@Override public Set<String> filterSchemas(Identity identity, String catalogName, Set<String> schemaNames) { if (!canAccessCatalog(identity, catalogName)) { return ImmutableSet.of(); } return schemaNames; }
private SystemAccessControl create(String configFileName) { FileBasedSystemAccessControlRules rules = parseJson(Paths.get(configFileName), FileBasedSystemAccessControlRules.class); ImmutableList.Builder<CatalogAccessControlRule> catalogRulesBuilder = ImmutableList.builder(); catalogRulesBuilder.addAll(rules.getCatalogRules()); // Hack to allow Presto Admin to access the "system" catalog for retrieving server status. // todo Change userRegex from ".*" to one particular user that Presto Admin will be restricted to run as catalogRulesBuilder.add(new CatalogAccessControlRule( true, Optional.of(Pattern.compile(".*")), Optional.of(Pattern.compile("system")))); return new FileBasedSystemAccessControl(catalogRulesBuilder.build(), rules.getPrincipalUserMatchRules()); } }
@Override public Set<SchemaTableName> filterTables(Identity identity, String catalogName, Set<SchemaTableName> tableNames) { if (!canAccessCatalog(identity, catalogName)) { return ImmutableSet.of(); } return tableNames; }
@Override public Set<String> filterCatalogs(Identity identity, Set<String> catalogs) { ImmutableSet.Builder<String> filteredCatalogs = ImmutableSet.builder(); for (String catalog : catalogs) { if (canAccessCatalog(identity, catalog)) { filteredCatalogs.add(catalog); } } return filteredCatalogs.build(); }
@Override public void checkCanAccessCatalog(Identity identity, String catalogName) { if (!canAccessCatalog(identity, catalogName)) { denyCatalogAccess(catalogName); } }