Class OpenMetadataServerSecurityVerifier

java.lang.Object
org.odpi.openmetadata.metadatasecurity.server.OpenMetadataServerSecurityVerifier
All Implemented Interfaces:
OpenMetadataServerSecurity, OpenMetadataServiceSecurity, OpenMetadataRepositorySecurity, OpenMetadataEventsSecurity

OpenMetadataServerSecurityVerifier provides the plug-in point for the open metadata server connector. It supports the same security interfaces, and handles the fact that the security connector is optional.
  • Field Details

    • SEVERITY_LEVEL_IDENTIFIER_PROPERTY_NAME

      public static final String SEVERITY_LEVEL_IDENTIFIER_PROPERTY_NAME
      See Also:
  • Constructor Details

    • OpenMetadataServerSecurityVerifier

      public OpenMetadataServerSecurityVerifier()
      Default constructor
  • Method Details

    • registerSecurityValidator

      public void registerSecurityValidator(String localServerUserId, String serverName, AuditLog auditLog, Connection connection) throws InvalidParameterException
      Register an open metadata server security connector to verify access to the server's services.
      Parameters:
      localServerUserId - local server's userId
      serverName - local server's name
      auditLog - logging destination
      connection - properties used to create the connector
      Throws:
      InvalidParameterException - the connection is invalid
    • verifyAssetZones

      public List<String> verifyAssetZones(List<String> defaultZones, List<String> supportedZones, List<String> publishZones, Asset originalAsset, Asset updatedAsset) throws InvalidParameterException, PropertyServerException
      Determine the appropriate setting for the asset zones depending on the content of the asset and the settings of both default zones and supported zones. This method is called whenever an asset's values are changed. The default behavior is to keep the updated zones as they are.
      Parameters:
      defaultZones - setting of the default zones for the service
      supportedZones - setting of the supported zones for the service
      publishZones - setting of the zones that are set when an asset is published for the service
      originalAsset - original values for the asset
      updatedAsset - updated values for the asset
      Returns:
      list of zones to set in the asset
      Throws:
      InvalidParameterException - one of the asset values is invalid
      PropertyServerException - there is a problem calculating the zones
    • validateUserForConnection

      public void validateUserForConnection(String userId, EntityDetail entity, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException
      Validate that the user is able to retrieve the requested connection.
      Parameters:
      userId - calling user
      entity - entity storing the connection's properties
      repositoryHelper - for working with OMRS objects
      serviceName - calling service
      methodName - calling method
      Throws:
      UserNotAuthorizedException - user not authorized to access this connection
    • selectConnection

      public EntityDetail selectConnection(String userId, EntityDetail assetEntity, List<EntityDetail> connectionEntities, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException, PropertyServerException
      Use the security connector to make a choice on which connection to supply to the requesting user.
      Parameters:
      userId - calling userId
      assetEntity - associated asset - may be null
      connectionEntities - list of retrieved connections
      repositoryHelper - for working with OMRS objects
      serviceName - calling service
      methodName - calling method
      Returns:
      single connection entity, or null
      Throws:
      UserNotAuthorizedException - the user is not able to use any of the connections
      PropertyServerException - unable to reduce the number of connections to
    • validateUserForServer

      public void validateUserForServer(String userId) throws UserNotAuthorizedException
      Check that the calling user is authorized to issue a (any) request to the OMAG Server Platform.
      Specified by:
      validateUserForServer in interface OpenMetadataServerSecurity
      Parameters:
      userId - calling user
      Throws:
      UserNotAuthorizedException - the user is not authorized to access this function
    • validateUserAsServerAdmin

      public void validateUserAsServerAdmin(String userId) throws UserNotAuthorizedException
      Check that the calling user is authorized to update the configuration for a server.
      Specified by:
      validateUserAsServerAdmin in interface OpenMetadataServerSecurity
      Parameters:
      userId - calling user
      Throws:
      UserNotAuthorizedException - the user is not authorized to change configuration
    • validateUserAsServerOperator

      public void validateUserAsServerOperator(String userId) throws UserNotAuthorizedException
      Check that the calling user is authorized to issue operator requests to the OMAG Server.
      Specified by:
      validateUserAsServerOperator in interface OpenMetadataServerSecurity
      Parameters:
      userId - calling user
      Throws:
      UserNotAuthorizedException - the user is not authorized to issue operator commands to this server
    • validateUserAsServerInvestigator

      public void validateUserAsServerInvestigator(String userId) throws UserNotAuthorizedException
      Check that the calling user is authorized to issue operator requests to the OMAG Server.
      Specified by:
      validateUserAsServerInvestigator in interface OpenMetadataServerSecurity
      Parameters:
      userId - calling user
      Throws:
      UserNotAuthorizedException - the user is not authorized to issue diagnostic commands to this server
    • validateUserForService

      public void validateUserForService(String userId, String serviceName) throws UserNotAuthorizedException
      Check that the calling user is authorized to issue this request.
      Specified by:
      validateUserForService in interface OpenMetadataServiceSecurity
      Parameters:
      userId - calling user
      serviceName - name of called service
      Throws:
      UserNotAuthorizedException - the user is not authorized to access this service
    • validateUserForServiceOperation

      public void validateUserForServiceOperation(String userId, String serviceName, String serviceOperationName) throws UserNotAuthorizedException
      Check that the calling user is authorized to issue this specific request.
      Specified by:
      validateUserForServiceOperation in interface OpenMetadataServiceSecurity
      Parameters:
      userId - calling user
      serviceName - name of called service
      serviceOperationName - name of called operation
      Throws:
      UserNotAuthorizedException - the user is not authorized to access this service
    • validateUserForConnection

      public void validateUserForConnection(String userId, Connection connection) throws UserNotAuthorizedException
      Tests for whether a specific user should have access to a connection.
      Parameters:
      userId - identifier of user
      connection - connection object
      Throws:
      UserNotAuthorizedException - the user is not authorized to access this service
    • validateUserForAssetCreate

      public void validateUserForAssetCreate(String userId, String entityTypeGUID, String entityTypeName, InstanceProperties newProperties, List<Classification> classifications, InstanceStatus instanceStatus, List<String> defaultZones, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException, InvalidParameterException, PropertyServerException
      Tests for whether a specific user should have the right to create an asset within a zone.
      Parameters:
      userId - identifier of user
      entityTypeGUID - unique identifier of the type of entity to create
      entityTypeName - unique name of the type of entity to create
      newProperties - properties for new entity
      classifications - classifications for new entity
      instanceStatus - status for new entity
      defaultZones - initial setting of the asset's zone membership
      repositoryHelper - manipulates repository service objects
      serviceName - calling service
      methodName - calling method
      Throws:
      UserNotAuthorizedException - the user is not authorized to access this zone
      InvalidParameterException - Something wrong with the supplied parameters
      PropertyServerException - logic error because classification type not recognized
    • validateUserForAssetRead

      public void validateUserForAssetRead(String userId, String assetGUID, String assetGUIDParameterName, EntityDetail assetEntity, boolean isExplicitGetRequest, List<String> suppliedSupportedZones, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws InvalidParameterException, PropertyServerException, UserNotAuthorizedException
      Validate that the user is able to perform the requested action on an attachment. This method should be used by the other handlers to verify whether the element they are working with is attached to a visible asset (ie is a member of one of the supported zones) that can be operated on by the calling user.
      Parameters:
      userId - calling user
      assetGUID - unique identifier of the asset
      assetGUIDParameterName - name of parameter supplying the assetGUID
      assetEntity - entity storing the asset's properties
      isExplicitGetRequest - Is this request an explicit get request for the asset or a find request.
      suppliedSupportedZones - list of supported zones from the caller.
      repositoryHelper - helper for OMRS objects
      serviceName - calling service
      methodName - calling method
      Throws:
      InvalidParameterException - the bean properties are invalid
      UserNotAuthorizedException - user not authorized to issue this request
      PropertyServerException - problem accessing the property server
    • validateUserForAssetAttachment

      public void validateUserForAssetAttachment(String userId, String assetGUID, String assetGUIDParameterName, EntityDetail assetEntity, boolean isExplicitGetRequest, boolean isFeedback, boolean isUpdate, List<String> suppliedSupportedZones, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws InvalidParameterException, PropertyServerException, UserNotAuthorizedException
      Validate that the user is able to perform the requested action on an attachment. This method should be used by the other handlers to verify whether the element they are working with is attached to a visible asset (ie is a member of one of the supported zones) that can be operated on by the calling user.
      Parameters:
      userId - calling user
      assetGUID - unique identifier of the asset
      assetGUIDParameterName - name of parameter supplying the assetGUID
      assetEntity - entity storing the root of the asset
      isExplicitGetRequest - Is this request an explicit get request for the asset or a find request.
      isFeedback - is this request related to a feedback element (comment, like, rating) or an attachment
      isUpdate - is this an update request?
      suppliedSupportedZones - list of supported zones from the caller.
      repositoryHelper - works with OMRS objects
      serviceName - calling service
      methodName - calling method
      Throws:
      InvalidParameterException - the bean properties are invalid
      UserNotAuthorizedException - user not authorized to issue this request
      PropertyServerException - problem accessing the property server
    • validateUserForAssetUpdate

      public void validateUserForAssetUpdate(String userId, EntityDetail originalAssetEntity, InstanceProperties updatedAssetProperties, InstanceStatus newInstanceStatus, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException
      Validate that the user is able to perform the requested action on an asset. This method should be used by the other handlers to verify whether the asset they are working with that can be operated on by the calling user.
      Parameters:
      userId - calling user
      originalAssetEntity - entity storing the current asset
      updatedAssetProperties - properties after the update has completed
      newInstanceStatus - status of the entity once the update is complete
      repositoryHelper - works with OMRS objects
      serviceName - calling service
      methodName - calling method
      Throws:
      UserNotAuthorizedException - user not authorized to issue this request
    • validateUserForAssetDelete

      public void validateUserForAssetDelete(String userId, EntityDetail assetEntity, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws InvalidParameterException, PropertyServerException, UserNotAuthorizedException
      Tests for whether a specific user should have the right to delete an asset.
      Parameters:
      userId - calling user
      assetEntity - entity storing the asset's properties
      repositoryHelper - helper for OMRS objects
      serviceName - calling service
      methodName - calling method
      Throws:
      InvalidParameterException - the bean properties are invalid
      UserNotAuthorizedException - user not authorized to issue this request
      PropertyServerException - problem accessing the property server
    • validateUserForGlossaryCreate

      public void validateUserForGlossaryCreate(String userId, String entityTypeGUID, String entityTypeName, InstanceProperties newProperties, List<Classification> classifications, InstanceStatus instanceStatus, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to create a glossary.
      Parameters:
      userId - identifier of user
      entityTypeGUID - unique identifier of the type of entity to create
      entityTypeName - unique name of the type of entity to create
      newProperties - properties for new entity
      classifications - classifications for new entity
      instanceStatus - status for new entity
      repositoryHelper - manipulates repository service objects
      serviceName - calling service
      methodName - calling method
      Throws:
      UserNotAuthorizedException - the user is not authorized to perform this command
    • validateUserForGlossaryRead

      public void validateUserForGlossaryRead(String userId, EntityDetail entity, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException
      Tests for whether a specific user should have read access to a specific glossary and its contents.
      Parameters:
      userId - calling user
      entity - entity storing the glossary's properties
      repositoryHelper - helper for OMRS objects
      serviceName - calling service
      methodName - calling method
      Throws:
      UserNotAuthorizedException - user not authorized to issue this request
    • validateUserForGlossaryDetailUpdate

      public void validateUserForGlossaryDetailUpdate(String userId, EntityDetail originalEntity, InstanceProperties newEntityProperties, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to update the properties of a glossary.
      Parameters:
      userId - identifier of user
      originalEntity - original glossary details
      newEntityProperties - new glossary details
      repositoryHelper - helper for OMRS objects
      serviceName - calling service
      methodName - calling method
      Throws:
      UserNotAuthorizedException - the user is not authorized to change this glossary
    • validateUserForGlossaryMemberUpdate

      public void validateUserForGlossaryMemberUpdate(String userId, EntityDetail entity, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to update elements attached directly to a glossary such as glossary terms and categories. These updates could be to their properties, classifications and relationships. It also includes attaching valid values but not semantic assignments since they are considered updates to the associated asset.
      Parameters:
      userId - identifier of user
      entity - glossary details
      repositoryHelper - helper for OMRS objects
      serviceName - calling service
      methodName - calling method
      Throws:
      UserNotAuthorizedException - the user is not authorized to change this glossary
    • validateUserForGlossaryMemberStatusUpdate

      public void validateUserForGlossaryMemberStatusUpdate(String userId, EntityDetail entity, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to update the instance status of a term anchored in a glossary.
      Parameters:
      userId - identifier of user
      entity - glossary details
      repositoryHelper - helper for OMRS objects
      serviceName - calling service
      methodName - calling method
      Throws:
      UserNotAuthorizedException - the user is not authorized to change this glossary
    • validateUserForGlossaryFeedback

      public void validateUserForGlossaryFeedback(String userId, EntityDetail entity, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to attach feedback - such as comments, ratings, tags and likes, to the glossary.
      Parameters:
      userId - identifier of user
      entity - original glossary details
      repositoryHelper - helper for OMRS objects
      serviceName - calling service
      methodName - calling method
      Throws:
      UserNotAuthorizedException - the user is not authorized to change this glossary
    • validateUserForGlossaryDelete

      public void validateUserForGlossaryDelete(String userId, EntityDetail entity, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to delete a glossary and all of its contents.
      Parameters:
      userId - identifier of user
      entity - original glossary details
      repositoryHelper - helper for OMRS objects
      serviceName - calling service
      methodName - calling method
      Throws:
      UserNotAuthorizedException - the user is not authorized to change this glossary
    • validateUserForTypeCreate

      public void validateUserForTypeCreate(String userId, String metadataCollectionName, TypeDef typeDef) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to create a type within a repository.
      Specified by:
      validateUserForTypeCreate in interface OpenMetadataRepositorySecurity
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      typeDef - type details
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain types
    • validateUserForTypeCreate

      public void validateUserForTypeCreate(String userId, String metadataCollectionName, AttributeTypeDef attributeTypeDef) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to create a type within a repository.
      Specified by:
      validateUserForTypeCreate in interface OpenMetadataRepositorySecurity
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      attributeTypeDef - type details
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain types
    • validateUserForTypeRead

      public void validateUserForTypeRead(String userId, String metadataCollectionName, TypeDef typeDef) throws UserNotAuthorizedException
      Tests for whether a specific user should have read access to a specific type within a repository.
      Specified by:
      validateUserForTypeRead in interface OpenMetadataRepositorySecurity
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      typeDef - type details
      Throws:
      UserNotAuthorizedException - the user is not authorized to retrieve types
    • validateUserForTypeRead

      public void validateUserForTypeRead(String userId, String metadataCollectionName, AttributeTypeDef attributeTypeDef) throws UserNotAuthorizedException
      Tests for whether a specific user should have read access to a specific type within a repository.
      Specified by:
      validateUserForTypeRead in interface OpenMetadataRepositorySecurity
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      attributeTypeDef - type details
      Throws:
      UserNotAuthorizedException - the user is not authorized to retrieve types
    • validateUserForTypeUpdate

      public void validateUserForTypeUpdate(String userId, String metadataCollectionName, TypeDef typeDef, TypeDefPatch patch) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to update a type within a repository.
      Specified by:
      validateUserForTypeUpdate in interface OpenMetadataRepositorySecurity
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      typeDef - type details
      patch - changes to the type
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain types
    • validateUserForTypeDelete

      public void validateUserForTypeDelete(String userId, String metadataCollectionName, TypeDef typeDef) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to delete a type within a repository.
      Specified by:
      validateUserForTypeDelete in interface OpenMetadataRepositorySecurity
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      typeDef - type details
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain types
    • validateUserForTypeDelete

      public void validateUserForTypeDelete(String userId, String metadataCollectionName, AttributeTypeDef attributeTypeDef) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to delete a type within a repository.
      Specified by:
      validateUserForTypeDelete in interface OpenMetadataRepositorySecurity
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      attributeTypeDef - type details
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain types
    • validateUserForTypeReIdentify

      public void validateUserForTypeReIdentify(String userId, String metadataCollectionName, TypeDef originalTypeDef, String newTypeDefGUID, String newTypeDefName) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to change the identifiers for a type within a repository.
      Specified by:
      validateUserForTypeReIdentify in interface OpenMetadataRepositorySecurity
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      originalTypeDef - type details
      newTypeDefGUID - the new identifier for the type.
      newTypeDefName - new name for this type.
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain types
    • validateUserForTypeReIdentify

      public void validateUserForTypeReIdentify(String userId, String metadataCollectionName, AttributeTypeDef originalAttributeTypeDef, String newTypeDefGUID, String newTypeDefName) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to change the identifiers for a type within a repository.
      Specified by:
      validateUserForTypeReIdentify in interface OpenMetadataRepositorySecurity
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      originalAttributeTypeDef - type details
      newTypeDefGUID - the new identifier for the type.
      newTypeDefName - new name for this type.
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain types
    • validateUserForEntityCreate

      public void validateUserForEntityCreate(String userId, String metadataCollectionName, String entityTypeGUID, InstanceProperties initialProperties, List<Classification> initialClassifications, InstanceStatus initialStatus) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to create an instance within a repository.
      Specified by:
      validateUserForEntityCreate in interface OpenMetadataRepositorySecurity
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      entityTypeGUID - unique identifier (guid) for the new entity's type.
      initialProperties - initial list of properties for the new entity null means no properties.
      initialClassifications - initial list of classifications for the new entity null means no classifications.
      initialStatus - initial status typically DRAFT, PREPARED or ACTIVE.
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain instances
    • validateUserForEntityRead

      public EntityDetail validateUserForEntityRead(String userId, String metadataCollectionName, EntityDetail instance) throws UserNotAuthorizedException
      Tests for whether a specific user should have read access to a specific instance within a repository.
      Specified by:
      validateUserForEntityRead in interface OpenMetadataRepositorySecurity
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      instance - instance details
      Returns:
      entity to return (maybe altered by the connector)
      Throws:
      UserNotAuthorizedException - the user is not authorized to retrieve instances
    • validateUserForEntitySummaryRead

      public void validateUserForEntitySummaryRead(String userId, String metadataCollectionName, EntitySummary instance) throws UserNotAuthorizedException
      Tests for whether a specific user should have read access to a specific instance within a repository.
      Specified by:
      validateUserForEntitySummaryRead in interface OpenMetadataRepositorySecurity
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      instance - instance details
      Throws:
      UserNotAuthorizedException - the user is not authorized to retrieve instances
    • validateUserForEntityProxyRead

      public void validateUserForEntityProxyRead(String userId, String metadataCollectionName, EntityProxy instance) throws UserNotAuthorizedException
      Tests for whether a specific user should have read access to a specific instance within a repository.
      Specified by:
      validateUserForEntityProxyRead in interface OpenMetadataRepositorySecurity
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      instance - instance details
      Throws:
      UserNotAuthorizedException - the user is not authorized to retrieve instances
    • validateUserForEntityUpdate

      public void validateUserForEntityUpdate(String userId, String metadataCollectionName, EntityDetail instance) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to update an instance within a repository.
      Specified by:
      validateUserForEntityUpdate in interface OpenMetadataRepositorySecurity
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      instance - instance details
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain instances
    • validateUserForEntityClassificationAdd

      public void validateUserForEntityClassificationAdd(String userId, String metadataCollectionName, EntitySummary instance, String classificationName, InstanceProperties properties) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to add a classification to an entity instance within a repository.
      Specified by:
      validateUserForEntityClassificationAdd in interface OpenMetadataRepositorySecurity
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      instance - instance details
      classificationName - String name for the classification.
      properties - list of properties for the classification.
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain instances
    • validateUserForEntityClassificationUpdate

      public void validateUserForEntityClassificationUpdate(String userId, String metadataCollectionName, EntitySummary instance, String classificationName, InstanceProperties properties) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to update the classification for an entity instance within a repository.
      Specified by:
      validateUserForEntityClassificationUpdate in interface OpenMetadataRepositorySecurity
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      instance - instance details
      classificationName - String name for the classification.
      properties - list of properties for the classification.
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain instances
    • validateUserForEntityClassificationDelete

      public void validateUserForEntityClassificationDelete(String userId, String metadataCollectionName, EntitySummary instance, String classificationName) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to delete a classification from an entity instance within a repository.
      Specified by:
      validateUserForEntityClassificationDelete in interface OpenMetadataRepositorySecurity
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      instance - instance details
      classificationName - String name for the classification.
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain instances
    • validateUserForEntityDelete

      public void validateUserForEntityDelete(String userId, String metadataCollectionName, EntityDetail instance) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to delete an instance within a repository.
      Specified by:
      validateUserForEntityDelete in interface OpenMetadataRepositorySecurity
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      instance - instance details
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain instances
    • validateUserForEntityRestore

      public void validateUserForEntityRestore(String userId, String metadataCollectionName, String deletedEntityGUID) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to delete an instance within a repository.
      Specified by:
      validateUserForEntityRestore in interface OpenMetadataRepositorySecurity
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      deletedEntityGUID - String unique identifier (guid) for the entity.
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain instances
    • validateUserForEntityReIdentification

      public void validateUserForEntityReIdentification(String userId, String metadataCollectionName, EntityDetail instance, String newGUID) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to change the guid on an instance within a repository.
      Specified by:
      validateUserForEntityReIdentification in interface OpenMetadataRepositorySecurity
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      instance - instance details
      newGUID - the new guid for the instance.
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain instances
    • validateUserForEntityReTyping

      public void validateUserForEntityReTyping(String userId, String metadataCollectionName, EntityDetail instance, TypeDefSummary newTypeDefSummary) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to change an instance's type within a repository.
      Specified by:
      validateUserForEntityReTyping in interface OpenMetadataRepositorySecurity
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      instance - instance details
      newTypeDefSummary - details of this instance's new TypeDef.
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain instances
    • validateUserForEntityReHoming

      public void validateUserForEntityReHoming(String userId, String metadataCollectionName, EntityDetail instance, String newHomeMetadataCollectionId, String newHomeMetadataCollectionName) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to change the home of an instance within a repository.
      Specified by:
      validateUserForEntityReHoming in interface OpenMetadataRepositorySecurity
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      instance - instance details
      newHomeMetadataCollectionId - unique identifier for the new home metadata collection/repository.
      newHomeMetadataCollectionName - display name for the new home metadata collection/repository.
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain instances
    • validateUserForRelationshipCreate

      public void validateUserForRelationshipCreate(String userId, String metadataCollectionName, String relationshipTypeGUID, InstanceProperties initialProperties, EntitySummary entityOneSummary, EntitySummary entityTwoSummary, InstanceStatus initialStatus) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to create an instance within a repository.
      Specified by:
      validateUserForRelationshipCreate in interface OpenMetadataRepositorySecurity
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      relationshipTypeGUID - unique identifier (guid) for the new relationship's type.
      initialProperties - initial list of properties for the new entity null means no properties.
      entityOneSummary - the unique identifier of one of the entities that the relationship is connecting together.
      entityTwoSummary - the unique identifier of the other entity that the relationship is connecting together.
      initialStatus - initial status typically DRAFT, PREPARED or ACTIVE.
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain instances
    • validateUserForRelationshipRead

      public Relationship validateUserForRelationshipRead(String userId, String metadataCollectionName, Relationship instance) throws UserNotAuthorizedException
      Tests for whether a specific user should have read access to a specific instance within a repository.
      Specified by:
      validateUserForRelationshipRead in interface OpenMetadataRepositorySecurity
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      instance - instance details
      Returns:
      relationship to return (maybe altered by the connector)
      Throws:
      UserNotAuthorizedException - the user is not authorized to retrieve instances
    • validateUserForRelationshipUpdate

      public void validateUserForRelationshipUpdate(String userId, String metadataCollectionName, Relationship instance) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to update an instance within a repository.
      Specified by:
      validateUserForRelationshipUpdate in interface OpenMetadataRepositorySecurity
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      instance - instance details
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain instances
    • validateUserForRelationshipDelete

      public void validateUserForRelationshipDelete(String userId, String metadataCollectionName, Relationship instance) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to delete an instance within a repository.
      Specified by:
      validateUserForRelationshipDelete in interface OpenMetadataRepositorySecurity
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      instance - instance details
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain instances
    • validateUserForRelationshipRestore

      public void validateUserForRelationshipRestore(String userId, String metadataCollectionName, String deletedRelationshipGUID) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to delete an instance within a repository.
      Specified by:
      validateUserForRelationshipRestore in interface OpenMetadataRepositorySecurity
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      deletedRelationshipGUID - String unique identifier (guid) for the relationship.
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain instances
    • validateUserForRelationshipReIdentification

      public void validateUserForRelationshipReIdentification(String userId, String metadataCollectionName, Relationship instance, String newGUID) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to change the guid on an instance within a repository.
      Specified by:
      validateUserForRelationshipReIdentification in interface OpenMetadataRepositorySecurity
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      instance - instance details
      newGUID - the new guid for the instance.
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain instances
    • validateUserForRelationshipReTyping

      public void validateUserForRelationshipReTyping(String userId, String metadataCollectionName, Relationship instance, TypeDefSummary newTypeDefSummary) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to change an instance's type within a repository.
      Specified by:
      validateUserForRelationshipReTyping in interface OpenMetadataRepositorySecurity
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      instance - instance details
      newTypeDefSummary - details of this instance's new TypeDef.
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain instances
    • validateUserForRelationshipReHoming

      public void validateUserForRelationshipReHoming(String userId, String metadataCollectionName, Relationship instance, String newHomeMetadataCollectionId, String newHomeMetadataCollectionName) throws UserNotAuthorizedException
      Tests for whether a specific user should have the right to change the home of an instance within a repository.
      Specified by:
      validateUserForRelationshipReHoming in interface OpenMetadataRepositorySecurity
      Parameters:
      userId - identifier of user
      metadataCollectionName - configurable name of the metadata collection
      instance - instance details
      newHomeMetadataCollectionId - unique identifier for the new home metadata collection/repository.
      newHomeMetadataCollectionName - display name for the new home metadata collection/repository.
      Throws:
      UserNotAuthorizedException - the user is not authorized to maintain instances
    • validateEntityReferenceCopySave

      public boolean validateEntityReferenceCopySave(EntityDetail instance)
      Tests for whether a reference copy should be saved to the repository.
      Specified by:
      validateEntityReferenceCopySave in interface OpenMetadataRepositorySecurity
      Parameters:
      instance - instance details
      Returns:
      flag indicating whether the reference copy should be saved
    • validateRelationshipReferenceCopySave

      public boolean validateRelationshipReferenceCopySave(Relationship instance)
      Tests for whether a reference copy should be saved to the repository.
      Specified by:
      validateRelationshipReferenceCopySave in interface OpenMetadataRepositorySecurity
      Parameters:
      instance - instance details
      Returns:
      flag indicating whether the reference copy should be saved
    • validateInboundEvent

      public OMRSInstanceEvent validateInboundEvent(String cohortName, OMRSInstanceEvent event)
      Validate whether an event received from another member of the cohort should be processed by this server.
      Specified by:
      validateInboundEvent in interface OpenMetadataEventsSecurity
      Parameters:
      cohortName - name of the cohort
      event - event that has been received
      Returns:
      inbound event to process (maybe updated) or null to indicate that the event should be ignored
    • validateOutboundEvent

      public OMRSInstanceEvent validateOutboundEvent(String cohortName, OMRSInstanceEvent event)
      Validate whether an event should be sent to the other members of the cohort by this server.
      Specified by:
      validateOutboundEvent in interface OpenMetadataEventsSecurity
      Parameters:
      cohortName - name of the cohort
      event - event that has been received
      Returns:
      outbound event to send (maybe updated) or null to indicate that the event should be ignored