Class StatementColumnPermission


  • public class StatementColumnPermission
    extends StatementTablePermission
    This class describes a column permission used (required) by a statement.
    • Constructor Detail

      • StatementColumnPermission

        public StatementColumnPermission​(UUID tableUUID,
                                         int privType,
                                         FormatableBitSet columns)
        Constructor for StatementColumnPermission. Creates an instance of column permission requested for the given access.
        Parameters:
        tableUUID - UUID of the table
        privType - Access privilege requested
        columns - List of columns
    • Method Detail

      • getColumns

        public FormatableBitSet getColumns()
        Return list of columns that need access
        Returns:
        FormatableBitSet of columns
      • equals

        public boolean equals​(java.lang.Object obj)
        Method to check if another instance of column access descriptor matches this. Used to ensure only one access descriptor for a table/columns of given privilege is created.
        Overrides:
        equals in class StatementTablePermission
        Parameters:
        obj - Another instance of StatementPermission
        Returns:
        true if match
      • getPUBLIClevelColPermsDescriptor

        public PermissionsDescriptor getPUBLIClevelColPermsDescriptor​(java.lang.String authid,
                                                                      DataDictionary dd)
                                                               throws StandardException
        This method gets called in execution phase after it is established that all the required privileges exist for the given sql. This method gets called by create view/trigger/constraint to record their dependency on various privileges. Special code is required to track column level privileges. It is possible that some column level privileges are available to the passed authorizer id but the rest required column level privileges are available at PUBLIC level. In this method, we check if all the required column level privileges are found for the passed authorizer. If yes, then simply return null, indicating that no dependency is required at PUBLIC level, because all the required privileges were found at the user level. But if some column level privileges are not available at user level, then they have to exist at the PUBLIC level when this method gets called.
        Throws:
        StandardException
      • allColumnsCoveredByUserOrPUBLIC

        public boolean allColumnsCoveredByUserOrPUBLIC​(java.lang.String authid,
                                                       DataDictionary dd)
                                                throws StandardException
        Returns false if the current role is necessary to cover the necessary permission(s).
        Parameters:
        authid - authentication id of the current user
        dd - data dictionary
        Returns:
        false if the current role is required
        Throws:
        StandardException
      • tryRole

        private FormatableBitSet tryRole​(LanguageConnectionContext lcc,
                                         DataDictionary dd,
                                         boolean forGrant,
                                         java.lang.String r)
                                  throws StandardException
        Try to use the supplied role r to see what column privileges are we entitled to.
        Parameters:
        lcc - language connection context
        dd - data dictionary
        forGrant - true of a GRANTable permission is sought
        r - the role to inspect to see if it can supply the required privileges return the set of columns on which we have privileges through this role
        Throws:
        StandardException