Package org.odpi.openmetadata.metadatasecurity.samples

Class CocoPharmaServerSecurityConnector

java.lang.Object

org.odpi.openmetadata.frameworks.connectors.Connector

org.odpi.openmetadata.frameworks.connectors.ConnectorBase

org.odpi.openmetadata.metadatasecurity.connectors.OpenMetadataServerSecurityConnector

org.odpi.openmetadata.metadatasecurity.samples.CocoPharmaServerSecurityConnector

All Implemented Interfaces:

AuditLoggingComponent, SecureConnectorExtension, VirtualConnectorExtension, OpenMetadataAssetSecurity, OpenMetadataConnectionSecurity, OpenMetadataGlossarySecurity, OpenMetadataServerSecurity, OpenMetadataServiceSecurity, OpenMetadataRepositorySecurity

public class CocoPharmaServerSecurityConnector
extends OpenMetadataServerSecurityConnector
implements OpenMetadataRepositorySecurity, OpenMetadataServerSecurity, OpenMetadataServiceSecurity, OpenMetadataConnectionSecurity, OpenMetadataAssetSecurity, OpenMetadataGlossarySecurity

CocoPharmaServerSecurityConnector provides a specific security connector for Coco Pharmaceuticals users that overrides the default behavior of that open metadata security connector that does not allow any access to anything.

Nested Class Summary

Nested classes/interfaces inherited from class org.odpi.openmetadata.frameworks.connectors.ConnectorBase

ConnectorBase.ProtectedConnection

Field Summary

Fields inherited from class org.odpi.openmetadata.metadatasecurity.connectors.OpenMetadataServerSecurityConnector

auditLog, connectorName, localServerUserId, serverName, unknownTypeName

Fields inherited from class org.odpi.openmetadata.frameworks.connectors.ConnectorBase

connectedAssetProperties, connectionBean, connectionProperties, connectorInstanceId, embeddedConnectors, messageFormatter, secretsStoreConnectorMap

Constructor Summary

Constructors

Constructor	Description
CocoPharmaServerSecurityConnector()	Constructor sets up the security groups

Method Summary

Modifier and Type	Method	Description
List<String>	setAssetZonesToDefault(List<String> defaultZones, Asset asset)	Determine the appropriate setting for the asset zones depending on the content of the asset and the default zones.
List<String>	setSupportedZonesForUser(List<String> supportedZones, String serviceName, String user)	Determine the appropriate setting for the supported zones depending on the user and the default supported zones set up for the service.
boolean	validateEntityReferenceCopySave(EntityDetail instance)	Tests for whether a reference copy should be saved to the repository.
boolean	validateRelationshipReferenceCopySave(Relationship instance)	Tests for whether a reference copy should be saved to the repository.
void	validateUserAsServerAdmin(String userId)	Check that the calling user is authorized to update the configuration for a server.
void	validateUserAsServerInvestigator(String userId)	Check that the calling user is authorized to issue operator requests to the OMAG Server.
void	validateUserAsServerOperator(String userId)	Check that the calling user is authorized to issue operator requests to the OMAG Server.
void	validateUserForAssetAttachmentUpdate(String userId, Asset asset)	Tests for whether a specific user should have the right to update elements attached directly to an asset such as glossary terms, schema and connections.
Connection	validateUserForAssetConnectionList(String userId, Asset asset, List<Connection> connections)	Select a connection from the list of connections attached to an asset.
void	validateUserForAssetCreate(String userId, Asset asset)	Tests for whether a specific user should have the right to create an asset within a zone.
void	validateUserForAssetDelete(String userId, Asset asset)	Tests for whether a specific user should have the right to delete an asset within a zone.
void	validateUserForAssetDetailUpdate(String userId, Asset originalAsset, AssetAuditHeader originalAssetAuditHeader, Asset newAsset)	Tests for whether a specific user should have the right to update an asset.
void	validateUserForAssetFeedback(String userId, Asset asset)	Tests for whether a specific user should have the right to attach feedback - such as comments, ratings, tags and likes, to the asset.
void	validateUserForAssetRead(String userId, Asset asset)	Tests for whether a specific user should have read access to a specific asset within a zone.
void	validateUserForConnection(String userId, Connection connection)	Tests for whether a specific user should have access to a connection.
void	validateUserForEntityClassificationAdd(String userId, String metadataCollectionName, EntitySummary instance, String classificationName, InstanceProperties properties)	Tests for whether a specific user should have the right to add a classification to an entity instance within a repository.
void	validateUserForEntityClassificationDelete(String userId, String metadataCollectionName, EntitySummary instance, String classificationName)	Tests for whether a specific user should have the right to delete a classification from an entity instance within a repository.
void	validateUserForEntityClassificationUpdate(String userId, String metadataCollectionName, EntitySummary instance, String classificationName, InstanceProperties properties)	Tests for whether a specific user should have the right to update the classification for an entity instance within a repository.
void	validateUserForEntityCreate(String userId, String metadataCollectionName, String entityTypeGUID, InstanceProperties initialProperties, List<Classification> initialClassifications, InstanceStatus initialStatus)	Tests for whether a specific user should have the right to create an instance within a repository.
void	validateUserForEntityDelete(String userId, String metadataCollectionName, EntityDetail instance)	Tests for whether a specific user should have the right to delete an instance within a repository.
void	validateUserForEntityProxyRead(String userId, String metadataCollectionName, EntityProxy instance)	Tests for whether a specific user should have read access to a specific instance within a repository.
EntityDetail	validateUserForEntityRead(String userId, String metadataCollectionName, EntityDetail instance)	Tests for whether a specific user should have read access to a specific instance within a repository.
void	validateUserForEntityReHoming(String userId, String metadataCollectionName, EntityDetail instance, String newHomeMetadataCollectionId, String newHomeMetadataCollectionName)	Tests for whether a specific user should have the right to change the home of an instance within a repository.
void	validateUserForEntityReIdentification(String userId, String metadataCollectionName, EntityDetail instance, String newGUID)	Tests for whether a specific user should have the right to change the guid on an instance within a repository.
void	validateUserForEntityRestore(String userId, String metadataCollectionName, String deletedEntityGUID)	Tests for whether a specific user should have the right to restore an instance within a repository.
void	validateUserForEntityReTyping(String userId, String metadataCollectionName, EntityDetail instance, TypeDefSummary newTypeDefSummary)	Tests for whether a specific user should have the right to change the type name of an instance within a repository.
void	validateUserForEntitySummaryRead(String userId, String metadataCollectionName, EntitySummary instance)	Tests for whether a specific user should have read access to a specific instance within a repository.
void	validateUserForEntityUpdate(String userId, String metadataCollectionName, EntityDetail instance)	Tests for whether a specific user should have the right to update an instance within a repository.
void	validateUserForGlossaryCreate(String userId, Glossary glossary)	Tests for whether a specific user should have the right to create a glossary.
void	validateUserForGlossaryDelete(String userId, Glossary glossary)	Tests for whether a specific user should have the right to delete a glossary and all of its contents.
void	validateUserForGlossaryDetailUpdate(String userId, Glossary originalGlossary, Glossary newGlossary)	Tests for whether a specific user should have the right to update the properties/classifications of a glossary.
void	validateUserForGlossaryFeedback(String userId, Glossary glossary)	Tests for whether a specific user should have the right to attach feedback - such as comments, ratings, tags and likes, to the glossary.
void	validateUserForGlossaryMemberStatusUpdate(String userId, Glossary glossary)	Tests for whether a specific user should have the right to update the instance status of a term anchored in a glossary.
void	validateUserForGlossaryMemberUpdate(String userId, Glossary glossary)	Tests for whether a specific user should have the right to update elements attached directly to a glossary such as glossary terms and categories.
void	validateUserForGlossaryRead(String userId, Glossary glossary)	Tests for whether a specific user should have read access to a specific glossary and its contents.
void	validateUserForRelationshipCreate(String userId, String metadataCollectionName, String relationshipTypeGUID, InstanceProperties initialProperties, EntitySummary entityOneSummary, EntitySummary entityTwoSummary, InstanceStatus initialStatus)	Tests for whether a specific user should have the right to create an instance within a repository.
void	validateUserForRelationshipDelete(String userId, String metadataCollectionName, Relationship instance)	Tests for whether a specific user should have the right to delete an instance within a repository.
Relationship	validateUserForRelationshipRead(String userId, String metadataCollectionName, Relationship instance)	Tests for whether a specific user should have read access to a specific instance within a repository.
void	validateUserForRelationshipReHoming(String userId, String metadataCollectionName, Relationship instance, String newHomeMetadataCollectionId, String newHomeMetadataCollectionName)	Tests for whether a specific user should have the right to change the home of a instance within a repository.
void	validateUserForRelationshipReIdentification(String userId, String metadataCollectionName, Relationship instance, String newGUID)	Tests for whether a specific user should have the right to change the guid on an instance within a repository.
void	validateUserForRelationshipRestore(String userId, String metadataCollectionName, String deletedRelationshipGUID)	Tests for whether a specific user should have the right to restore an instance within a repository.
void	validateUserForRelationshipReTyping(String userId, String metadataCollectionName, Relationship instance, TypeDefSummary newTypeDefSummary)	Tests for whether a specific user should have the right to change the type name of an instance within a repository.
void	validateUserForRelationshipUpdate(String userId, String metadataCollectionName, Relationship instance)	Tests for whether a specific user should have the right to update an instance within a repository.
void	validateUserForServer(String userId)	Check that the calling user is authorized to issue a (any) request to the OMAG Server Platform.
void	validateUserForService(String userId, String serviceName)	Check that the calling user is authorized to issue this request.
void	validateUserForServiceOperation(String userId, String serviceName, String serviceOperationName)	Check that the calling user is authorized to issue this specific request.
void	validateUserForTypeCreate(String userId, String metadataCollectionName, AttributeTypeDef attributeTypeDef)	Tests for whether a specific user should have the right to create a type within a repository.
void	validateUserForTypeCreate(String userId, String metadataCollectionName, TypeDef typeDef)	Tests for whether a specific user should have the right to create a type within a repository.
void	validateUserForTypeDelete(String userId, String metadataCollectionName, AttributeTypeDef attributeTypeDef)	Tests for whether a specific user should have the right to delete a type within a repository.
void	validateUserForTypeDelete(String userId, String metadataCollectionName, TypeDef typeDef)	Tests for whether a specific user should have the right to delete a type within a repository.
void	validateUserForTypeRead(String userId, String metadataCollectionName, AttributeTypeDef attributeTypeDef)	Tests for whether a specific user should have read access to a specific type within a repository.
void	validateUserForTypeRead(String userId, String metadataCollectionName, TypeDef typeDef)	Tests for whether a specific user should have read access to a specific type within a repository.
void	validateUserForTypeReIdentify(String userId, String metadataCollectionName, AttributeTypeDef originalAttributeTypeDef, String newTypeDefGUID, String newTypeDefName)	Tests for whether a specific user should have the right to change the identifiers for a type within a repository.
void	validateUserForTypeReIdentify(String userId, String metadataCollectionName, TypeDef originalTypeDef, String newTypeDefGUID, String newTypeDefName)	Tests for whether a specific user should have the right to change the identifiers for a type within a repository.
void	validateUserForTypeUpdate(String userId, String metadataCollectionName, TypeDef typeDef, TypeDefPatch patch)	Tests for whether a specific user should have the right to update a typeDef within a repository.
List<String>	verifyAssetZones(List<String> defaultZones, List<String> supportedZones, List<String> publishZones, Asset originalAsset, Asset updatedAsset)	Determine the appropriate setting for the asset zones depending on the content of the asset and the settings of both default zones and supported zones.

Methods inherited from class org.odpi.openmetadata.metadatasecurity.connectors.OpenMetadataServerSecurityConnector

disconnect, getAssetGUID, getConnectionQualifiedName, getConnectorComponentDescription, getInstanceGUID, logConnectorDisconnecting, logConnectorStarting, printZoneList, setAuditLog, setLocalServerUserId, setServerName, start, throwIncompleteAsset, throwMissingGlossary, throwUnauthorizedAssetAccess, throwUnauthorizedAssetChange, throwUnauthorizedAssetCreate, throwUnauthorizedAssetFeedback, throwUnauthorizedConnectionAccess, throwUnauthorizedGlossaryAccess, throwUnauthorizedInstanceAccess, throwUnauthorizedInstanceChange, throwUnauthorizedInstanceCreate, throwUnauthorizedServerAccess, throwUnauthorizedServiceAccess, throwUnauthorizedTypeAccess, throwUnauthorizedTypeChange, throwUnauthorizedZoneChange

Methods inherited from class org.odpi.openmetadata.frameworks.connectors.ConnectorBase

combineConfigurationProperties, disconnectConnectors, equals, getArrayConfigurationProperty, getAssetTypeName, getBooleanConfigurationProperty, getConnectedAssetProperties, getConnection, getConnectorInstanceId, getDateConfigurationProperty, getIntConfigurationProperty, getLongConfigurationProperty, getNetworkAddresses, getStringConfigurationProperty, getSuppliedPlaceholderProperties, hashCode, initialize, initializeConnectedAssetProperties, initializeEmbeddedConnectors, initializeSecretsStoreConnector, isActive, logExceptionRecord, logRecord, logRecord, throwMissingConfigurationProperty, throwMissingResource, throwNoAsset, throwWrongTypeOfAsset, throwWrongTypeOfResource, throwWrongTypeOfRootSchema, toString

Methods inherited from class org.odpi.openmetadata.frameworks.connectors.Connector

clearStatisticProperty, clearStatisticTimestamp, getConnectorStatistics, getStatisticCounter, getStatisticProperty, getStatisticTimestamp, incrementStatisticCounter, initializeStatisticCounter, setStatisticProperty, setStatisticTimestamp

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Details

CocoPharmaServerSecurityConnector

public CocoPharmaServerSecurityConnector()

Constructor sets up the security groups

Method Details

validateUserForServer

public void validateUserForServer(String userId)
                           throws UserNotAuthorizedException

Check that the calling user is authorized to issue a (any) request to the OMAG Server Platform.

Specified by:

validateUserForServer in interface OpenMetadataServerSecurity

Overrides:

validateUserForServer in class OpenMetadataServerSecurityConnector

Parameters:

userId - calling user

Throws:

UserNotAuthorizedException - the user is not authorized to access this function

validateUserAsServerAdmin

public void validateUserAsServerAdmin(String userId)
                               throws UserNotAuthorizedException

Check that the calling user is authorized to update the configuration for a server.

Specified by:

validateUserAsServerAdmin in interface OpenMetadataServerSecurity

Overrides:

validateUserAsServerAdmin in class OpenMetadataServerSecurityConnector

Parameters:

userId - calling user

Throws:

UserNotAuthorizedException - the user is not authorized to change configuration

validateUserAsServerOperator

public void validateUserAsServerOperator(String userId)
                                  throws UserNotAuthorizedException

Check that the calling user is authorized to issue operator requests to the OMAG Server.

Specified by:

validateUserAsServerOperator in interface OpenMetadataServerSecurity

Overrides:

validateUserAsServerOperator in class OpenMetadataServerSecurityConnector

Parameters:

userId - calling user

Throws:

UserNotAuthorizedException - the user is not authorized to issue operator commands to this server

validateUserAsServerInvestigator

public void validateUserAsServerInvestigator(String userId)
                                      throws UserNotAuthorizedException

Check that the calling user is authorized to issue operator requests to the OMAG Server.

Specified by:

validateUserAsServerInvestigator in interface OpenMetadataServerSecurity

Overrides:

validateUserAsServerInvestigator in class OpenMetadataServerSecurityConnector

Parameters:

userId - calling user

Throws:

UserNotAuthorizedException - the user is not authorized to issue diagnostic commands to this server

validateUserForService

public void validateUserForService(String userId,
 String serviceName)
                            throws UserNotAuthorizedException

Check that the calling user is authorized to issue this request.

Specified by:

validateUserForService in interface OpenMetadataServiceSecurity

Overrides:

validateUserForService in class OpenMetadataServerSecurityConnector

Parameters:

userId - calling user

serviceName - name of called service

Throws:

UserNotAuthorizedException - the user is not authorized to access this service

validateUserForServiceOperation

public void validateUserForServiceOperation(String userId,
 String serviceName,
 String serviceOperationName)
                                     throws UserNotAuthorizedException

Check that the calling user is authorized to issue this specific request.

Specified by:

validateUserForServiceOperation in interface OpenMetadataServiceSecurity

Overrides:

validateUserForServiceOperation in class OpenMetadataServerSecurityConnector

Parameters:

userId - calling user

serviceName - name of called service

serviceOperationName - name of called operation

Throws:

UserNotAuthorizedException - the user is not authorized to access this service

validateUserForConnection

public void validateUserForConnection(String userId,
 Connection connection)
                               throws UserNotAuthorizedException

Tests for whether a specific user should have access to a connection.

Specified by:

validateUserForConnection in interface OpenMetadataConnectionSecurity

Overrides:

validateUserForConnection in class OpenMetadataServerSecurityConnector

Parameters:

userId - identifier of user

connection - connection object

Throws:

UserNotAuthorizedException - the user is not authorized to access this service

validateUserForAssetConnectionList

public Connection validateUserForAssetConnectionList(String userId,
 Asset asset,
 List<Connection> connections)
                                              throws UserNotAuthorizedException

Select a connection from the list of connections attached to an asset. Some connections change the userId to provide a higher level of access that a specific user account. These connections are processed first so that the user gets the most secure connection to use if they are allowed. In Coco Pharmaceuticals, these types of connections are only available to engines working in the data lake.

Specified by:

validateUserForAssetConnectionList in interface OpenMetadataConnectionSecurity

Overrides:

validateUserForAssetConnectionList in class OpenMetadataServerSecurityConnector

Parameters:

userId - calling user

asset - asset requested by caller

connections - list of attached connections

Returns:

selected connection or null (pretend there are no connections attached to the asset) or

Throws:

UserNotAuthorizedException - the user is not authorized to access this service

setSupportedZonesForUser

public List<String> setSupportedZonesForUser(List<String> supportedZones,
 String serviceName,
 String user)
                                      throws InvalidParameterException,
PropertyServerException

Determine the appropriate setting for the supported zones depending on the user and the default supported zones set up for the service. This is called whenever an asset is accessed.

Specified by:

setSupportedZonesForUser in interface OpenMetadataAssetSecurity

Overrides:

setSupportedZonesForUser in class OpenMetadataServerSecurityConnector

Parameters:

supportedZones - default setting of the supported zones for the service

serviceName - name of the called service

user - name of the user

Returns:

list of supported zones for the user

Throws:

InvalidParameterException - one of the parameter values is invalid

PropertyServerException - there is a problem calculating the zones

setAssetZonesToDefault

public List<String> setAssetZonesToDefault(List<String> defaultZones,
 Asset asset)
                                    throws InvalidParameterException,
PropertyServerException

Determine the appropriate setting for the asset zones depending on the content of the asset and the default zones. This is called whenever a new asset is created. The default behavior is to use the default values, unless the zones have been explicitly set up, in which case, they are left unchanged.

Specified by:

setAssetZonesToDefault in interface OpenMetadataAssetSecurity

Overrides:

setAssetZonesToDefault in class OpenMetadataServerSecurityConnector

Parameters:

defaultZones - setting of the default zones for the service

asset - initial values for the asset

Returns:

list of zones to set in the asset

Throws:

InvalidParameterException - one of the asset values is invalid

PropertyServerException - there is a problem calculating the zones

verifyAssetZones

public List<String> verifyAssetZones(List<String> defaultZones,
 List<String> supportedZones,
 List<String> publishZones,
 Asset originalAsset,
 Asset updatedAsset)
                              throws InvalidParameterException,
PropertyServerException

Determine the appropriate setting for the asset zones depending on the content of the asset and the settings of both default zones and supported zones. This method is called whenever an asset's values are changed. The default behavior is to keep the updated zones as they are.

Specified by:

verifyAssetZones in interface OpenMetadataAssetSecurity

Overrides:

verifyAssetZones in class OpenMetadataServerSecurityConnector

Parameters:

defaultZones - setting of the default zones for the service

supportedZones - setting of the supported zones for the service

publishZones - setting of the supported zones for the service

originalAsset - original values for the asset

updatedAsset - updated values for the asset

Returns:

list of zones to set in the asset

Throws:

InvalidParameterException - one of the asset values is invalid

PropertyServerException - there is a problem calculating the zones

validateUserForAssetCreate

public void validateUserForAssetCreate(String userId,
 Asset asset)
                                throws UserNotAuthorizedException

Tests for whether a specific user should have the right to create an asset within a zone.

Specified by:

validateUserForAssetCreate in interface OpenMetadataAssetSecurity

Overrides:

validateUserForAssetCreate in class OpenMetadataServerSecurityConnector

Parameters:

userId - identifier of user

asset - asset details

Throws:

UserNotAuthorizedException - the user is not authorized to access this zone

validateUserForAssetRead

public void validateUserForAssetRead(String userId,
 Asset asset)
                              throws UserNotAuthorizedException

Tests for whether a specific user should have read access to a specific asset within a zone.

Specified by:

validateUserForAssetRead in interface OpenMetadataAssetSecurity

Overrides:

validateUserForAssetRead in class OpenMetadataServerSecurityConnector

Parameters:

userId - identifier of user

asset - asset to test

Throws:

UserNotAuthorizedException - the user is not authorized to access this zone

validateUserForAssetDetailUpdate

public void validateUserForAssetDetailUpdate(String userId,
 Asset originalAsset,
 AssetAuditHeader originalAssetAuditHeader,
 Asset newAsset)
                                      throws UserNotAuthorizedException

Tests for whether a specific user should have the right to update an asset. This is used for a general asset update, which may include changes to the zones and the ownership.

Specified by:

validateUserForAssetDetailUpdate in interface OpenMetadataAssetSecurity

Overrides:

validateUserForAssetDetailUpdate in class OpenMetadataServerSecurityConnector

Parameters:

userId - identifier of user

originalAsset - original asset details

originalAssetAuditHeader - details of the asset's audit header

newAsset - new asset details

Throws:

UserNotAuthorizedException - the user is not authorized to change this asset

validateUserForAssetAttachmentUpdate

public void validateUserForAssetAttachmentUpdate(String userId,
 Asset asset)
                                          throws UserNotAuthorizedException

Tests for whether a specific user should have the right to update elements attached directly to an asset such as glossary terms, schema and connections.

Specified by:

validateUserForAssetAttachmentUpdate in interface OpenMetadataAssetSecurity

Overrides:

validateUserForAssetAttachmentUpdate in class OpenMetadataServerSecurityConnector

Parameters:

userId - identifier of user

asset - original asset details

Throws:

UserNotAuthorizedException - the user is not authorized to change this asset

validateUserForAssetFeedback

public void validateUserForAssetFeedback(String userId,
 Asset asset)
                                  throws UserNotAuthorizedException

Tests for whether a specific user should have the right to attach feedback - such as comments, ratings, tags and likes, to the asset.

Specified by:

validateUserForAssetFeedback in interface OpenMetadataAssetSecurity

Overrides:

validateUserForAssetFeedback in class OpenMetadataServerSecurityConnector

Parameters:

userId - identifier of user

asset - original asset details

Throws:

UserNotAuthorizedException - the user is not authorized to change this asset

validateUserForAssetDelete

public void validateUserForAssetDelete(String userId,
 Asset asset)
                                throws UserNotAuthorizedException

Tests for whether a specific user should have the right to delete an asset within a zone.

Specified by:

validateUserForAssetDelete in interface OpenMetadataAssetSecurity

Overrides:

validateUserForAssetDelete in class OpenMetadataServerSecurityConnector

Parameters:

userId - identifier of user

asset - asset details

Throws:

UserNotAuthorizedException - the user is not authorized to change this asset

validateUserForGlossaryCreate

public void validateUserForGlossaryCreate(String userId,
 Glossary glossary)
                                   throws UserNotAuthorizedException

Tests for whether a specific user should have the right to create a glossary.

Specified by:

validateUserForGlossaryCreate in interface OpenMetadataGlossarySecurity

Parameters:

userId - identifier of user

glossary - new glossary details

Throws:

UserNotAuthorizedException - the user is not authorized to change this glossary

validateUserForGlossaryRead

public void validateUserForGlossaryRead(String userId,
 Glossary glossary)
                                 throws UserNotAuthorizedException

Tests for whether a specific user should have read access to a specific glossary and its contents.

Specified by:

validateUserForGlossaryRead in interface OpenMetadataGlossarySecurity

Parameters:

userId - identifier of user

glossary - glossary details

Throws:

UserNotAuthorizedException - the user is not authorized to access this glossary

validateUserForGlossaryDetailUpdate

public void validateUserForGlossaryDetailUpdate(String userId,
 Glossary originalGlossary,
 Glossary newGlossary)
                                         throws UserNotAuthorizedException

Tests for whether a specific user should have the right to update the properties/classifications of a glossary.

Specified by:

validateUserForGlossaryDetailUpdate in interface OpenMetadataGlossarySecurity

Parameters:

userId - identifier of user

originalGlossary - original glossary details

newGlossary - new glossary details

Throws:

UserNotAuthorizedException - the user is not authorized to change this glossary

validateUserForGlossaryMemberUpdate

public void validateUserForGlossaryMemberUpdate(String userId,
 Glossary glossary)
                                         throws UserNotAuthorizedException

Tests for whether a specific user should have the right to update elements attached directly to a glossary such as glossary terms and categories. These updates could be to their properties, classifications and relationships. It also includes attaching valid values but not semantic assignments since they are considered updates to the associated asset.

Specified by:

validateUserForGlossaryMemberUpdate in interface OpenMetadataGlossarySecurity

Parameters:

userId - identifier of user

glossary - glossary details

Throws:

UserNotAuthorizedException - the user is not authorized to change this glossary

validateUserForGlossaryMemberStatusUpdate

public void validateUserForGlossaryMemberStatusUpdate(String userId,
 Glossary glossary)
                                               throws UserNotAuthorizedException

Tests for whether a specific user should have the right to update the instance status of a term anchored in a glossary.

Specified by:

validateUserForGlossaryMemberStatusUpdate in interface OpenMetadataGlossarySecurity

Parameters:

userId - identifier of user

glossary - glossary details

Throws:

UserNotAuthorizedException - the user is not authorized to change this glossary

validateUserForGlossaryFeedback

public void validateUserForGlossaryFeedback(String userId,
 Glossary glossary)
                                     throws UserNotAuthorizedException

Tests for whether a specific user should have the right to attach feedback - such as comments, ratings, tags and likes, to the glossary.

Specified by:

validateUserForGlossaryFeedback in interface OpenMetadataGlossarySecurity

Parameters:

userId - identifier of user

glossary - original glossary details

Throws:

UserNotAuthorizedException - the user is not authorized to change this glossary

validateUserForGlossaryDelete

public void validateUserForGlossaryDelete(String userId,
 Glossary glossary)
                                   throws UserNotAuthorizedException

Tests for whether a specific user should have the right to delete a glossary and all of its contents.

Specified by:

validateUserForGlossaryDelete in interface OpenMetadataGlossarySecurity

Parameters:

userId - identifier of user

glossary - original glossary details

Throws:

UserNotAuthorizedException - the user is not authorized to change this glossary

validateUserForTypeCreate

public void validateUserForTypeCreate(String userId,
 String metadataCollectionName,
 TypeDef typeDef)
                               throws UserNotAuthorizedException

Tests for whether a specific user should have the right to create a type within a repository.

Specified by:

validateUserForTypeCreate in interface OpenMetadataRepositorySecurity

Overrides:

validateUserForTypeCreate in class OpenMetadataServerSecurityConnector

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

typeDef - type details

Throws:

UserNotAuthorizedException - the user is not authorized to maintain types

validateUserForTypeCreate

public void validateUserForTypeCreate(String userId,
 String metadataCollectionName,
 AttributeTypeDef attributeTypeDef)
                               throws UserNotAuthorizedException

Tests for whether a specific user should have the right to create a type within a repository.

Specified by:

validateUserForTypeCreate in interface OpenMetadataRepositorySecurity

Overrides:

validateUserForTypeCreate in class OpenMetadataServerSecurityConnector

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

attributeTypeDef - type details

Throws:

UserNotAuthorizedException - the user is not authorized to maintain types

validateUserForTypeRead

public void validateUserForTypeRead(String userId,
 String metadataCollectionName,
 TypeDef typeDef)
                             throws UserNotAuthorizedException

Tests for whether a specific user should have read access to a specific type within a repository.

Specified by:

validateUserForTypeRead in interface OpenMetadataRepositorySecurity

Overrides:

validateUserForTypeRead in class OpenMetadataServerSecurityConnector

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

typeDef - type details

Throws:

UserNotAuthorizedException - the user is not authorized to retrieve types

validateUserForTypeRead

public void validateUserForTypeRead(String userId,
 String metadataCollectionName,
 AttributeTypeDef attributeTypeDef)
                             throws UserNotAuthorizedException

Tests for whether a specific user should have read access to a specific type within a repository.

Specified by:

validateUserForTypeRead in interface OpenMetadataRepositorySecurity

Overrides:

validateUserForTypeRead in class OpenMetadataServerSecurityConnector

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

attributeTypeDef - type details

Throws:

UserNotAuthorizedException - the user is not authorized to retrieve types

validateUserForTypeUpdate

public void validateUserForTypeUpdate(String userId,
 String metadataCollectionName,
 TypeDef typeDef,
 TypeDefPatch patch)
                               throws UserNotAuthorizedException

Tests for whether a specific user should have the right to update a typeDef within a repository.

Specified by:

validateUserForTypeUpdate in interface OpenMetadataRepositorySecurity

Overrides:

validateUserForTypeUpdate in class OpenMetadataServerSecurityConnector

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

typeDef - current typeDef details

patch - proposed changes to type

Throws:

UserNotAuthorizedException - the user is not authorized to maintain types

validateUserForTypeDelete

public void validateUserForTypeDelete(String userId,
 String metadataCollectionName,
 TypeDef typeDef)
                               throws UserNotAuthorizedException

Tests for whether a specific user should have the right to delete a type within a repository.

Specified by:

validateUserForTypeDelete in interface OpenMetadataRepositorySecurity

Overrides:

validateUserForTypeDelete in class OpenMetadataServerSecurityConnector

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

typeDef - type details

Throws:

UserNotAuthorizedException - the user is not authorized to maintain types

validateUserForTypeDelete

public void validateUserForTypeDelete(String userId,
 String metadataCollectionName,
 AttributeTypeDef attributeTypeDef)
                               throws UserNotAuthorizedException

Tests for whether a specific user should have the right to delete a type within a repository.

Specified by:

validateUserForTypeDelete in interface OpenMetadataRepositorySecurity

Overrides:

validateUserForTypeDelete in class OpenMetadataServerSecurityConnector

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

attributeTypeDef - type details

Throws:

UserNotAuthorizedException - the user is not authorized to maintain types

validateUserForTypeReIdentify

public void validateUserForTypeReIdentify(String userId,
 String metadataCollectionName,
 TypeDef originalTypeDef,
 String newTypeDefGUID,
 String newTypeDefName)
                                   throws UserNotAuthorizedException

Tests for whether a specific user should have the right to change the identifiers for a type within a repository.

Specified by:

validateUserForTypeReIdentify in interface OpenMetadataRepositorySecurity

Overrides:

validateUserForTypeReIdentify in class OpenMetadataServerSecurityConnector

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

originalTypeDef - type details

newTypeDefGUID - the new identifier for the type.

newTypeDefName - new name for this type.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain types

validateUserForTypeReIdentify

public void validateUserForTypeReIdentify(String userId,
 String metadataCollectionName,
 AttributeTypeDef originalAttributeTypeDef,
 String newTypeDefGUID,
 String newTypeDefName)
                                   throws UserNotAuthorizedException

Tests for whether a specific user should have the right to change the identifiers for a type within a repository.

Specified by:

validateUserForTypeReIdentify in interface OpenMetadataRepositorySecurity

Overrides:

validateUserForTypeReIdentify in class OpenMetadataServerSecurityConnector

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

originalAttributeTypeDef - type details

newTypeDefGUID - the new identifier for the type.

newTypeDefName - new name for this type.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain types

validateUserForEntityCreate

public void validateUserForEntityCreate(String userId,
 String metadataCollectionName,
 String entityTypeGUID,
 InstanceProperties initialProperties,
 List<Classification> initialClassifications,
 InstanceStatus initialStatus)
                                 throws UserNotAuthorizedException

Tests for whether a specific user should have the right to create an instance within a repository.

Specified by:

validateUserForEntityCreate in interface OpenMetadataRepositorySecurity

Overrides:

validateUserForEntityCreate in class OpenMetadataServerSecurityConnector

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

entityTypeGUID - unique identifier (guid) for the new entity's type.

initialProperties - initial list of properties for the new entity null means no properties.

initialClassifications - initial list of classifications for the new entity null means no classifications.

initialStatus - initial status typically DRAFT, PREPARED or ACTIVE.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForEntityRead

public EntityDetail validateUserForEntityRead(String userId,
 String metadataCollectionName,
 EntityDetail instance)
                                       throws UserNotAuthorizedException

Tests for whether a specific user should have read access to a specific instance within a repository.

Specified by:

validateUserForEntityRead in interface OpenMetadataRepositorySecurity

Overrides:

validateUserForEntityRead in class OpenMetadataServerSecurityConnector

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

Returns:

entity to return (maybe altered by the connector)

Throws:

UserNotAuthorizedException - the user is not authorized to retrieve instances

validateUserForEntitySummaryRead

public void validateUserForEntitySummaryRead(String userId,
 String metadataCollectionName,
 EntitySummary instance)
                                      throws UserNotAuthorizedException

Tests for whether a specific user should have read access to a specific instance within a repository.

Specified by:

validateUserForEntitySummaryRead in interface OpenMetadataRepositorySecurity

Overrides:

validateUserForEntitySummaryRead in class OpenMetadataServerSecurityConnector

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

Throws:

UserNotAuthorizedException - the user is not authorized to retrieve instances

validateUserForEntityProxyRead

public void validateUserForEntityProxyRead(String userId,
 String metadataCollectionName,
 EntityProxy instance)
                                    throws UserNotAuthorizedException

Tests for whether a specific user should have read access to a specific instance within a repository.

Specified by:

validateUserForEntityProxyRead in interface OpenMetadataRepositorySecurity

Overrides:

validateUserForEntityProxyRead in class OpenMetadataServerSecurityConnector

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

Throws:

UserNotAuthorizedException - the user is not authorized to retrieve instances

validateUserForEntityUpdate

public void validateUserForEntityUpdate(String userId,
 String metadataCollectionName,
 EntityDetail instance)
                                 throws UserNotAuthorizedException

Tests for whether a specific user should have the right to update an instance within a repository.

Specified by:

validateUserForEntityUpdate in interface OpenMetadataRepositorySecurity

Overrides:

validateUserForEntityUpdate in class OpenMetadataServerSecurityConnector

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForEntityClassificationAdd

public void validateUserForEntityClassificationAdd(String userId,
 String metadataCollectionName,
 EntitySummary instance,
 String classificationName,
 InstanceProperties properties)
                                            throws UserNotAuthorizedException

Tests for whether a specific user should have the right to add a classification to an entity instance within a repository.

Specified by:

validateUserForEntityClassificationAdd in interface OpenMetadataRepositorySecurity

Overrides:

validateUserForEntityClassificationAdd in class OpenMetadataServerSecurityConnector

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

classificationName - String name for the classification.

properties - list of properties for the classification.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForEntityClassificationUpdate

public void validateUserForEntityClassificationUpdate(String userId,
 String metadataCollectionName,
 EntitySummary instance,
 String classificationName,
 InstanceProperties properties)
                                               throws UserNotAuthorizedException

Tests for whether a specific user should have the right to update the classification for an entity instance within a repository.

Specified by:

validateUserForEntityClassificationUpdate in interface OpenMetadataRepositorySecurity

Overrides:

validateUserForEntityClassificationUpdate in class OpenMetadataServerSecurityConnector

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

classificationName - String name for the classification.

properties - list of properties for the classification.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForEntityClassificationDelete

public void validateUserForEntityClassificationDelete(String userId,
 String metadataCollectionName,
 EntitySummary instance,
 String classificationName)
                                               throws UserNotAuthorizedException

Tests for whether a specific user should have the right to delete a classification from an entity instance within a repository.

Specified by:

validateUserForEntityClassificationDelete in interface OpenMetadataRepositorySecurity

Overrides:

validateUserForEntityClassificationDelete in class OpenMetadataServerSecurityConnector

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

classificationName - String name for the classification.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForEntityDelete

public void validateUserForEntityDelete(String userId,
 String metadataCollectionName,
 EntityDetail instance)
                                 throws UserNotAuthorizedException

Tests for whether a specific user should have the right to delete an instance within a repository.

Specified by:

validateUserForEntityDelete in interface OpenMetadataRepositorySecurity

Overrides:

validateUserForEntityDelete in class OpenMetadataServerSecurityConnector

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForEntityRestore

public void validateUserForEntityRestore(String userId,
 String metadataCollectionName,
 String deletedEntityGUID)
                                  throws UserNotAuthorizedException

Tests for whether a specific user should have the right to restore an instance within a repository.

Specified by:

validateUserForEntityRestore in interface OpenMetadataRepositorySecurity

Overrides:

validateUserForEntityRestore in class OpenMetadataServerSecurityConnector

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

deletedEntityGUID - String unique identifier (guid) for the entity.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForEntityReIdentification

public void validateUserForEntityReIdentification(String userId,
 String metadataCollectionName,
 EntityDetail instance,
 String newGUID)
                                           throws UserNotAuthorizedException

Tests for whether a specific user should have the right to change the guid on an instance within a repository.

Specified by:

validateUserForEntityReIdentification in interface OpenMetadataRepositorySecurity

Overrides:

validateUserForEntityReIdentification in class OpenMetadataServerSecurityConnector

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

newGUID - the new guid for the instance.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForEntityReTyping

public void validateUserForEntityReTyping(String userId,
 String metadataCollectionName,
 EntityDetail instance,
 TypeDefSummary newTypeDefSummary)
                                   throws UserNotAuthorizedException

Tests for whether a specific user should have the right to change the type name of an instance within a repository.

Specified by:

validateUserForEntityReTyping in interface OpenMetadataRepositorySecurity

Overrides:

validateUserForEntityReTyping in class OpenMetadataServerSecurityConnector

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

newTypeDefSummary - details of this instance's new TypeDef.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForEntityReHoming

public void validateUserForEntityReHoming(String userId,
 String metadataCollectionName,
 EntityDetail instance,
 String newHomeMetadataCollectionId,
 String newHomeMetadataCollectionName)
                                   throws UserNotAuthorizedException

Tests for whether a specific user should have the right to change the home of an instance within a repository.

Specified by:

validateUserForEntityReHoming in interface OpenMetadataRepositorySecurity

Overrides:

validateUserForEntityReHoming in class OpenMetadataServerSecurityConnector

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

newHomeMetadataCollectionId - unique identifier for the new home metadata collection/repository.

newHomeMetadataCollectionName - display name for the new home metadata collection/repository.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForRelationshipCreate

public void validateUserForRelationshipCreate(String userId,
 String metadataCollectionName,
 String relationshipTypeGUID,
 InstanceProperties initialProperties,
 EntitySummary entityOneSummary,
 EntitySummary entityTwoSummary,
 InstanceStatus initialStatus)
                                       throws UserNotAuthorizedException

Tests for whether a specific user should have the right to create an instance within a repository.

Specified by:

validateUserForRelationshipCreate in interface OpenMetadataRepositorySecurity

Overrides:

validateUserForRelationshipCreate in class OpenMetadataServerSecurityConnector

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

relationshipTypeGUID - unique identifier (guid) for the new relationship's type.

initialProperties - initial list of properties for the new entity null means no properties.

entityOneSummary - the unique identifier of one of the entities that the relationship is connecting together.

entityTwoSummary - the unique identifier of the other entity that the relationship is connecting together.

initialStatus - initial status typically DRAFT, PREPARED or ACTIVE.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForRelationshipRead

public Relationship validateUserForRelationshipRead(String userId,
 String metadataCollectionName,
 Relationship instance)
                                             throws UserNotAuthorizedException

Tests for whether a specific user should have read access to a specific instance within a repository.

Specified by:

validateUserForRelationshipRead in interface OpenMetadataRepositorySecurity

Overrides:

validateUserForRelationshipRead in class OpenMetadataServerSecurityConnector

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

Returns:

relationship to return (maybe altered by the connector)

Throws:

UserNotAuthorizedException - the user is not authorized to retrieve instances

validateUserForRelationshipUpdate

public void validateUserForRelationshipUpdate(String userId,
 String metadataCollectionName,
 Relationship instance)
                                       throws UserNotAuthorizedException

Tests for whether a specific user should have the right to update an instance within a repository.

Specified by:

validateUserForRelationshipUpdate in interface OpenMetadataRepositorySecurity

Overrides:

validateUserForRelationshipUpdate in class OpenMetadataServerSecurityConnector

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForRelationshipDelete

public void validateUserForRelationshipDelete(String userId,
 String metadataCollectionName,
 Relationship instance)
                                       throws UserNotAuthorizedException

Tests for whether a specific user should have the right to delete an instance within a repository.

Specified by:

validateUserForRelationshipDelete in interface OpenMetadataRepositorySecurity

Overrides:

validateUserForRelationshipDelete in class OpenMetadataServerSecurityConnector

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForRelationshipRestore

public void validateUserForRelationshipRestore(String userId,
 String metadataCollectionName,
 String deletedRelationshipGUID)
                                        throws UserNotAuthorizedException

Tests for whether a specific user should have the right to restore an instance within a repository.

Specified by:

validateUserForRelationshipRestore in interface OpenMetadataRepositorySecurity

Overrides:

validateUserForRelationshipRestore in class OpenMetadataServerSecurityConnector

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

deletedRelationshipGUID - String unique identifier (guid) for the relationship.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForRelationshipReIdentification

public void validateUserForRelationshipReIdentification(String userId,
 String metadataCollectionName,
 Relationship instance,
 String newGUID)
                                                 throws UserNotAuthorizedException

Tests for whether a specific user should have the right to change the guid on an instance within a repository.

Specified by:

validateUserForRelationshipReIdentification in interface OpenMetadataRepositorySecurity

Overrides:

validateUserForRelationshipReIdentification in class OpenMetadataServerSecurityConnector

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

newGUID - the new guid for the instance.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForRelationshipReTyping

public void validateUserForRelationshipReTyping(String userId,
 String metadataCollectionName,
 Relationship instance,
 TypeDefSummary newTypeDefSummary)
                                         throws UserNotAuthorizedException

Tests for whether a specific user should have the right to change the type name of an instance within a repository.

Specified by:

validateUserForRelationshipReTyping in interface OpenMetadataRepositorySecurity

Overrides:

validateUserForRelationshipReTyping in class OpenMetadataServerSecurityConnector

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

newTypeDefSummary - details of this instance's new TypeDef.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForRelationshipReHoming

public void validateUserForRelationshipReHoming(String userId,
 String metadataCollectionName,
 Relationship instance,
 String newHomeMetadataCollectionId,
 String newHomeMetadataCollectionName)
                                         throws UserNotAuthorizedException

Tests for whether a specific user should have the right to change the home of a instance within a repository.

Specified by:

validateUserForRelationshipReHoming in interface OpenMetadataRepositorySecurity

Overrides:

validateUserForRelationshipReHoming in class OpenMetadataServerSecurityConnector

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

newHomeMetadataCollectionId - unique identifier for the new home metadata collection/repository.

newHomeMetadataCollectionName - display name for the new home metadata collection/repository.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateEntityReferenceCopySave

public boolean validateEntityReferenceCopySave(EntityDetail instance)

Tests for whether a reference copy should be saved to the repository.

Specified by:

validateEntityReferenceCopySave in interface OpenMetadataRepositorySecurity

Parameters:

instance - instance details

Returns:

flag indicating whether the reference copy should be saved

validateRelationshipReferenceCopySave

public boolean validateRelationshipReferenceCopySave(Relationship instance)

Tests for whether a reference copy should be saved to the repository.

Specified by:

validateRelationshipReferenceCopySave in interface OpenMetadataRepositorySecurity

Parameters:

instance - instance details

Returns:

flag indicating whether the reference copy should be saved