Class OpenMetadataServerSecurityVerifier
java.lang.Object
org.odpi.openmetadata.metadatasecurity.server.OpenMetadataServerSecurityVerifier
- All Implemented Interfaces:
OpenMetadataServerSecurity
,OpenMetadataServiceSecurity
,OpenMetadataRepositorySecurity
,OpenMetadataEventsSecurity
public class OpenMetadataServerSecurityVerifier
extends Object
implements OpenMetadataRepositorySecurity, OpenMetadataEventsSecurity, OpenMetadataServerSecurity, OpenMetadataServiceSecurity
OpenMetadataServerSecurityVerifier provides the plug-in point for the open metadata server connector.
It supports the same security interfaces, and handles the fact that the security connector is
optional.
-
Field Summary
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionvoid
registerSecurityValidator
(String localServerUserId, String serverName, AuditLog auditLog, Connection connection) Register an open metadata server security connector to verify access to the server's services.selectConnection
(String userId, EntityDetail assetEntity, List<EntityDetail> connectionEntities, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) Use the security connector to make a choice on which connection to supply to the requesting user.boolean
validateEntityReferenceCopySave
(EntityDetail instance) Tests for whether a reference copy should be saved to the repository.validateInboundEvent
(String cohortName, OMRSInstanceEvent event) Validate whether an event received from another member of the cohort should be processed by this server.validateOutboundEvent
(String cohortName, OMRSInstanceEvent event) Validate whether an event should be sent to the other members of the cohort by this server.boolean
Tests for whether a reference copy should be saved to the repository.void
validateUserAsServerAdmin
(String userId) Check that the calling user is authorized to update the configuration for a server.void
Check that the calling user is authorized to issue operator requests to the OMAG Server.void
validateUserAsServerOperator
(String userId) Check that the calling user is authorized to issue operator requests to the OMAG Server.void
validateUserForAssetAttachment
(String userId, String assetGUID, String assetGUIDParameterName, EntityDetail assetEntity, boolean isExplicitGetRequest, boolean isFeedback, boolean isUpdate, List<String> suppliedSupportedZones, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) Validate that the user is able to perform the requested action on an attachment.void
validateUserForAssetCreate
(String userId, String entityTypeGUID, String entityTypeName, InstanceProperties newProperties, List<Classification> classifications, InstanceStatus instanceStatus, List<String> defaultZones, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) Tests for whether a specific user should have the right to create an asset within a zone.void
validateUserForAssetDelete
(String userId, EntityDetail assetEntity, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) Tests for whether a specific user should have the right to delete an asset.void
validateUserForAssetRead
(String userId, String assetGUID, String assetGUIDParameterName, EntityDetail assetEntity, boolean isExplicitGetRequest, List<String> suppliedSupportedZones, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) Validate that the user is able to perform the requested action on an attachment.void
validateUserForAssetUpdate
(String userId, EntityDetail originalAssetEntity, InstanceProperties updatedAssetProperties, InstanceStatus newInstanceStatus, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) Validate that the user is able to perform the requested action on an asset.void
validateUserForConnection
(String userId, Connection connection) Tests for whether a specific user should have access to a connection.void
validateUserForConnection
(String userId, EntityDetail entity, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) Validate that the user is able to retrieve the requested connection.void
validateUserForEntityClassificationAdd
(String userId, String metadataCollectionName, EntitySummary instance, String classificationName, InstanceProperties properties) Tests for whether a specific user should have the right to add a classification to an entity instance within a repository.void
validateUserForEntityClassificationDelete
(String userId, String metadataCollectionName, EntitySummary instance, String classificationName) Tests for whether a specific user should have the right to delete a classification from an entity instance within a repository.void
validateUserForEntityClassificationUpdate
(String userId, String metadataCollectionName, EntitySummary instance, String classificationName, InstanceProperties properties) Tests for whether a specific user should have the right to update the classification for an entity instance within a repository.void
validateUserForEntityCreate
(String userId, String metadataCollectionName, String entityTypeGUID, InstanceProperties initialProperties, List<Classification> initialClassifications, InstanceStatus initialStatus) Tests for whether a specific user should have the right to create an instance within a repository.void
validateUserForEntityDelete
(String userId, String metadataCollectionName, EntityDetail instance) Tests for whether a specific user should have the right to delete an instance within a repository.void
validateUserForEntityProxyRead
(String userId, String metadataCollectionName, EntityProxy instance) Tests for whether a specific user should have read access to a specific instance within a repository.validateUserForEntityRead
(String userId, String metadataCollectionName, EntityDetail instance) Tests for whether a specific user should have read access to a specific instance within a repository.void
validateUserForEntityReHoming
(String userId, String metadataCollectionName, EntityDetail instance, String newHomeMetadataCollectionId, String newHomeMetadataCollectionName) Tests for whether a specific user should have the right to change the home of an instance within a repository.void
validateUserForEntityReIdentification
(String userId, String metadataCollectionName, EntityDetail instance, String newGUID) Tests for whether a specific user should have the right to change the guid on an instance within a repository.void
validateUserForEntityRestore
(String userId, String metadataCollectionName, String deletedEntityGUID) Tests for whether a specific user should have the right to delete an instance within a repository.void
validateUserForEntityReTyping
(String userId, String metadataCollectionName, EntityDetail instance, TypeDefSummary newTypeDefSummary) Tests for whether a specific user should have the right to change an instance's type within a repository.void
validateUserForEntitySummaryRead
(String userId, String metadataCollectionName, EntitySummary instance) Tests for whether a specific user should have read access to a specific instance within a repository.void
validateUserForEntityUpdate
(String userId, String metadataCollectionName, EntityDetail instance) Tests for whether a specific user should have the right to update an instance within a repository.void
validateUserForGlossaryCreate
(String userId, String entityTypeGUID, String entityTypeName, InstanceProperties newProperties, List<Classification> classifications, InstanceStatus instanceStatus, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) Tests for whether a specific user should have the right to create a glossary.void
validateUserForGlossaryDelete
(String userId, EntityDetail entity, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) Tests for whether a specific user should have the right to delete a glossary and all of its contents.void
validateUserForGlossaryDetailUpdate
(String userId, EntityDetail originalEntity, InstanceProperties newEntityProperties, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) Tests for whether a specific user should have the right to update the properties of a glossary.void
validateUserForGlossaryFeedback
(String userId, EntityDetail entity, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) Tests for whether a specific user should have the right to attach feedback - such as comments, ratings, tags and likes, to the glossary.void
validateUserForGlossaryMemberStatusUpdate
(String userId, EntityDetail entity, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) Tests for whether a specific user should have the right to update the instance status of a term anchored in a glossary.void
validateUserForGlossaryMemberUpdate
(String userId, EntityDetail entity, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) Tests for whether a specific user should have the right to update elements attached directly to a glossary such as glossary terms and categories.void
validateUserForGlossaryRead
(String userId, EntityDetail entity, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) Tests for whether a specific user should have read access to a specific glossary and its contents.void
validateUserForRelationshipCreate
(String userId, String metadataCollectionName, String relationshipTypeGUID, InstanceProperties initialProperties, EntitySummary entityOneSummary, EntitySummary entityTwoSummary, InstanceStatus initialStatus) Tests for whether a specific user should have the right to create an instance within a repository.void
validateUserForRelationshipDelete
(String userId, String metadataCollectionName, Relationship instance) Tests for whether a specific user should have the right to delete an instance within a repository.validateUserForRelationshipRead
(String userId, String metadataCollectionName, Relationship instance) Tests for whether a specific user should have read access to a specific instance within a repository.void
validateUserForRelationshipReHoming
(String userId, String metadataCollectionName, Relationship instance, String newHomeMetadataCollectionId, String newHomeMetadataCollectionName) Tests for whether a specific user should have the right to change the home of an instance within a repository.void
validateUserForRelationshipReIdentification
(String userId, String metadataCollectionName, Relationship instance, String newGUID) Tests for whether a specific user should have the right to change the guid on an instance within a repository.void
validateUserForRelationshipRestore
(String userId, String metadataCollectionName, String deletedRelationshipGUID) Tests for whether a specific user should have the right to delete an instance within a repository.void
validateUserForRelationshipReTyping
(String userId, String metadataCollectionName, Relationship instance, TypeDefSummary newTypeDefSummary) Tests for whether a specific user should have the right to change an instance's type within a repository.void
validateUserForRelationshipUpdate
(String userId, String metadataCollectionName, Relationship instance) Tests for whether a specific user should have the right to update an instance within a repository.void
validateUserForServer
(String userId) Check that the calling user is authorized to issue a (any) request to the OMAG Server Platform.void
validateUserForService
(String userId, String serviceName) Check that the calling user is authorized to issue this request.void
validateUserForServiceOperation
(String userId, String serviceName, String serviceOperationName) Check that the calling user is authorized to issue this specific request.void
validateUserForTypeCreate
(String userId, String metadataCollectionName, AttributeTypeDef attributeTypeDef) Tests for whether a specific user should have the right to create a type within a repository.void
validateUserForTypeCreate
(String userId, String metadataCollectionName, TypeDef typeDef) Tests for whether a specific user should have the right to create a type within a repository.void
validateUserForTypeDelete
(String userId, String metadataCollectionName, AttributeTypeDef attributeTypeDef) Tests for whether a specific user should have the right to delete a type within a repository.void
validateUserForTypeDelete
(String userId, String metadataCollectionName, TypeDef typeDef) Tests for whether a specific user should have the right to delete a type within a repository.void
validateUserForTypeRead
(String userId, String metadataCollectionName, AttributeTypeDef attributeTypeDef) Tests for whether a specific user should have read access to a specific type within a repository.void
validateUserForTypeRead
(String userId, String metadataCollectionName, TypeDef typeDef) Tests for whether a specific user should have read access to a specific type within a repository.void
validateUserForTypeReIdentify
(String userId, String metadataCollectionName, AttributeTypeDef originalAttributeTypeDef, String newTypeDefGUID, String newTypeDefName) Tests for whether a specific user should have the right to change the identifiers for a type within a repository.void
validateUserForTypeReIdentify
(String userId, String metadataCollectionName, TypeDef originalTypeDef, String newTypeDefGUID, String newTypeDefName) Tests for whether a specific user should have the right to change the identifiers for a type within a repository.void
validateUserForTypeUpdate
(String userId, String metadataCollectionName, TypeDef typeDef, TypeDefPatch patch) Tests for whether a specific user should have the right to update a type within a repository.verifyAssetZones
(List<String> defaultZones, List<String> supportedZones, List<String> publishZones, Asset originalAsset, Asset updatedAsset) Determine the appropriate setting for the asset zones depending on the content of the asset and the settings of both default zones and supported zones.
-
Field Details
-
SEVERITY_LEVEL_IDENTIFIER_PROPERTY_NAME
- See Also:
-
-
Constructor Details
-
OpenMetadataServerSecurityVerifier
public OpenMetadataServerSecurityVerifier()Default constructor
-
-
Method Details
-
registerSecurityValidator
public void registerSecurityValidator(String localServerUserId, String serverName, AuditLog auditLog, Connection connection) throws InvalidParameterException Register an open metadata server security connector to verify access to the server's services.- Parameters:
localServerUserId
- local server's userIdserverName
- local server's nameauditLog
- logging destinationconnection
- properties used to create the connector- Throws:
InvalidParameterException
- the connection is invalid
-
verifyAssetZones
public List<String> verifyAssetZones(List<String> defaultZones, List<String> supportedZones, List<String> publishZones, Asset originalAsset, Asset updatedAsset) throws InvalidParameterException, PropertyServerException Determine the appropriate setting for the asset zones depending on the content of the asset and the settings of both default zones and supported zones. This method is called whenever an asset's values are changed. The default behavior is to keep the updated zones as they are.- Parameters:
defaultZones
- setting of the default zones for the servicesupportedZones
- setting of the supported zones for the servicepublishZones
- setting of the zones that are set when an asset is published for the serviceoriginalAsset
- original values for the assetupdatedAsset
- updated values for the asset- Returns:
- list of zones to set in the asset
- Throws:
InvalidParameterException
- one of the asset values is invalidPropertyServerException
- there is a problem calculating the zones
-
validateUserForConnection
public void validateUserForConnection(String userId, EntityDetail entity, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException Validate that the user is able to retrieve the requested connection.- Parameters:
userId
- calling userentity
- entity storing the connection's propertiesrepositoryHelper
- for working with OMRS objectsserviceName
- calling servicemethodName
- calling method- Throws:
UserNotAuthorizedException
- user not authorized to access this connection
-
selectConnection
public EntityDetail selectConnection(String userId, EntityDetail assetEntity, List<EntityDetail> connectionEntities, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException, PropertyServerException Use the security connector to make a choice on which connection to supply to the requesting user.- Parameters:
userId
- calling userIdassetEntity
- associated asset - may be nullconnectionEntities
- list of retrieved connectionsrepositoryHelper
- for working with OMRS objectsserviceName
- calling servicemethodName
- calling method- Returns:
- single connection entity, or null
- Throws:
UserNotAuthorizedException
- the user is not able to use any of the connectionsPropertyServerException
- unable to reduce the number of connections to
-
validateUserForServer
Check that the calling user is authorized to issue a (any) request to the OMAG Server Platform.- Specified by:
validateUserForServer
in interfaceOpenMetadataServerSecurity
- Parameters:
userId
- calling user- Throws:
UserNotAuthorizedException
- the user is not authorized to access this function
-
validateUserAsServerAdmin
Check that the calling user is authorized to update the configuration for a server.- Specified by:
validateUserAsServerAdmin
in interfaceOpenMetadataServerSecurity
- Parameters:
userId
- calling user- Throws:
UserNotAuthorizedException
- the user is not authorized to change configuration
-
validateUserAsServerOperator
Check that the calling user is authorized to issue operator requests to the OMAG Server.- Specified by:
validateUserAsServerOperator
in interfaceOpenMetadataServerSecurity
- Parameters:
userId
- calling user- Throws:
UserNotAuthorizedException
- the user is not authorized to issue operator commands to this server
-
validateUserAsServerInvestigator
Check that the calling user is authorized to issue operator requests to the OMAG Server.- Specified by:
validateUserAsServerInvestigator
in interfaceOpenMetadataServerSecurity
- Parameters:
userId
- calling user- Throws:
UserNotAuthorizedException
- the user is not authorized to issue diagnostic commands to this server
-
validateUserForService
public void validateUserForService(String userId, String serviceName) throws UserNotAuthorizedException Check that the calling user is authorized to issue this request.- Specified by:
validateUserForService
in interfaceOpenMetadataServiceSecurity
- Parameters:
userId
- calling userserviceName
- name of called service- Throws:
UserNotAuthorizedException
- the user is not authorized to access this service
-
validateUserForServiceOperation
public void validateUserForServiceOperation(String userId, String serviceName, String serviceOperationName) throws UserNotAuthorizedException Check that the calling user is authorized to issue this specific request.- Specified by:
validateUserForServiceOperation
in interfaceOpenMetadataServiceSecurity
- Parameters:
userId
- calling userserviceName
- name of called serviceserviceOperationName
- name of called operation- Throws:
UserNotAuthorizedException
- the user is not authorized to access this service
-
validateUserForConnection
public void validateUserForConnection(String userId, Connection connection) throws UserNotAuthorizedException Tests for whether a specific user should have access to a connection.- Parameters:
userId
- identifier of userconnection
- connection object- Throws:
UserNotAuthorizedException
- the user is not authorized to access this service
-
validateUserForAssetCreate
public void validateUserForAssetCreate(String userId, String entityTypeGUID, String entityTypeName, InstanceProperties newProperties, List<Classification> classifications, InstanceStatus instanceStatus, List<String> defaultZones, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException, InvalidParameterException, PropertyServerException Tests for whether a specific user should have the right to create an asset within a zone.- Parameters:
userId
- identifier of userentityTypeGUID
- unique identifier of the type of entity to createentityTypeName
- unique name of the type of entity to createnewProperties
- properties for new entityclassifications
- classifications for new entityinstanceStatus
- status for new entitydefaultZones
- initial setting of the asset's zone membershiprepositoryHelper
- manipulates repository service objectsserviceName
- calling servicemethodName
- calling method- Throws:
UserNotAuthorizedException
- the user is not authorized to access this zoneInvalidParameterException
- Something wrong with the supplied parametersPropertyServerException
- logic error because classification type not recognized
-
validateUserForAssetRead
public void validateUserForAssetRead(String userId, String assetGUID, String assetGUIDParameterName, EntityDetail assetEntity, boolean isExplicitGetRequest, List<String> suppliedSupportedZones, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws InvalidParameterException, PropertyServerException, UserNotAuthorizedException Validate that the user is able to perform the requested action on an attachment. This method should be used by the other handlers to verify whether the element they are working with is attached to a visible asset (ie is a member of one of the supported zones) that can be operated on by the calling user.- Parameters:
userId
- calling userassetGUID
- unique identifier of the assetassetGUIDParameterName
- name of parameter supplying the assetGUIDassetEntity
- entity storing the asset's propertiesisExplicitGetRequest
- Is this request an explicit get request for the asset or a find request.suppliedSupportedZones
- list of supported zones from the caller.repositoryHelper
- helper for OMRS objectsserviceName
- calling servicemethodName
- calling method- Throws:
InvalidParameterException
- the bean properties are invalidUserNotAuthorizedException
- user not authorized to issue this requestPropertyServerException
- problem accessing the property server
-
validateUserForAssetAttachment
public void validateUserForAssetAttachment(String userId, String assetGUID, String assetGUIDParameterName, EntityDetail assetEntity, boolean isExplicitGetRequest, boolean isFeedback, boolean isUpdate, List<String> suppliedSupportedZones, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws InvalidParameterException, PropertyServerException, UserNotAuthorizedException Validate that the user is able to perform the requested action on an attachment. This method should be used by the other handlers to verify whether the element they are working with is attached to a visible asset (ie is a member of one of the supported zones) that can be operated on by the calling user.- Parameters:
userId
- calling userassetGUID
- unique identifier of the assetassetGUIDParameterName
- name of parameter supplying the assetGUIDassetEntity
- entity storing the root of the assetisExplicitGetRequest
- Is this request an explicit get request for the asset or a find request.isFeedback
- is this request related to a feedback element (comment, like, rating) or an attachmentisUpdate
- is this an update request?suppliedSupportedZones
- list of supported zones from the caller.repositoryHelper
- works with OMRS objectsserviceName
- calling servicemethodName
- calling method- Throws:
InvalidParameterException
- the bean properties are invalidUserNotAuthorizedException
- user not authorized to issue this requestPropertyServerException
- problem accessing the property server
-
validateUserForAssetUpdate
public void validateUserForAssetUpdate(String userId, EntityDetail originalAssetEntity, InstanceProperties updatedAssetProperties, InstanceStatus newInstanceStatus, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException Validate that the user is able to perform the requested action on an asset. This method should be used by the other handlers to verify whether the asset they are working with that can be operated on by the calling user.- Parameters:
userId
- calling useroriginalAssetEntity
- entity storing the current assetupdatedAssetProperties
- properties after the update has completednewInstanceStatus
- status of the entity once the update is completerepositoryHelper
- works with OMRS objectsserviceName
- calling servicemethodName
- calling method- Throws:
UserNotAuthorizedException
- user not authorized to issue this request
-
validateUserForAssetDelete
public void validateUserForAssetDelete(String userId, EntityDetail assetEntity, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws InvalidParameterException, PropertyServerException, UserNotAuthorizedException Tests for whether a specific user should have the right to delete an asset.- Parameters:
userId
- calling userassetEntity
- entity storing the asset's propertiesrepositoryHelper
- helper for OMRS objectsserviceName
- calling servicemethodName
- calling method- Throws:
InvalidParameterException
- the bean properties are invalidUserNotAuthorizedException
- user not authorized to issue this requestPropertyServerException
- problem accessing the property server
-
validateUserForGlossaryCreate
public void validateUserForGlossaryCreate(String userId, String entityTypeGUID, String entityTypeName, InstanceProperties newProperties, List<Classification> classifications, InstanceStatus instanceStatus, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to create a glossary.- Parameters:
userId
- identifier of userentityTypeGUID
- unique identifier of the type of entity to createentityTypeName
- unique name of the type of entity to createnewProperties
- properties for new entityclassifications
- classifications for new entityinstanceStatus
- status for new entityrepositoryHelper
- manipulates repository service objectsserviceName
- calling servicemethodName
- calling method- Throws:
UserNotAuthorizedException
- the user is not authorized to perform this command
-
validateUserForGlossaryRead
public void validateUserForGlossaryRead(String userId, EntityDetail entity, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException Tests for whether a specific user should have read access to a specific glossary and its contents.- Parameters:
userId
- calling userentity
- entity storing the glossary's propertiesrepositoryHelper
- helper for OMRS objectsserviceName
- calling servicemethodName
- calling method- Throws:
UserNotAuthorizedException
- user not authorized to issue this request
-
validateUserForGlossaryDetailUpdate
public void validateUserForGlossaryDetailUpdate(String userId, EntityDetail originalEntity, InstanceProperties newEntityProperties, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to update the properties of a glossary.- Parameters:
userId
- identifier of useroriginalEntity
- original glossary detailsnewEntityProperties
- new glossary detailsrepositoryHelper
- helper for OMRS objectsserviceName
- calling servicemethodName
- calling method- Throws:
UserNotAuthorizedException
- the user is not authorized to change this glossary
-
validateUserForGlossaryMemberUpdate
public void validateUserForGlossaryMemberUpdate(String userId, EntityDetail entity, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to update elements attached directly to a glossary such as glossary terms and categories. These updates could be to their properties, classifications and relationships. It also includes attaching valid values but not semantic assignments since they are considered updates to the associated asset.- Parameters:
userId
- identifier of userentity
- glossary detailsrepositoryHelper
- helper for OMRS objectsserviceName
- calling servicemethodName
- calling method- Throws:
UserNotAuthorizedException
- the user is not authorized to change this glossary
-
validateUserForGlossaryMemberStatusUpdate
public void validateUserForGlossaryMemberStatusUpdate(String userId, EntityDetail entity, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to update the instance status of a term anchored in a glossary.- Parameters:
userId
- identifier of userentity
- glossary detailsrepositoryHelper
- helper for OMRS objectsserviceName
- calling servicemethodName
- calling method- Throws:
UserNotAuthorizedException
- the user is not authorized to change this glossary
-
validateUserForGlossaryFeedback
public void validateUserForGlossaryFeedback(String userId, EntityDetail entity, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to attach feedback - such as comments, ratings, tags and likes, to the glossary.- Parameters:
userId
- identifier of userentity
- original glossary detailsrepositoryHelper
- helper for OMRS objectsserviceName
- calling servicemethodName
- calling method- Throws:
UserNotAuthorizedException
- the user is not authorized to change this glossary
-
validateUserForGlossaryDelete
public void validateUserForGlossaryDelete(String userId, EntityDetail entity, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to delete a glossary and all of its contents.- Parameters:
userId
- identifier of userentity
- original glossary detailsrepositoryHelper
- helper for OMRS objectsserviceName
- calling servicemethodName
- calling method- Throws:
UserNotAuthorizedException
- the user is not authorized to change this glossary
-
validateUserForTypeCreate
public void validateUserForTypeCreate(String userId, String metadataCollectionName, TypeDef typeDef) throws UserNotAuthorizedException Tests for whether a specific user should have the right to create a type within a repository.- Specified by:
validateUserForTypeCreate
in interfaceOpenMetadataRepositorySecurity
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectiontypeDef
- type details- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain types
-
validateUserForTypeCreate
public void validateUserForTypeCreate(String userId, String metadataCollectionName, AttributeTypeDef attributeTypeDef) throws UserNotAuthorizedException Tests for whether a specific user should have the right to create a type within a repository.- Specified by:
validateUserForTypeCreate
in interfaceOpenMetadataRepositorySecurity
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectionattributeTypeDef
- type details- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain types
-
validateUserForTypeRead
public void validateUserForTypeRead(String userId, String metadataCollectionName, TypeDef typeDef) throws UserNotAuthorizedException Tests for whether a specific user should have read access to a specific type within a repository.- Specified by:
validateUserForTypeRead
in interfaceOpenMetadataRepositorySecurity
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectiontypeDef
- type details- Throws:
UserNotAuthorizedException
- the user is not authorized to retrieve types
-
validateUserForTypeRead
public void validateUserForTypeRead(String userId, String metadataCollectionName, AttributeTypeDef attributeTypeDef) throws UserNotAuthorizedException Tests for whether a specific user should have read access to a specific type within a repository.- Specified by:
validateUserForTypeRead
in interfaceOpenMetadataRepositorySecurity
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectionattributeTypeDef
- type details- Throws:
UserNotAuthorizedException
- the user is not authorized to retrieve types
-
validateUserForTypeUpdate
public void validateUserForTypeUpdate(String userId, String metadataCollectionName, TypeDef typeDef, TypeDefPatch patch) throws UserNotAuthorizedException Tests for whether a specific user should have the right to update a type within a repository.- Specified by:
validateUserForTypeUpdate
in interfaceOpenMetadataRepositorySecurity
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectiontypeDef
- type detailspatch
- changes to the type- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain types
-
validateUserForTypeDelete
public void validateUserForTypeDelete(String userId, String metadataCollectionName, TypeDef typeDef) throws UserNotAuthorizedException Tests for whether a specific user should have the right to delete a type within a repository.- Specified by:
validateUserForTypeDelete
in interfaceOpenMetadataRepositorySecurity
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectiontypeDef
- type details- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain types
-
validateUserForTypeDelete
public void validateUserForTypeDelete(String userId, String metadataCollectionName, AttributeTypeDef attributeTypeDef) throws UserNotAuthorizedException Tests for whether a specific user should have the right to delete a type within a repository.- Specified by:
validateUserForTypeDelete
in interfaceOpenMetadataRepositorySecurity
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectionattributeTypeDef
- type details- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain types
-
validateUserForTypeReIdentify
public void validateUserForTypeReIdentify(String userId, String metadataCollectionName, TypeDef originalTypeDef, String newTypeDefGUID, String newTypeDefName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to change the identifiers for a type within a repository.- Specified by:
validateUserForTypeReIdentify
in interfaceOpenMetadataRepositorySecurity
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectionoriginalTypeDef
- type detailsnewTypeDefGUID
- the new identifier for the type.newTypeDefName
- new name for this type.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain types
-
validateUserForTypeReIdentify
public void validateUserForTypeReIdentify(String userId, String metadataCollectionName, AttributeTypeDef originalAttributeTypeDef, String newTypeDefGUID, String newTypeDefName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to change the identifiers for a type within a repository.- Specified by:
validateUserForTypeReIdentify
in interfaceOpenMetadataRepositorySecurity
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectionoriginalAttributeTypeDef
- type detailsnewTypeDefGUID
- the new identifier for the type.newTypeDefName
- new name for this type.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain types
-
validateUserForEntityCreate
public void validateUserForEntityCreate(String userId, String metadataCollectionName, String entityTypeGUID, InstanceProperties initialProperties, List<Classification> initialClassifications, InstanceStatus initialStatus) throws UserNotAuthorizedException Tests for whether a specific user should have the right to create an instance within a repository.- Specified by:
validateUserForEntityCreate
in interfaceOpenMetadataRepositorySecurity
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectionentityTypeGUID
- unique identifier (guid) for the new entity's type.initialProperties
- initial list of properties for the new entity null means no properties.initialClassifications
- initial list of classifications for the new entity null means no classifications.initialStatus
- initial status typically DRAFT, PREPARED or ACTIVE.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForEntityRead
public EntityDetail validateUserForEntityRead(String userId, String metadataCollectionName, EntityDetail instance) throws UserNotAuthorizedException Tests for whether a specific user should have read access to a specific instance within a repository.- Specified by:
validateUserForEntityRead
in interfaceOpenMetadataRepositorySecurity
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance details- Returns:
- entity to return (maybe altered by the connector)
- Throws:
UserNotAuthorizedException
- the user is not authorized to retrieve instances
-
validateUserForEntitySummaryRead
public void validateUserForEntitySummaryRead(String userId, String metadataCollectionName, EntitySummary instance) throws UserNotAuthorizedException Tests for whether a specific user should have read access to a specific instance within a repository.- Specified by:
validateUserForEntitySummaryRead
in interfaceOpenMetadataRepositorySecurity
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance details- Throws:
UserNotAuthorizedException
- the user is not authorized to retrieve instances
-
validateUserForEntityProxyRead
public void validateUserForEntityProxyRead(String userId, String metadataCollectionName, EntityProxy instance) throws UserNotAuthorizedException Tests for whether a specific user should have read access to a specific instance within a repository.- Specified by:
validateUserForEntityProxyRead
in interfaceOpenMetadataRepositorySecurity
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance details- Throws:
UserNotAuthorizedException
- the user is not authorized to retrieve instances
-
validateUserForEntityUpdate
public void validateUserForEntityUpdate(String userId, String metadataCollectionName, EntityDetail instance) throws UserNotAuthorizedException Tests for whether a specific user should have the right to update an instance within a repository.- Specified by:
validateUserForEntityUpdate
in interfaceOpenMetadataRepositorySecurity
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance details- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForEntityClassificationAdd
public void validateUserForEntityClassificationAdd(String userId, String metadataCollectionName, EntitySummary instance, String classificationName, InstanceProperties properties) throws UserNotAuthorizedException Tests for whether a specific user should have the right to add a classification to an entity instance within a repository.- Specified by:
validateUserForEntityClassificationAdd
in interfaceOpenMetadataRepositorySecurity
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance detailsclassificationName
- String name for the classification.properties
- list of properties for the classification.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForEntityClassificationUpdate
public void validateUserForEntityClassificationUpdate(String userId, String metadataCollectionName, EntitySummary instance, String classificationName, InstanceProperties properties) throws UserNotAuthorizedException Tests for whether a specific user should have the right to update the classification for an entity instance within a repository.- Specified by:
validateUserForEntityClassificationUpdate
in interfaceOpenMetadataRepositorySecurity
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance detailsclassificationName
- String name for the classification.properties
- list of properties for the classification.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForEntityClassificationDelete
public void validateUserForEntityClassificationDelete(String userId, String metadataCollectionName, EntitySummary instance, String classificationName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to delete a classification from an entity instance within a repository.- Specified by:
validateUserForEntityClassificationDelete
in interfaceOpenMetadataRepositorySecurity
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance detailsclassificationName
- String name for the classification.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForEntityDelete
public void validateUserForEntityDelete(String userId, String metadataCollectionName, EntityDetail instance) throws UserNotAuthorizedException Tests for whether a specific user should have the right to delete an instance within a repository.- Specified by:
validateUserForEntityDelete
in interfaceOpenMetadataRepositorySecurity
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance details- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForEntityRestore
public void validateUserForEntityRestore(String userId, String metadataCollectionName, String deletedEntityGUID) throws UserNotAuthorizedException Tests for whether a specific user should have the right to delete an instance within a repository.- Specified by:
validateUserForEntityRestore
in interfaceOpenMetadataRepositorySecurity
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectiondeletedEntityGUID
- String unique identifier (guid) for the entity.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForEntityReIdentification
public void validateUserForEntityReIdentification(String userId, String metadataCollectionName, EntityDetail instance, String newGUID) throws UserNotAuthorizedException Tests for whether a specific user should have the right to change the guid on an instance within a repository.- Specified by:
validateUserForEntityReIdentification
in interfaceOpenMetadataRepositorySecurity
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance detailsnewGUID
- the new guid for the instance.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForEntityReTyping
public void validateUserForEntityReTyping(String userId, String metadataCollectionName, EntityDetail instance, TypeDefSummary newTypeDefSummary) throws UserNotAuthorizedException Tests for whether a specific user should have the right to change an instance's type within a repository.- Specified by:
validateUserForEntityReTyping
in interfaceOpenMetadataRepositorySecurity
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance detailsnewTypeDefSummary
- details of this instance's new TypeDef.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForEntityReHoming
public void validateUserForEntityReHoming(String userId, String metadataCollectionName, EntityDetail instance, String newHomeMetadataCollectionId, String newHomeMetadataCollectionName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to change the home of an instance within a repository.- Specified by:
validateUserForEntityReHoming
in interfaceOpenMetadataRepositorySecurity
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance detailsnewHomeMetadataCollectionId
- unique identifier for the new home metadata collection/repository.newHomeMetadataCollectionName
- display name for the new home metadata collection/repository.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForRelationshipCreate
public void validateUserForRelationshipCreate(String userId, String metadataCollectionName, String relationshipTypeGUID, InstanceProperties initialProperties, EntitySummary entityOneSummary, EntitySummary entityTwoSummary, InstanceStatus initialStatus) throws UserNotAuthorizedException Tests for whether a specific user should have the right to create an instance within a repository.- Specified by:
validateUserForRelationshipCreate
in interfaceOpenMetadataRepositorySecurity
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectionrelationshipTypeGUID
- unique identifier (guid) for the new relationship's type.initialProperties
- initial list of properties for the new entity null means no properties.entityOneSummary
- the unique identifier of one of the entities that the relationship is connecting together.entityTwoSummary
- the unique identifier of the other entity that the relationship is connecting together.initialStatus
- initial status typically DRAFT, PREPARED or ACTIVE.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForRelationshipRead
public Relationship validateUserForRelationshipRead(String userId, String metadataCollectionName, Relationship instance) throws UserNotAuthorizedException Tests for whether a specific user should have read access to a specific instance within a repository.- Specified by:
validateUserForRelationshipRead
in interfaceOpenMetadataRepositorySecurity
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance details- Returns:
- relationship to return (maybe altered by the connector)
- Throws:
UserNotAuthorizedException
- the user is not authorized to retrieve instances
-
validateUserForRelationshipUpdate
public void validateUserForRelationshipUpdate(String userId, String metadataCollectionName, Relationship instance) throws UserNotAuthorizedException Tests for whether a specific user should have the right to update an instance within a repository.- Specified by:
validateUserForRelationshipUpdate
in interfaceOpenMetadataRepositorySecurity
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance details- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForRelationshipDelete
public void validateUserForRelationshipDelete(String userId, String metadataCollectionName, Relationship instance) throws UserNotAuthorizedException Tests for whether a specific user should have the right to delete an instance within a repository.- Specified by:
validateUserForRelationshipDelete
in interfaceOpenMetadataRepositorySecurity
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance details- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForRelationshipRestore
public void validateUserForRelationshipRestore(String userId, String metadataCollectionName, String deletedRelationshipGUID) throws UserNotAuthorizedException Tests for whether a specific user should have the right to delete an instance within a repository.- Specified by:
validateUserForRelationshipRestore
in interfaceOpenMetadataRepositorySecurity
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectiondeletedRelationshipGUID
- String unique identifier (guid) for the relationship.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForRelationshipReIdentification
public void validateUserForRelationshipReIdentification(String userId, String metadataCollectionName, Relationship instance, String newGUID) throws UserNotAuthorizedException Tests for whether a specific user should have the right to change the guid on an instance within a repository.- Specified by:
validateUserForRelationshipReIdentification
in interfaceOpenMetadataRepositorySecurity
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance detailsnewGUID
- the new guid for the instance.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForRelationshipReTyping
public void validateUserForRelationshipReTyping(String userId, String metadataCollectionName, Relationship instance, TypeDefSummary newTypeDefSummary) throws UserNotAuthorizedException Tests for whether a specific user should have the right to change an instance's type within a repository.- Specified by:
validateUserForRelationshipReTyping
in interfaceOpenMetadataRepositorySecurity
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance detailsnewTypeDefSummary
- details of this instance's new TypeDef.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForRelationshipReHoming
public void validateUserForRelationshipReHoming(String userId, String metadataCollectionName, Relationship instance, String newHomeMetadataCollectionId, String newHomeMetadataCollectionName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to change the home of an instance within a repository.- Specified by:
validateUserForRelationshipReHoming
in interfaceOpenMetadataRepositorySecurity
- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance detailsnewHomeMetadataCollectionId
- unique identifier for the new home metadata collection/repository.newHomeMetadataCollectionName
- display name for the new home metadata collection/repository.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateEntityReferenceCopySave
Tests for whether a reference copy should be saved to the repository.- Specified by:
validateEntityReferenceCopySave
in interfaceOpenMetadataRepositorySecurity
- Parameters:
instance
- instance details- Returns:
- flag indicating whether the reference copy should be saved
-
validateRelationshipReferenceCopySave
Tests for whether a reference copy should be saved to the repository.- Specified by:
validateRelationshipReferenceCopySave
in interfaceOpenMetadataRepositorySecurity
- Parameters:
instance
- instance details- Returns:
- flag indicating whether the reference copy should be saved
-
validateInboundEvent
Validate whether an event received from another member of the cohort should be processed by this server.- Specified by:
validateInboundEvent
in interfaceOpenMetadataEventsSecurity
- Parameters:
cohortName
- name of the cohortevent
- event that has been received- Returns:
- inbound event to process (maybe updated) or null to indicate that the event should be ignored
-
validateOutboundEvent
Validate whether an event should be sent to the other members of the cohort by this server.- Specified by:
validateOutboundEvent
in interfaceOpenMetadataEventsSecurity
- Parameters:
cohortName
- name of the cohortevent
- event that has been received- Returns:
- outbound event to send (maybe updated) or null to indicate that the event should be ignored
-