user
        connection - connection object
        Throws:
        UserNotAuthorizedException - the user is not authorized to access this service
      • validateUserForAssetConnectionList

        protected Connection validateUserForAssetConnectionList​(java.lang.String userId,
                                                                Asset asset,
                                                                java.util.List<Connection> connections)
                                                         throws UserNotAuthorizedException
        Select a connection from the list of connections attached to an asset.
        Parameters:
        userId - calling user
        asset - asset requested by caller
        connections - list of attached connections
        Returns:
        selected connection or null (pretend there are no connections attached to the asset) or
        Throws:
        UserNotAuthorizedException - the user is not authorized to access this service
      • validateUserForAssetCreate

        protected void validateUserForAssetCreate​(java.lang.String userId,
                                                  Asset asset)
                                           throws UserNotAuthorizedException
        Tests for whether a specific user should have the right to create an asset within a zone.
        Parameters:
        userId - identifier of user
        asset - asset details
        Throws:
        UserNotAuthorizedException - the user is not authorized to change this asset
      • validateUserForAssetRead

        protected void validateUserForAssetRead​(java.lang.String userId,
                                                Asset asset)
                                         throws UserNotAuthorizedException
        Tests for whether a specific user should have read access to a specific asset within a zone.
        Parameters:
        userId - identifier of user
        asset - asset to test
        Throws:
        UserNotAuthorizedException - the user is not authorized to access this asset
      • validateUserForAssetDetailUpdate

        protected void validateUserForAssetDetailUpdate​(java.lang.String userId,
                                                        Asset originalAsset,
                                                        AssetAuditHeader originalAssetAuditHeader,
                                                        Asset newAsset)
                                                 throws UserNotAuthorizedException
        Tests for whether a specific user should have the right to update an asset. This is used for a general asset update, which may include changes to the zones and the ownership.
        Parameters:
        userId - identifier of user
        originalAsset - original asset details
        originalAssetAuditHeader - details of the asset's audit header
        newAsset - new asset details
        Throws:
        UserNotAuthorizedException - the user is not authorized to change this asset
      • validateUserForAssetAttachmentUpdate

        protected void validateUserForAssetAttachmentUpdate​(java.lang.String userId,
                                                            Asset asset)
                                                     throws UserNotAuthorizedException
        Tests for whether a specific user should have the right to update elements attached directly to an asset such as schema and connections.
        Parameters:
        userId - identifier of user
        asset - original asset details
        Throws:
        UserNotAuthorizedException - the user is not authorized to change this asset
      • validateUserForAssetFeedback

        protected void validateUserForAssetFeedback​(java.lang.String userId,
                                                    Asset asset)
                                             throws UserNotAuthorizedException
        Tests for whether a specific user should have the right to attach feedback - such as comments, ratings, tags and likes, to the asset.
        Parameters:
        userId - identifier of user
        asset - original asset details
        Throws:
        UserNotAuthorizedException - the user is not authorized to change this asset
      • validateUserForAssetDelete

        protected void validateUserForAssetDelete​(java.lang.String userId,
                                                  Asset asset)
                                           throws UserNotAuthorizedException
        Tests for whether a specific user should have the right to delete an asset within a zone.
        Parameters:
        userId - identifier of user
        asset - asset details
        Throws:
        UserNotAuthorizedException - the user is not authorized to change this asset
      • validateUserForTypeCreate

        protected void validateUserForTypeCreate​(java.lang.String userId,
                                                 java.lang.String metadataCollectionName,
                                                 org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.typedefs.TypeDef typeDef)
                                          throws UserNotAuthorizedException
        Tests for whether a specific user should have the right to create a type within a repository.
        Parameters:
        userId - identifier of user
        metadataCollectionName - configurable name of the metadata collection
        typeDef - type details
        Throws:
        UserNotAuthorizedException - the user is not authorized to maintain types
      • validateUserForTypeCreate

        protected void validateUserForTypeCreate​(java.lang.String userId,
                                                 java.lang.String metadataCollectionName,
                                                 org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.typedefs.AttributeTypeDef attributeTypeDef)
                                          throws UserNotAuthorizedException
        Tests for whether a specific user should have the right to create a type within a repository.
        Parameters:
        userId - identifier of user
        metadataCollectionName - configurable name of the metadata collection
        attributeTypeDef - type details
        Throws:
        UserNotAuthorizedException - the user is not authorized to maintain types
      • validateUserForTypeRead

        protected void validateUserForTypeRead​(java.lang.String userId,
                                               java.lang.String metadataCollectionName,
                                               org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.typedefs.TypeDef typeDef)
                                        throws UserNotAuthorizedException
        Tests for whether a specific user should have read access to a specific type within a repository.
        Parameters:
        userId - identifier of user
        metadataCollectionName - configurable name of the metadata collection
        typeDef - type details
        Throws:
        UserNotAuthorizedException - the user is not authorized to retrieve types
      • validateUserForTypeRead

        protected void validateUserForTypeRead​(java.lang.String userId,
                                               java.lang.String metadataCollectionName,
                                               org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.typedefs.AttributeTypeDef attributeTypeDef)
                                        throws UserNotAuthorizedException
        Tests for whether a specific user should have read access to a specific type within a repository.
        Parameters:
        userId - identifier of user
        metadataCollectionName - configurable name of the metadata collection
        attributeTypeDef - type details
        Throws:
        UserNotAuthorizedException - the user is not authorized to retrieve types
      • validateUserForTypeUpdate

        protected void validateUserForTypeUpdate​(java.lang.String userId,
                                                 java.lang.String metadataCollectionName,
                                                 org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.typedefs.TypeDef typeDef,
                                                 org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.typedefs.TypeDefPatch patch)
                                          throws UserNotAuthorizedException
        Tests for whether a specific user should have the right to update a typeDef within a repository.
        Parameters:
        userId - identifier of user
        metadataCollectionName - configurable name of the metadata collection
        typeDef - current typeDef details
        patch - proposed changes to type
        Throws:
        UserNotAuthorizedException - the user is not authorized to maintain types
      • validateUserForTypeDelete

        protected void validateUserForTypeDelete​(java.lang.String userId,
                                                 java.lang.String metadataCollectionName,
                                                 org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.typedefs.TypeDef typeDef)
                                          throws UserNotAuthorizedException
        Tests for whether a specific user should have the right to delete a type within a repository.
        Parameters:
        userId - identifier of user
        metadataCollectionName - configurable name of the metadata collection
        typeDef - type details
        Throws:
        UserNotAuthorizedException - the user is not authorized to maintain types
      • validateUserForTypeDelete

        protected void validateUserForTypeDelete​(java.lang.String userId,
                                                 java.lang.String metadataCollectionName,
                                                 org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.typedefs.AttributeTypeDef attributeTypeDef)
                                          throws UserNotAuthorizedException
        Tests for whether a specific user should have the right to delete a type within a repository.
        Parameters:
        userId - identifier of user
        metadataCollectionName - configurable name of the metadata collection
        attributeTypeDef - type details
        Throws:
        UserNotAuthorizedException - the user is not authorized to maintain types
      • validateUserForTypeReIdentify

        protected void validateUserForTypeReIdentify​(java.lang.String userId,
                                                     java.lang.String metadataCollectionName,
                                                     org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.typedefs.TypeDef originalTypeDef,
                                                     java.lang.String newTypeDefGUID,
                                                     java.lang.String newTypeDefName)
                                              throws UserNotAuthorizedException
        Tests for whether a specific user should have the right to change the identifiers for a type within a repository.
        Parameters:
        userId - identifier of user
        metadataCollectionName - configurable name of the metadata collection
        originalTypeDef - type details
        newTypeDefGUID - the new identifier for the type.
        newTypeDefName - new name for this type.
        Throws:
        UserNotAuthorizedException - the user is not authorized to maintain types
      • validateUserForTypeReIdentify

        protected void validateUserForTypeReIdentify​(java.lang.String userId,
                                                     java.lang.String metadataCollectionName,
                                                     org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.typedefs.AttributeTypeDef originalAttributeTypeDef,
                                                     java.lang.String newTypeDefGUID,
                                                     java.lang.String newTypeDefName)
                                              throws UserNotAuthorizedException
        Tests for whether a specific user should have the right to change the identifiers for a type within a repository.
        Parameters:
        userId - identifier of user
        metadataCollectionName - configurable name of the metadata collection
        originalAttributeTypeDef - type details
        newTypeDefGUID - the new identifier for the type.
        newTypeDefName - new name for this type.
        Throws:
        UserNotAuthorizedException - the user is not authorized to maintain types
      • validateUserForEntityCreate

        protected void validateUserForEntityCreate​(java.lang.String userId,
                                                   java.lang.String metadataCollectionName,
                                                   java.lang.String entityTypeGUID,
                                                   org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.InstanceProperties initialProperties,
                                                   java.util.List<org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.Classification> initialClassifications,
                                                   org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.InstanceStatus initialStatus)
                                            throws UserNotAuthorizedException
        Tests for whether a specific user should have the right to create a instance within a repository.
        Parameters:
        userId - identifier of user
        metadataCollectionName - configurable name of the metadata collection
        entityTypeGUID - unique identifier (guid) for the new entity's type.
        initialProperties - initial list of properties for the new entity null means no properties.
        initialClassifications - initial list of classifications for the new entity null means no classifications.
        initialStatus - initial status typically DRAFT, PREPARED or ACTIVE.
        Throws:
        UserNotAuthorizedException - the user is not authorized to maintain instances
      • validateUserForEntityRead

        protected org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.EntityDetail validateUserForEntityRead​(java.lang.String userId,
                                                                                                                                                                 java.lang.String metadataCollectionName,
                                                                                                                                                                 org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.EntityDetail instance)
                                                                                                                                                          throws UserNotAuthorizedException
        Tests for whether a specific user should have read access to a specific instance within a repository.
        Parameters:
        userId - identifier of user
        metadataCollectionName - configurable name of the metadata collection
        instance - instance details
        Returns:
        entity to return (maybe altered by the connector)
        Throws:
        UserNotAuthorizedException - the user is not authorized to retrieve instances
      • validateUserForEntitySummaryRead

        protected void validateUserForEntitySummaryRead​(java.lang.String userId,
                                                        java.lang.String metadataCollectionName,
                                                        org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.EntitySummary instance)
                                                 throws UserNotAuthorizedException
        Tests for whether a specific user should have read access to a specific instance within a repository.
        Parameters:
        userId - identifier of user
        metadataCollectionName - configurable name of the metadata collection
        instance - instance details
        Throws:
        UserNotAuthorizedException - the user is not authorized to retrieve instances
      • validateUserForEntityProxyRead

        protected void validateUserForEntityProxyRead​(java.lang.String userId,
                                                      java.lang.String metadataCollectionName,
                                                      org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.EntityProxy instance)
                                               throws UserNotAuthorizedException
        Tests for whether a specific user should have read access to a specific instance within a repository.
        Parameters:
        userId - identifier of user
        metadataCollectionName - configurable name of the metadata collection
        instance - instance details
        Throws:
        UserNotAuthorizedException - the user is not authorized to retrieve instances
      • validateUserForEntityUpdate

        protected void validateUserForEntityUpdate​(java.lang.String userId,
                                                   java.lang.String metadataCollectionName,
                                                   org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.EntityDetail instance)
                                            throws UserNotAuthorizedException
        Tests for whether a specific user should have the right to update a instance within a repository.
        Parameters:
        userId - identifier of user
        metadataCollectionName - configurable name of the metadata collection
        instance - instance details
        Throws:
        UserNotAuthorizedException - the user is not authorized to maintain instances
      • validateUserForEntityClassificationAdd

        protected void validateUserForEntityClassificationAdd​(java.lang.String userId,
                                                              java.lang.String metadataCollectionName,
                                                              org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.EntitySummary instance,
                                                              java.lang.String classificationName,
                                                              org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.InstanceProperties properties)
                                                       throws UserNotAuthorizedException
        Tests for whether a specific user should have the right to add a classification to an entity instance within a repository.
        Parameters:
        userId - identifier of user
        metadataCollectionName - configurable name of the metadata collection
        instance - instance details
        classificationName - String name for the classification.
        properties - list of properties for the classification.
        Throws:
        UserNotAuthorizedException - the user is not authorized to maintain instances
      • validateUserForEntityClassificationUpdate

        protected void validateUserForEntityClassificationUpdate​(java.lang.String userId,
                                                                 java.lang.String metadataCollectionName,
                                                                 org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.EntitySummary instance,
                                                                 java.lang.String classificationName,
                                                                 org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.InstanceProperties properties)
                                                          throws UserNotAuthorizedException
        Tests for whether a specific user should have the right to update the classification for an entity instance within a repository.
        Parameters:
        userId - identifier of user
        metadataCollectionName - configurable name of the metadata collection
        instance - instance details
        classificationName - String name for the classification.
        properties - list of properties for the classification.
        Throws:
        UserNotAuthorizedException - the user is not authorized to maintain instances
      • validateUserForEntityClassificationDelete

        protected void validateUserForEntityClassificationDelete​(java.lang.String userId,
                                                                 java.lang.String metadataCollectionName,
                                                                 org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.EntitySummary instance,
                                                                 java.lang.String classificationName)
                                                          throws UserNotAuthorizedException
        Tests for whether a specific user should have the right to delete a classification from an entity instance within a repository.
        Parameters:
        userId - identifier of user
        metadataCollectionName - configurable name of the metadata collection
        instance - instance details
        classificationName - String name for the classification.
        Throws:
        UserNotAuthorizedException - the user is not authorized to maintain instances
      • validateUserForEntityDelete

        protected void validateUserForEntityDelete​(java.lang.String userId,
                                                   java.lang.String metadataCollectionName,
                                                   org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.EntityDetail instance)
                                            throws UserNotAuthorizedException
        Tests for whether a specific user should have the right to delete a instance within a repository.
        Parameters:
        userId - identifier of user
        metadataCollectionName - configurable name of the metadata collection
        instance - instance details
        Throws:
        UserNotAuthorizedException - the user is not authorized to maintain instances
      • validateUserForEntityRestore

        protected void validateUserForEntityRestore​(java.lang.String userId,
                                                    java.lang.String metadataCollectionName,
                                                    java.lang.String deletedEntityGUID)
                                             throws UserNotAuthorizedException
        Tests for whether a specific user should have the right to restore a instance within a repository.
        Parameters:
        userId - identifier of user
        metadataCollectionName - configurable name of the metadata collection
        deletedEntityGUID - String unique identifier (guid) for the entity.
        Throws:
        UserNotAuthorizedException - the user is not authorized to maintain instances
      • validateUserForEntityReIdentification

        protected void validateUserForEntityReIdentification​(java.lang.String userId,
                                                             java.lang.String metadataCollectionName,
                                                             org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.EntityDetail instance,
                                                             java.lang.String newGUID)
                                                      throws UserNotAuthorizedException
        Tests for whether a specific user should have the right to change the guid on a instance within a repository.
        Parameters:
        userId - identifier of user
        metadataCollectionName - configurable name of the metadata collection
        instance - instance details
        newGUID - the new guid for the instance.
        Throws:
        UserNotAuthorizedException - the user is not authorized to maintain instances
      • validateUserForEntityReTyping

        protected void validateUserForEntityReTyping​(java.lang.String userId,
                                                     java.lang.String metadataCollectionName,
                                                     org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.EntityDetail instance,
                                                     org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.typedefs.TypeDefSummary newTypeDefSummary)
                                              throws UserNotAuthorizedException
        Tests for whether a specific user should have the right to change the type of a instance within a repository.
        Parameters:
        userId - identifier of user
        metadataCollectionName - configurable name of the metadata collection
        instance - instance details
        newTypeDefSummary - details of this instance's new TypeDef.
        Throws:
        UserNotAuthorizedException - the user is not authorized to maintain instances
      • validateUserForEntityReHoming

        protected void validateUserForEntityReHoming​(java.lang.String userId,
                                                     java.lang.String metadataCollectionName,
                                                     org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.EntityDetail instance,
                                                     java.lang.String newHomeMetadataCollectionId,
                                                     java.lang.String newHomeMetadataCollectionName)
                                              throws UserNotAuthorizedException
        Tests for whether a specific user should have the right to change the home of a instance within a repository.
        Parameters:
        userId - identifier of user
        metadataCollectionName - configurable name of the metadata collection
        instance - instance details
        newHomeMetadataCollectionId - unique identifier for the new home metadata collection/repository.
        newHomeMetadataCollectionName - display name for the new home metadata collection/repository.
        Throws:
        UserNotAuthorizedException - the user is not authorized to maintain instances
      • validateUserForRelationshipCreate

        protected void validateUserForRelationshipCreate​(java.lang.String userId,
                                                         java.lang.String metadataCollectionName,
                                                         java.lang.String relationshipTypeGUID,
                                                         org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.InstanceProperties initialProperties,
                                                         org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.EntitySummary entityOneSummary,
                                                         org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.EntitySummary entityTwoSummary,
                                                         org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.InstanceStatus initialStatus)
                                                  throws UserNotAuthorizedException
        Tests for whether a specific user should have the right to create a instance within a repository.
        Parameters:
        userId - identifier of user
        metadataCollectionName - configurable name of the metadata collection
        relationshipTypeGUID - unique identifier (guid) for the new relationship's type.
        initialProperties - initial list of properties for the new entity null means no properties.
        entityOneSummary - the unique identifier of one of the entities that the relationship is connecting together.
        entityTwoSummary - the unique identifier of the other entity that the relationship is connecting together.
        initialStatus - initial status typically DRAFT, PREPARED or ACTIVE.
        Throws:
        UserNotAuthorizedException - the user is not authorized to maintain instances
      • validateUserForRelationshipRead

        protected org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.Relationship validateUserForRelationshipRead​(java.lang.String userId,
                                                                                                                                                                       java.lang.String metadataCollectionName,
                                                                                                                                                                       org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.Relationship instance)
                                                                                                                                                                throws UserNotAuthorizedException
        Tests for whether a specific user should have read access to a specific instance within a repository.
        Parameters:
        userId - identifier of user
        metadataCollectionName - configurable name of the metadata collection
        instance - instance details
        Returns:
        relationship
        Throws:
        UserNotAuthorizedException - the user is not authorized to retrieve instances
      • validateUserForRelationshipUpdate

        protected void validateUserForRelationshipUpdate​(java.lang.String userId,
                                                         java.lang.String metadataCollectionName,
                                                         org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.Relationship instance)
                                                  throws UserNotAuthorizedException
        Tests for whether a specific user should have the right to update a instance within a repository.
        Parameters:
        userId - identifier of user
        metadataCollectionName - configurable name of the metadata collection
        instance - instance details
        Throws:
        UserNotAuthorizedException - the user is not authorized to maintain instances
      • validateUserForRelationshipDelete

        protected void validateUserForRelationshipDelete​(java.lang.String userId,
                                                         java.lang.String metadataCollectionName,
                                                         org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.Relationship instance)
                                                  throws UserNotAuthorizedException
        Tests for whether a specific user should have the right to delete a instance within a repository.
        Parameters:
        userId - identifier of user
        metadataCollectionName - configurable name of the metadata collection
        instance - instance details
        Throws:
        UserNotAuthorizedException - the user is not authorized to maintain instances
      • validateUserForRelationshipRestore

        protected void validateUserForRelationshipRestore​(java.lang.String userId,
                                                          java.lang.String metadataCollectionName,
                                                          java.lang.String deletedRelationshipGUID)
                                                   throws UserNotAuthorizedException
        Tests for whether a specific user should have the right to restore a instance within a repository.
        Parameters:
        userId - identifier of user
        metadataCollectionName - configurable name of the metadata collection
        deletedRelationshipGUID - String unique identifier (guid) for the relationship.
        Throws:
        UserNotAuthorizedException - the user is not authorized to maintain instances
      • validateUserForRelationshipReIdentification

        protected void validateUserForRelationshipReIdentification​(java.lang.String userId,
                                                                   java.lang.String metadataCollectionName,
                                                                   org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.Relationship instance,
                                                                   java.lang.String newGUID)
                                                            throws UserNotAuthorizedException
        Tests for whether a specific user should have the right to change the guid on a instance within a repository.
        Parameters:
        userId - identifier of user
        metadataCollectionName - configurable name of the metadata collection
        instance - instance details
        newGUID - the new guid for the instance.
        Throws:
        UserNotAuthorizedException - the user is not authorized to maintain instances
      • validateUserForRelationshipReTyping

        protected void validateUserForRelationshipReTyping​(java.lang.String userId,
                                                           java.lang.String metadataCollectionName,
                                                           org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.Relationship instance,
                                                           org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.typedefs.TypeDefSummary newTypeDefSummary)
                                                    throws UserNotAuthorizedException
        Tests for whether a specific user should have the right to change the type of a instance within a repository.
        Parameters:
        userId - identifier of user
        metadataCollectionName - configurable name of the metadata collection
        instance - instance details
        newTypeDefSummary - details of this instance's new TypeDef.
        Throws:
        UserNotAuthorizedException - the user is not authorized to maintain instances
      • validateUserForRelationshipReHoming

        protected void validateUserForRelationshipReHoming​(java.lang.String userId,
                                                           java.lang.String metadataCollectionName,
                                                           org.odpi.openmetadata.repositoryservices.connectors.stores.metadatacollectionstore.properties.instances.Relationship instance,
                                                           java.lang.String newHomeMetadataCollectionId,
                                                           java.lang.String newHomeMetadataCollectionName)
                                                    throws UserNotAuthorizedException
        Tests for whether a specific user should have the right to change the home of a instance within a repository.
        Parameters:
        userId - identifier of user
        metadataCollectionName - configurable name of the metadata collection
        instance - instance details
        newHomeMetadataCollectionId - unique identifier for the new home metadata collection/repository.
        newHomeMetadataCollectionName - display name for the new home metadata collection/repository.
        Throws:
        UserNotAuthorizedException - the user is not authorized to maintain instances