Class CocoPharmaServerSecurityConnector
java.lang.Object
org.odpi.openmetadata.frameworks.connectors.Connector
org.odpi.openmetadata.frameworks.connectors.ConnectorBase
org.odpi.openmetadata.metadatasecurity.connectors.OpenMetadataServerSecurityConnector
org.odpi.openmetadata.metadatasecurity.samples.CocoPharmaServerSecurityConnector
- All Implemented Interfaces:
AuditLoggingComponent
,SecureConnectorExtension
,VirtualConnectorExtension
,OpenMetadataAssetSecurity
,OpenMetadataConnectionSecurity
,OpenMetadataGlossarySecurity
,OpenMetadataServerSecurity
,OpenMetadataServiceSecurity
,OpenMetadataRepositorySecurity
public class CocoPharmaServerSecurityConnector
extends OpenMetadataServerSecurityConnector
implements OpenMetadataRepositorySecurity, OpenMetadataServerSecurity, OpenMetadataServiceSecurity, OpenMetadataConnectionSecurity, OpenMetadataAssetSecurity, OpenMetadataGlossarySecurity
CocoPharmaServerSecurityConnector provides a specific security connector for Coco Pharmaceuticals
users that overrides the default behavior of that open metadata security connector that does
not allow any access to anything.
-
Nested Class Summary
Nested classes/interfaces inherited from class org.odpi.openmetadata.frameworks.connectors.ConnectorBase
ConnectorBase.ProtectedConnection
-
Field Summary
Fields inherited from class org.odpi.openmetadata.metadatasecurity.connectors.OpenMetadataServerSecurityConnector
auditLog, connectorName, localServerUserId, serverName, unknownTypeName
Fields inherited from class org.odpi.openmetadata.frameworks.connectors.ConnectorBase
connectedAssetProperties, connectionBean, connectionProperties, connectorInstanceId, embeddedConnectors, messageFormatter, secretsStoreConnectorMap
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionsetAssetZonesToDefault
(List<String> defaultZones, Asset asset) Determine the appropriate setting for the asset zones depending on the content of the asset and the default zones.setSupportedZonesForUser
(List<String> supportedZones, String serviceName, String user) Determine the appropriate setting for the supported zones depending on the user and the default supported zones set up for the service.boolean
validateEntityReferenceCopySave
(EntityDetail instance) Tests for whether a reference copy should be saved to the repository.boolean
Tests for whether a reference copy should be saved to the repository.void
validateUserAsServerAdmin
(String userId) Check that the calling user is authorized to update the configuration for a server.void
Check that the calling user is authorized to issue operator requests to the OMAG Server.void
validateUserAsServerOperator
(String userId) Check that the calling user is authorized to issue operator requests to the OMAG Server.void
validateUserForAssetAttachmentUpdate
(String userId, Asset asset) Tests for whether a specific user should have the right to update elements attached directly to an asset such as glossary terms, schema and connections.validateUserForAssetConnectionList
(String userId, Asset asset, List<Connection> connections) Select a connection from the list of connections attached to an asset.void
validateUserForAssetCreate
(String userId, Asset asset) Tests for whether a specific user should have the right to create an asset within a zone.void
validateUserForAssetDelete
(String userId, Asset asset) Tests for whether a specific user should have the right to delete an asset within a zone.void
validateUserForAssetDetailUpdate
(String userId, Asset originalAsset, AssetAuditHeader originalAssetAuditHeader, Asset newAsset) Tests for whether a specific user should have the right to update an asset.void
validateUserForAssetFeedback
(String userId, Asset asset) Tests for whether a specific user should have the right to attach feedback - such as comments, ratings, tags and likes, to the asset.void
validateUserForAssetRead
(String userId, Asset asset) Tests for whether a specific user should have read access to a specific asset within a zone.void
validateUserForConnection
(String userId, Connection connection) Tests for whether a specific user should have access to a connection.void
validateUserForEntityClassificationAdd
(String userId, String metadataCollectionName, EntitySummary instance, String classificationName, InstanceProperties properties) Tests for whether a specific user should have the right to add a classification to an entity instance within a repository.void
validateUserForEntityClassificationDelete
(String userId, String metadataCollectionName, EntitySummary instance, String classificationName) Tests for whether a specific user should have the right to delete a classification from an entity instance within a repository.void
validateUserForEntityClassificationUpdate
(String userId, String metadataCollectionName, EntitySummary instance, String classificationName, InstanceProperties properties) Tests for whether a specific user should have the right to update the classification for an entity instance within a repository.void
validateUserForEntityCreate
(String userId, String metadataCollectionName, String entityTypeGUID, InstanceProperties initialProperties, List<Classification> initialClassifications, InstanceStatus initialStatus) Tests for whether a specific user should have the right to create an instance within a repository.void
validateUserForEntityDelete
(String userId, String metadataCollectionName, EntityDetail instance) Tests for whether a specific user should have the right to delete an instance within a repository.void
validateUserForEntityProxyRead
(String userId, String metadataCollectionName, EntityProxy instance) Tests for whether a specific user should have read access to a specific instance within a repository.validateUserForEntityRead
(String userId, String metadataCollectionName, EntityDetail instance) Tests for whether a specific user should have read access to a specific instance within a repository.void
validateUserForEntityReHoming
(String userId, String metadataCollectionName, EntityDetail instance, String newHomeMetadataCollectionId, String newHomeMetadataCollectionName) Tests for whether a specific user should have the right to change the home of an instance within a repository.void
validateUserForEntityReIdentification
(String userId, String metadataCollectionName, EntityDetail instance, String newGUID) Tests for whether a specific user should have the right to change the guid on an instance within a repository.void
validateUserForEntityRestore
(String userId, String metadataCollectionName, String deletedEntityGUID) Tests for whether a specific user should have the right to restore an instance within a repository.void
validateUserForEntityReTyping
(String userId, String metadataCollectionName, EntityDetail instance, TypeDefSummary newTypeDefSummary) Tests for whether a specific user should have the right to change the type name of an instance within a repository.void
validateUserForEntitySummaryRead
(String userId, String metadataCollectionName, EntitySummary instance) Tests for whether a specific user should have read access to a specific instance within a repository.void
validateUserForEntityUpdate
(String userId, String metadataCollectionName, EntityDetail instance) Tests for whether a specific user should have the right to update an instance within a repository.void
validateUserForGlossaryCreate
(String userId, Glossary glossary) Tests for whether a specific user should have the right to create a glossary.void
validateUserForGlossaryDelete
(String userId, Glossary glossary) Tests for whether a specific user should have the right to delete a glossary and all of its contents.void
validateUserForGlossaryDetailUpdate
(String userId, Glossary originalGlossary, Glossary newGlossary) Tests for whether a specific user should have the right to update the properties/classifications of a glossary.void
validateUserForGlossaryFeedback
(String userId, Glossary glossary) Tests for whether a specific user should have the right to attach feedback - such as comments, ratings, tags and likes, to the glossary.void
validateUserForGlossaryMemberStatusUpdate
(String userId, Glossary glossary) Tests for whether a specific user should have the right to update the instance status of a term anchored in a glossary.void
validateUserForGlossaryMemberUpdate
(String userId, Glossary glossary) Tests for whether a specific user should have the right to update elements attached directly to a glossary such as glossary terms and categories.void
validateUserForGlossaryRead
(String userId, Glossary glossary) Tests for whether a specific user should have read access to a specific glossary and its contents.void
validateUserForRelationshipCreate
(String userId, String metadataCollectionName, String relationshipTypeGUID, InstanceProperties initialProperties, EntitySummary entityOneSummary, EntitySummary entityTwoSummary, InstanceStatus initialStatus) Tests for whether a specific user should have the right to create an instance within a repository.void
validateUserForRelationshipDelete
(String userId, String metadataCollectionName, Relationship instance) Tests for whether a specific user should have the right to delete an instance within a repository.validateUserForRelationshipRead
(String userId, String metadataCollectionName, Relationship instance) Tests for whether a specific user should have read access to a specific instance within a repository.void
validateUserForRelationshipReHoming
(String userId, String metadataCollectionName, Relationship instance, String newHomeMetadataCollectionId, String newHomeMetadataCollectionName) Tests for whether a specific user should have the right to change the home of a instance within a repository.void
validateUserForRelationshipReIdentification
(String userId, String metadataCollectionName, Relationship instance, String newGUID) Tests for whether a specific user should have the right to change the guid on an instance within a repository.void
validateUserForRelationshipRestore
(String userId, String metadataCollectionName, String deletedRelationshipGUID) Tests for whether a specific user should have the right to restore an instance within a repository.void
validateUserForRelationshipReTyping
(String userId, String metadataCollectionName, Relationship instance, TypeDefSummary newTypeDefSummary) Tests for whether a specific user should have the right to change the type name of an instance within a repository.void
validateUserForRelationshipUpdate
(String userId, String metadataCollectionName, Relationship instance) Tests for whether a specific user should have the right to update an instance within a repository.void
validateUserForServer
(String userId) Check that the calling user is authorized to issue a (any) request to the OMAG Server Platform.void
validateUserForService
(String userId, String serviceName) Check that the calling user is authorized to issue this request.void
validateUserForServiceOperation
(String userId, String serviceName, String serviceOperationName) Check that the calling user is authorized to issue this specific request.void
validateUserForTypeCreate
(String userId, String metadataCollectionName, AttributeTypeDef attributeTypeDef) Tests for whether a specific user should have the right to create a type within a repository.void
validateUserForTypeCreate
(String userId, String metadataCollectionName, TypeDef typeDef) Tests for whether a specific user should have the right to create a type within a repository.void
validateUserForTypeDelete
(String userId, String metadataCollectionName, AttributeTypeDef attributeTypeDef) Tests for whether a specific user should have the right to delete a type within a repository.void
validateUserForTypeDelete
(String userId, String metadataCollectionName, TypeDef typeDef) Tests for whether a specific user should have the right to delete a type within a repository.void
validateUserForTypeRead
(String userId, String metadataCollectionName, AttributeTypeDef attributeTypeDef) Tests for whether a specific user should have read access to a specific type within a repository.void
validateUserForTypeRead
(String userId, String metadataCollectionName, TypeDef typeDef) Tests for whether a specific user should have read access to a specific type within a repository.void
validateUserForTypeReIdentify
(String userId, String metadataCollectionName, AttributeTypeDef originalAttributeTypeDef, String newTypeDefGUID, String newTypeDefName) Tests for whether a specific user should have the right to change the identifiers for a type within a repository.void
validateUserForTypeReIdentify
(String userId, String metadataCollectionName, TypeDef originalTypeDef, String newTypeDefGUID, String newTypeDefName) Tests for whether a specific user should have the right to change the identifiers for a type within a repository.void
validateUserForTypeUpdate
(String userId, String metadataCollectionName, TypeDef typeDef, TypeDefPatch patch) Tests for whether a specific user should have the right to update a typeDef within a repository.verifyAssetZones
(List<String> defaultZones, List<String> supportedZones, List<String> publishZones, Asset originalAsset, Asset updatedAsset) Determine the appropriate setting for the asset zones depending on the content of the asset and the settings of both default zones and supported zones.Methods inherited from class org.odpi.openmetadata.metadatasecurity.connectors.OpenMetadataServerSecurityConnector
disconnect, getAssetGUID, getConnectionQualifiedName, getConnectorComponentDescription, getInstanceGUID, logConnectorDisconnecting, logConnectorStarting, printZoneList, setAuditLog, setLocalServerUserId, setServerName, start, throwIncompleteAsset, throwMissingGlossary, throwUnauthorizedAssetAccess, throwUnauthorizedAssetChange, throwUnauthorizedAssetCreate, throwUnauthorizedAssetFeedback, throwUnauthorizedConnectionAccess, throwUnauthorizedGlossaryAccess, throwUnauthorizedInstanceAccess, throwUnauthorizedInstanceChange, throwUnauthorizedInstanceCreate, throwUnauthorizedServerAccess, throwUnauthorizedServiceAccess, throwUnauthorizedTypeAccess, throwUnauthorizedTypeChange, throwUnauthorizedZoneChange
Methods inherited from class org.odpi.openmetadata.frameworks.connectors.ConnectorBase
disconnectConnectors, equals, getArrayConfigurationProperty, getAssetTypeName, getBooleanConfigurationProperty, getConnectedAssetProperties, getConnection, getConnectorInstanceId, getIntConfigurationProperty, getLongConfigurationProperty, getNetworkAddresses, getStringConfigurationProperty, getSuppliedPlaceholderProperties, hashCode, initialize, initializeConnectedAssetProperties, initializeEmbeddedConnectors, initializeSecretsStoreConnector, isActive, logExceptionRecord, logRecord, logRecord, throwMissingConfigurationProperty, throwMissingResource, throwNoAsset, throwWrongTypeOfAsset, throwWrongTypeOfResource, throwWrongTypeOfRootSchema, toString
Methods inherited from class org.odpi.openmetadata.frameworks.connectors.Connector
clearStatisticProperty, clearStatisticTimestamp, getConnectorStatistics, getStatisticCounter, getStatisticProperty, getStatisticTimestamp, incrementStatisticCounter, initializeStatisticCounter, setStatisticProperty, setStatisticTimestamp
-
Constructor Details
-
CocoPharmaServerSecurityConnector
public CocoPharmaServerSecurityConnector()Constructor sets up the security groups
-
-
Method Details
-
validateUserForServer
Check that the calling user is authorized to issue a (any) request to the OMAG Server Platform.- Specified by:
validateUserForServer
in interfaceOpenMetadataServerSecurity
- Overrides:
validateUserForServer
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- calling user- Throws:
UserNotAuthorizedException
- the user is not authorized to access this function
-
validateUserAsServerAdmin
Check that the calling user is authorized to update the configuration for a server.- Specified by:
validateUserAsServerAdmin
in interfaceOpenMetadataServerSecurity
- Overrides:
validateUserAsServerAdmin
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- calling user- Throws:
UserNotAuthorizedException
- the user is not authorized to change configuration
-
validateUserAsServerOperator
Check that the calling user is authorized to issue operator requests to the OMAG Server.- Specified by:
validateUserAsServerOperator
in interfaceOpenMetadataServerSecurity
- Overrides:
validateUserAsServerOperator
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- calling user- Throws:
UserNotAuthorizedException
- the user is not authorized to issue operator commands to this server
-
validateUserAsServerInvestigator
Check that the calling user is authorized to issue operator requests to the OMAG Server.- Specified by:
validateUserAsServerInvestigator
in interfaceOpenMetadataServerSecurity
- Overrides:
validateUserAsServerInvestigator
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- calling user- Throws:
UserNotAuthorizedException
- the user is not authorized to issue diagnostic commands to this server
-
validateUserForService
public void validateUserForService(String userId, String serviceName) throws UserNotAuthorizedException Check that the calling user is authorized to issue this request.- Specified by:
validateUserForService
in interfaceOpenMetadataServiceSecurity
- Overrides:
validateUserForService
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- calling userserviceName
- name of called service- Throws:
UserNotAuthorizedException
- the user is not authorized to access this service
-
validateUserForServiceOperation
public void validateUserForServiceOperation(String userId, String serviceName, String serviceOperationName) throws UserNotAuthorizedException Check that the calling user is authorized to issue this specific request.- Specified by:
validateUserForServiceOperation
in interfaceOpenMetadataServiceSecurity
- Overrides:
validateUserForServiceOperation
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- calling userserviceName
- name of called serviceserviceOperationName
- name of called operation- Throws:
UserNotAuthorizedException
- the user is not authorized to access this service
-
validateUserForConnection
public void validateUserForConnection(String userId, Connection connection) throws UserNotAuthorizedException Tests for whether a specific user should have access to a connection.- Specified by:
validateUserForConnection
in interfaceOpenMetadataConnectionSecurity
- Overrides:
validateUserForConnection
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- identifier of userconnection
- connection object- Throws:
UserNotAuthorizedException
- the user is not authorized to access this service
-
validateUserForAssetConnectionList
public Connection validateUserForAssetConnectionList(String userId, Asset asset, List<Connection> connections) throws UserNotAuthorizedException Select a connection from the list of connections attached to an asset. Some connections change the userId to provide a higher level of access that a specific user account. These connections are processed first so that the user gets the most secure connection to use if they are allowed. In Coco Pharmaceuticals, these types of connections are only available to engines working in the data lake.- Specified by:
validateUserForAssetConnectionList
in interfaceOpenMetadataConnectionSecurity
- Overrides:
validateUserForAssetConnectionList
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- calling userasset
- asset requested by callerconnections
- list of attached connections- Returns:
- selected connection or null (pretend there are no connections attached to the asset) or
- Throws:
UserNotAuthorizedException
- the user is not authorized to access this service
-
setSupportedZonesForUser
public List<String> setSupportedZonesForUser(List<String> supportedZones, String serviceName, String user) throws InvalidParameterException, PropertyServerException Determine the appropriate setting for the supported zones depending on the user and the default supported zones set up for the service. This is called whenever an asset is accessed.- Specified by:
setSupportedZonesForUser
in interfaceOpenMetadataAssetSecurity
- Overrides:
setSupportedZonesForUser
in classOpenMetadataServerSecurityConnector
- Parameters:
supportedZones
- default setting of the supported zones for the serviceserviceName
- name of the called serviceuser
- name of the user- Returns:
- list of supported zones for the user
- Throws:
InvalidParameterException
- one of the parameter values is invalidPropertyServerException
- there is a problem calculating the zones
-
setAssetZonesToDefault
public List<String> setAssetZonesToDefault(List<String> defaultZones, Asset asset) throws InvalidParameterException, PropertyServerException Determine the appropriate setting for the asset zones depending on the content of the asset and the default zones. This is called whenever a new asset is created. The default behavior is to use the default values, unless the zones have been explicitly set up, in which case, they are left unchanged.- Specified by:
setAssetZonesToDefault
in interfaceOpenMetadataAssetSecurity
- Overrides:
setAssetZonesToDefault
in classOpenMetadataServerSecurityConnector
- Parameters:
defaultZones
- setting of the default zones for the serviceasset
- initial values for the asset- Returns:
- list of zones to set in the asset
- Throws:
InvalidParameterException
- one of the asset values is invalidPropertyServerException
- there is a problem calculating the zones
-
verifyAssetZones
public List<String> verifyAssetZones(List<String> defaultZones, List<String> supportedZones, List<String> publishZones, Asset originalAsset, Asset updatedAsset) throws InvalidParameterException, PropertyServerException Determine the appropriate setting for the asset zones depending on the content of the asset and the settings of both default zones and supported zones. This method is called whenever an asset's values are changed. The default behavior is to keep the updated zones as they are.- Specified by:
verifyAssetZones
in interfaceOpenMetadataAssetSecurity
- Overrides:
verifyAssetZones
in classOpenMetadataServerSecurityConnector
- Parameters:
defaultZones
- setting of the default zones for the servicesupportedZones
- setting of the supported zones for the servicepublishZones
- setting of the supported zones for the serviceoriginalAsset
- original values for the assetupdatedAsset
- updated values for the asset- Returns:
- list of zones to set in the asset
- Throws:
InvalidParameterException
- one of the asset values is invalidPropertyServerException
- there is a problem calculating the zones
-
validateUserForAssetCreate
public void validateUserForAssetCreate(String userId, Asset asset) throws UserNotAuthorizedException Tests for whether a specific user should have the right to create an asset within a zone.- Specified by:
validateUserForAssetCreate
in interfaceOpenMetadataAssetSecurity
- Overrides:
validateUserForAssetCreate
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- identifier of userasset
- asset details- Throws:
UserNotAuthorizedException
- the user is not authorized to access this zone
-
validateUserForAssetRead
Tests for whether a specific user should have read access to a specific asset within a zone.- Specified by:
validateUserForAssetRead
in interfaceOpenMetadataAssetSecurity
- Overrides:
validateUserForAssetRead
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- identifier of userasset
- asset to test- Throws:
UserNotAuthorizedException
- the user is not authorized to access this zone
-
validateUserForAssetDetailUpdate
public void validateUserForAssetDetailUpdate(String userId, Asset originalAsset, AssetAuditHeader originalAssetAuditHeader, Asset newAsset) throws UserNotAuthorizedException Tests for whether a specific user should have the right to update an asset. This is used for a general asset update, which may include changes to the zones and the ownership.- Specified by:
validateUserForAssetDetailUpdate
in interfaceOpenMetadataAssetSecurity
- Overrides:
validateUserForAssetDetailUpdate
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- identifier of useroriginalAsset
- original asset detailsoriginalAssetAuditHeader
- details of the asset's audit headernewAsset
- new asset details- Throws:
UserNotAuthorizedException
- the user is not authorized to change this asset
-
validateUserForAssetAttachmentUpdate
public void validateUserForAssetAttachmentUpdate(String userId, Asset asset) throws UserNotAuthorizedException Tests for whether a specific user should have the right to update elements attached directly to an asset such as glossary terms, schema and connections.- Specified by:
validateUserForAssetAttachmentUpdate
in interfaceOpenMetadataAssetSecurity
- Overrides:
validateUserForAssetAttachmentUpdate
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- identifier of userasset
- original asset details- Throws:
UserNotAuthorizedException
- the user is not authorized to change this asset
-
validateUserForAssetFeedback
public void validateUserForAssetFeedback(String userId, Asset asset) throws UserNotAuthorizedException Tests for whether a specific user should have the right to attach feedback - such as comments, ratings, tags and likes, to the asset.- Specified by:
validateUserForAssetFeedback
in interfaceOpenMetadataAssetSecurity
- Overrides:
validateUserForAssetFeedback
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- identifier of userasset
- original asset details- Throws:
UserNotAuthorizedException
- the user is not authorized to change this asset
-
validateUserForAssetDelete
public void validateUserForAssetDelete(String userId, Asset asset) throws UserNotAuthorizedException Tests for whether a specific user should have the right to delete an asset within a zone.- Specified by:
validateUserForAssetDelete
in interfaceOpenMetadataAssetSecurity
- Overrides:
validateUserForAssetDelete
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- identifier of userasset
- asset details- Throws:
UserNotAuthorizedException
- the user is not authorized to change this asset
-
validateUserForGlossaryCreate
public void validateUserForGlossaryCreate(String userId, Glossary glossary) throws UserNotAuthorizedException Tests for whether a specific user should have the right to create a glossary.- Specified by:
validateUserForGlossaryCreate
in interfaceOpenMetadataGlossarySecurity
- Parameters:
userId
- identifier of userglossary
- new glossary details- Throws:
UserNotAuthorizedException
- the user is not authorized to change this glossary
-
validateUserForGlossaryRead
public void validateUserForGlossaryRead(String userId, Glossary glossary) throws UserNotAuthorizedException Tests for whether a specific user should have read access to a specific glossary and its contents.- Specified by:
validateUserForGlossaryRead
in interfaceOpenMetadataGlossarySecurity
- Parameters:
userId
- identifier of userglossary
- glossary details- Throws:
UserNotAuthorizedException
- the user is not authorized to access this glossary
-
validateUserForGlossaryDetailUpdate
public void validateUserForGlossaryDetailUpdate(String userId, Glossary originalGlossary, Glossary newGlossary) throws UserNotAuthorizedException Tests for whether a specific user should have the right to update the properties/classifications of a glossary.- Specified by:
validateUserForGlossaryDetailUpdate
in interfaceOpenMetadataGlossarySecurity
- Parameters:
userId
- identifier of useroriginalGlossary
- original glossary detailsnewGlossary
- new glossary details- Throws:
UserNotAuthorizedException
- the user is not authorized to change this glossary
-
validateUserForGlossaryMemberUpdate
public void validateUserForGlossaryMemberUpdate(String userId, Glossary glossary) throws UserNotAuthorizedException Tests for whether a specific user should have the right to update elements attached directly to a glossary such as glossary terms and categories. These updates could be to their properties, classifications and relationships. It also includes attaching valid values but not semantic assignments since they are considered updates to the associated asset.- Specified by:
validateUserForGlossaryMemberUpdate
in interfaceOpenMetadataGlossarySecurity
- Parameters:
userId
- identifier of userglossary
- glossary details- Throws:
UserNotAuthorizedException
- the user is not authorized to change this glossary
-
validateUserForGlossaryMemberStatusUpdate
public void validateUserForGlossaryMemberStatusUpdate(String userId, Glossary glossary) throws UserNotAuthorizedException Tests for whether a specific user should have the right to update the instance status of a term anchored in a glossary.- Specified by:
validateUserForGlossaryMemberStatusUpdate
in interfaceOpenMetadataGlossarySecurity
- Parameters:
userId
- identifier of userglossary
- glossary details- Throws:
UserNotAuthorizedException
- the user is not authorized to change this glossary
-
validateUserForGlossaryFeedback
public void validateUserForGlossaryFeedback(String userId, Glossary glossary) throws UserNotAuthorizedException Tests for whether a specific user should have the right to attach feedback - such as comments, ratings, tags and likes, to the glossary.- Specified by:
validateUserForGlossaryFeedback
in interfaceOpenMetadataGlossarySecurity
- Parameters:
userId
- identifier of userglossary
- original glossary details- Throws:
UserNotAuthorizedException
- the user is not authorized to change this glossary
-
validateUserForGlossaryDelete
public void validateUserForGlossaryDelete(String userId, Glossary glossary) throws UserNotAuthorizedException Tests for whether a specific user should have the right to delete a glossary and all of its contents.- Specified by:
validateUserForGlossaryDelete
in interfaceOpenMetadataGlossarySecurity
- Parameters:
userId
- identifier of userglossary
- original glossary details- Throws:
UserNotAuthorizedException
- the user is not authorized to change this glossary
-
validateUserForTypeCreate
public void validateUserForTypeCreate(String userId, String metadataCollectionName, TypeDef typeDef) throws UserNotAuthorizedException Tests for whether a specific user should have the right to create a type within a repository.- Specified by:
validateUserForTypeCreate
in interfaceOpenMetadataRepositorySecurity
- Overrides:
validateUserForTypeCreate
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectiontypeDef
- type details- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain types
-
validateUserForTypeCreate
public void validateUserForTypeCreate(String userId, String metadataCollectionName, AttributeTypeDef attributeTypeDef) throws UserNotAuthorizedException Tests for whether a specific user should have the right to create a type within a repository.- Specified by:
validateUserForTypeCreate
in interfaceOpenMetadataRepositorySecurity
- Overrides:
validateUserForTypeCreate
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectionattributeTypeDef
- type details- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain types
-
validateUserForTypeRead
public void validateUserForTypeRead(String userId, String metadataCollectionName, TypeDef typeDef) throws UserNotAuthorizedException Tests for whether a specific user should have read access to a specific type within a repository.- Specified by:
validateUserForTypeRead
in interfaceOpenMetadataRepositorySecurity
- Overrides:
validateUserForTypeRead
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectiontypeDef
- type details- Throws:
UserNotAuthorizedException
- the user is not authorized to retrieve types
-
validateUserForTypeRead
public void validateUserForTypeRead(String userId, String metadataCollectionName, AttributeTypeDef attributeTypeDef) throws UserNotAuthorizedException Tests for whether a specific user should have read access to a specific type within a repository.- Specified by:
validateUserForTypeRead
in interfaceOpenMetadataRepositorySecurity
- Overrides:
validateUserForTypeRead
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectionattributeTypeDef
- type details- Throws:
UserNotAuthorizedException
- the user is not authorized to retrieve types
-
validateUserForTypeUpdate
public void validateUserForTypeUpdate(String userId, String metadataCollectionName, TypeDef typeDef, TypeDefPatch patch) throws UserNotAuthorizedException Tests for whether a specific user should have the right to update a typeDef within a repository.- Specified by:
validateUserForTypeUpdate
in interfaceOpenMetadataRepositorySecurity
- Overrides:
validateUserForTypeUpdate
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectiontypeDef
- current typeDef detailspatch
- proposed changes to type- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain types
-
validateUserForTypeDelete
public void validateUserForTypeDelete(String userId, String metadataCollectionName, TypeDef typeDef) throws UserNotAuthorizedException Tests for whether a specific user should have the right to delete a type within a repository.- Specified by:
validateUserForTypeDelete
in interfaceOpenMetadataRepositorySecurity
- Overrides:
validateUserForTypeDelete
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectiontypeDef
- type details- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain types
-
validateUserForTypeDelete
public void validateUserForTypeDelete(String userId, String metadataCollectionName, AttributeTypeDef attributeTypeDef) throws UserNotAuthorizedException Tests for whether a specific user should have the right to delete a type within a repository.- Specified by:
validateUserForTypeDelete
in interfaceOpenMetadataRepositorySecurity
- Overrides:
validateUserForTypeDelete
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectionattributeTypeDef
- type details- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain types
-
validateUserForTypeReIdentify
public void validateUserForTypeReIdentify(String userId, String metadataCollectionName, TypeDef originalTypeDef, String newTypeDefGUID, String newTypeDefName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to change the identifiers for a type within a repository.- Specified by:
validateUserForTypeReIdentify
in interfaceOpenMetadataRepositorySecurity
- Overrides:
validateUserForTypeReIdentify
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectionoriginalTypeDef
- type detailsnewTypeDefGUID
- the new identifier for the type.newTypeDefName
- new name for this type.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain types
-
validateUserForTypeReIdentify
public void validateUserForTypeReIdentify(String userId, String metadataCollectionName, AttributeTypeDef originalAttributeTypeDef, String newTypeDefGUID, String newTypeDefName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to change the identifiers for a type within a repository.- Specified by:
validateUserForTypeReIdentify
in interfaceOpenMetadataRepositorySecurity
- Overrides:
validateUserForTypeReIdentify
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectionoriginalAttributeTypeDef
- type detailsnewTypeDefGUID
- the new identifier for the type.newTypeDefName
- new name for this type.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain types
-
validateUserForEntityCreate
public void validateUserForEntityCreate(String userId, String metadataCollectionName, String entityTypeGUID, InstanceProperties initialProperties, List<Classification> initialClassifications, InstanceStatus initialStatus) throws UserNotAuthorizedException Tests for whether a specific user should have the right to create an instance within a repository.- Specified by:
validateUserForEntityCreate
in interfaceOpenMetadataRepositorySecurity
- Overrides:
validateUserForEntityCreate
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectionentityTypeGUID
- unique identifier (guid) for the new entity's type.initialProperties
- initial list of properties for the new entity null means no properties.initialClassifications
- initial list of classifications for the new entity null means no classifications.initialStatus
- initial status typically DRAFT, PREPARED or ACTIVE.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForEntityRead
public EntityDetail validateUserForEntityRead(String userId, String metadataCollectionName, EntityDetail instance) throws UserNotAuthorizedException Tests for whether a specific user should have read access to a specific instance within a repository.- Specified by:
validateUserForEntityRead
in interfaceOpenMetadataRepositorySecurity
- Overrides:
validateUserForEntityRead
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance details- Returns:
- entity to return (maybe altered by the connector)
- Throws:
UserNotAuthorizedException
- the user is not authorized to retrieve instances
-
validateUserForEntitySummaryRead
public void validateUserForEntitySummaryRead(String userId, String metadataCollectionName, EntitySummary instance) throws UserNotAuthorizedException Tests for whether a specific user should have read access to a specific instance within a repository.- Specified by:
validateUserForEntitySummaryRead
in interfaceOpenMetadataRepositorySecurity
- Overrides:
validateUserForEntitySummaryRead
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance details- Throws:
UserNotAuthorizedException
- the user is not authorized to retrieve instances
-
validateUserForEntityProxyRead
public void validateUserForEntityProxyRead(String userId, String metadataCollectionName, EntityProxy instance) throws UserNotAuthorizedException Tests for whether a specific user should have read access to a specific instance within a repository.- Specified by:
validateUserForEntityProxyRead
in interfaceOpenMetadataRepositorySecurity
- Overrides:
validateUserForEntityProxyRead
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance details- Throws:
UserNotAuthorizedException
- the user is not authorized to retrieve instances
-
validateUserForEntityUpdate
public void validateUserForEntityUpdate(String userId, String metadataCollectionName, EntityDetail instance) throws UserNotAuthorizedException Tests for whether a specific user should have the right to update an instance within a repository.- Specified by:
validateUserForEntityUpdate
in interfaceOpenMetadataRepositorySecurity
- Overrides:
validateUserForEntityUpdate
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance details- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForEntityClassificationAdd
public void validateUserForEntityClassificationAdd(String userId, String metadataCollectionName, EntitySummary instance, String classificationName, InstanceProperties properties) throws UserNotAuthorizedException Tests for whether a specific user should have the right to add a classification to an entity instance within a repository.- Specified by:
validateUserForEntityClassificationAdd
in interfaceOpenMetadataRepositorySecurity
- Overrides:
validateUserForEntityClassificationAdd
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance detailsclassificationName
- String name for the classification.properties
- list of properties for the classification.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForEntityClassificationUpdate
public void validateUserForEntityClassificationUpdate(String userId, String metadataCollectionName, EntitySummary instance, String classificationName, InstanceProperties properties) throws UserNotAuthorizedException Tests for whether a specific user should have the right to update the classification for an entity instance within a repository.- Specified by:
validateUserForEntityClassificationUpdate
in interfaceOpenMetadataRepositorySecurity
- Overrides:
validateUserForEntityClassificationUpdate
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance detailsclassificationName
- String name for the classification.properties
- list of properties for the classification.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForEntityClassificationDelete
public void validateUserForEntityClassificationDelete(String userId, String metadataCollectionName, EntitySummary instance, String classificationName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to delete a classification from an entity instance within a repository.- Specified by:
validateUserForEntityClassificationDelete
in interfaceOpenMetadataRepositorySecurity
- Overrides:
validateUserForEntityClassificationDelete
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance detailsclassificationName
- String name for the classification.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForEntityDelete
public void validateUserForEntityDelete(String userId, String metadataCollectionName, EntityDetail instance) throws UserNotAuthorizedException Tests for whether a specific user should have the right to delete an instance within a repository.- Specified by:
validateUserForEntityDelete
in interfaceOpenMetadataRepositorySecurity
- Overrides:
validateUserForEntityDelete
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance details- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForEntityRestore
public void validateUserForEntityRestore(String userId, String metadataCollectionName, String deletedEntityGUID) throws UserNotAuthorizedException Tests for whether a specific user should have the right to restore an instance within a repository.- Specified by:
validateUserForEntityRestore
in interfaceOpenMetadataRepositorySecurity
- Overrides:
validateUserForEntityRestore
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectiondeletedEntityGUID
- String unique identifier (guid) for the entity.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForEntityReIdentification
public void validateUserForEntityReIdentification(String userId, String metadataCollectionName, EntityDetail instance, String newGUID) throws UserNotAuthorizedException Tests for whether a specific user should have the right to change the guid on an instance within a repository.- Specified by:
validateUserForEntityReIdentification
in interfaceOpenMetadataRepositorySecurity
- Overrides:
validateUserForEntityReIdentification
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance detailsnewGUID
- the new guid for the instance.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForEntityReTyping
public void validateUserForEntityReTyping(String userId, String metadataCollectionName, EntityDetail instance, TypeDefSummary newTypeDefSummary) throws UserNotAuthorizedException Tests for whether a specific user should have the right to change the type name of an instance within a repository.- Specified by:
validateUserForEntityReTyping
in interfaceOpenMetadataRepositorySecurity
- Overrides:
validateUserForEntityReTyping
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance detailsnewTypeDefSummary
- details of this instance's new TypeDef.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForEntityReHoming
public void validateUserForEntityReHoming(String userId, String metadataCollectionName, EntityDetail instance, String newHomeMetadataCollectionId, String newHomeMetadataCollectionName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to change the home of an instance within a repository.- Specified by:
validateUserForEntityReHoming
in interfaceOpenMetadataRepositorySecurity
- Overrides:
validateUserForEntityReHoming
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance detailsnewHomeMetadataCollectionId
- unique identifier for the new home metadata collection/repository.newHomeMetadataCollectionName
- display name for the new home metadata collection/repository.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForRelationshipCreate
public void validateUserForRelationshipCreate(String userId, String metadataCollectionName, String relationshipTypeGUID, InstanceProperties initialProperties, EntitySummary entityOneSummary, EntitySummary entityTwoSummary, InstanceStatus initialStatus) throws UserNotAuthorizedException Tests for whether a specific user should have the right to create an instance within a repository.- Specified by:
validateUserForRelationshipCreate
in interfaceOpenMetadataRepositorySecurity
- Overrides:
validateUserForRelationshipCreate
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectionrelationshipTypeGUID
- unique identifier (guid) for the new relationship's type.initialProperties
- initial list of properties for the new entity null means no properties.entityOneSummary
- the unique identifier of one of the entities that the relationship is connecting together.entityTwoSummary
- the unique identifier of the other entity that the relationship is connecting together.initialStatus
- initial status typically DRAFT, PREPARED or ACTIVE.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForRelationshipRead
public Relationship validateUserForRelationshipRead(String userId, String metadataCollectionName, Relationship instance) throws UserNotAuthorizedException Tests for whether a specific user should have read access to a specific instance within a repository.- Specified by:
validateUserForRelationshipRead
in interfaceOpenMetadataRepositorySecurity
- Overrides:
validateUserForRelationshipRead
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance details- Returns:
- relationship to return (maybe altered by the connector)
- Throws:
UserNotAuthorizedException
- the user is not authorized to retrieve instances
-
validateUserForRelationshipUpdate
public void validateUserForRelationshipUpdate(String userId, String metadataCollectionName, Relationship instance) throws UserNotAuthorizedException Tests for whether a specific user should have the right to update an instance within a repository.- Specified by:
validateUserForRelationshipUpdate
in interfaceOpenMetadataRepositorySecurity
- Overrides:
validateUserForRelationshipUpdate
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance details- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForRelationshipDelete
public void validateUserForRelationshipDelete(String userId, String metadataCollectionName, Relationship instance) throws UserNotAuthorizedException Tests for whether a specific user should have the right to delete an instance within a repository.- Specified by:
validateUserForRelationshipDelete
in interfaceOpenMetadataRepositorySecurity
- Overrides:
validateUserForRelationshipDelete
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance details- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForRelationshipRestore
public void validateUserForRelationshipRestore(String userId, String metadataCollectionName, String deletedRelationshipGUID) throws UserNotAuthorizedException Tests for whether a specific user should have the right to restore an instance within a repository.- Specified by:
validateUserForRelationshipRestore
in interfaceOpenMetadataRepositorySecurity
- Overrides:
validateUserForRelationshipRestore
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectiondeletedRelationshipGUID
- String unique identifier (guid) for the relationship.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForRelationshipReIdentification
public void validateUserForRelationshipReIdentification(String userId, String metadataCollectionName, Relationship instance, String newGUID) throws UserNotAuthorizedException Tests for whether a specific user should have the right to change the guid on an instance within a repository.- Specified by:
validateUserForRelationshipReIdentification
in interfaceOpenMetadataRepositorySecurity
- Overrides:
validateUserForRelationshipReIdentification
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance detailsnewGUID
- the new guid for the instance.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForRelationshipReTyping
public void validateUserForRelationshipReTyping(String userId, String metadataCollectionName, Relationship instance, TypeDefSummary newTypeDefSummary) throws UserNotAuthorizedException Tests for whether a specific user should have the right to change the type name of an instance within a repository.- Specified by:
validateUserForRelationshipReTyping
in interfaceOpenMetadataRepositorySecurity
- Overrides:
validateUserForRelationshipReTyping
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance detailsnewTypeDefSummary
- details of this instance's new TypeDef.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForRelationshipReHoming
public void validateUserForRelationshipReHoming(String userId, String metadataCollectionName, Relationship instance, String newHomeMetadataCollectionId, String newHomeMetadataCollectionName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to change the home of a instance within a repository.- Specified by:
validateUserForRelationshipReHoming
in interfaceOpenMetadataRepositorySecurity
- Overrides:
validateUserForRelationshipReHoming
in classOpenMetadataServerSecurityConnector
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance detailsnewHomeMetadataCollectionId
- unique identifier for the new home metadata collection/repository.newHomeMetadataCollectionName
- display name for the new home metadata collection/repository.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateEntityReferenceCopySave
Tests for whether a reference copy should be saved to the repository.- Specified by:
validateEntityReferenceCopySave
in interfaceOpenMetadataRepositorySecurity
- Parameters:
instance
- instance details- Returns:
- flag indicating whether the reference copy should be saved
-
validateRelationshipReferenceCopySave
Tests for whether a reference copy should be saved to the repository.- Specified by:
validateRelationshipReferenceCopySave
in interfaceOpenMetadataRepositorySecurity
- Parameters:
instance
- instance details- Returns:
- flag indicating whether the reference copy should be saved
-