Interface IRoleManager

  • All Known Implementing Classes:
    CassandraRoleManager

    public interface IRoleManager
    Responsible for managing roles (which also includes what used to be known as users), including creation, deletion, alteration and the granting and revoking of roles to other roles.
    • Method Detail

      • supportedOptions

        java.util.Set<IRoleManager.Option> supportedOptions()
        Set of options supported by CREATE ROLE and ALTER ROLE queries. Should never return null - always return an empty set instead.
      • alterableOptions

        java.util.Set<IRoleManager.Option> alterableOptions()
        Subset of supportedOptions that users are allowed to alter when performing ALTER ROLE [themselves]. Should never return null - always return an empty set instead.
      • alterRole

        void alterRole​(AuthenticatedUser performer,
                       RoleResource role,
                       RoleOptions options)
                throws RequestValidationException,
                       RequestExecutionException
        Called during execution of ALTER ROLE statement. options are always guaranteed to be a subset of supportedOptions(). Furthermore, if the actor performing the query is not a superuser and is altering themself, then options are guaranteed to be a subset of alterableOptions(). Keep the body of the method blank if your implementation doesn't support modification of any options.
        Parameters:
        performer - User issuing the alter role statement.
        role - Role that will be altered.
        options - Options to alter.
        Throws:
        RequestValidationException
        RequestExecutionException
      • getRoleDetails

        default java.util.Set<Role> getRoleDetails​(RoleResource grantee)
        Used to retrieve detailed role info on the full set of roles granted to a grantee. This method was not part of the V1 IRoleManager API, so a default impl is supplied which uses the V1 methods to retrieve the detailed role info for the grantee. This is essentially what clients of this interface would have to do themselves. Implementations can provide optimized versions of this method where the details can be retrieved more efficiently.
        Parameters:
        grantee - identifies the role whose granted roles are retrieved
        Returns:
        A set of Role objects detailing the roles granted to the grantee, either directly or through inheritance.
      • isSuper

        boolean isSuper​(RoleResource role)
        Return true if there exists a Role with the given name that also has superuser status. Superuser status may be inherited from another granted role, so this method should return true if either the named Role, or any other Role it is transitively granted has superuser status.
        Parameters:
        role - Role whose superuser status to verify
        Returns:
        true if the role exists and has superuser status, either directly or transitively, otherwise false.
      • canLogin

        boolean canLogin​(RoleResource role)
        Return true if there exists a Role with the given name which has login privileges. Such privileges is not inherited from other granted Roles and so must be directly granted to the named Role with the LOGIN option of CREATE ROLE or ALTER ROLE
        Parameters:
        role - Role whose login privileges to verify
        Returns:
        true if the role exists and is permitted to login, otherwise false
      • getCustomOptions

        java.util.Map<java.lang.String,​java.lang.String> getCustomOptions​(RoleResource role)
        Where an implementation supports OPTIONS in CREATE and ALTER operations this method should return the Map<String, String> representing the custom options associated with the role, as supplied to CREATE or ALTER. It should never return null; if the implementation does not support OPTIONS or if none were supplied then it should return an empty map.
        Parameters:
        role - Role whose custom options are required
        Returns:
        Key/Value pairs representing the custom options for the Role
      • isExistingRole

        boolean isExistingRole​(RoleResource role)
        Return true is a Role with the given name exists in the system.
        Parameters:
        role - Role whose existence to verify
        Returns:
        true if the name identifies an extant Role in the system, otherwise false
      • protectedResources

        java.util.Set<? extends IResource> protectedResources()
        Set of resources that should be made inaccessible to users and only accessible internally.
        Returns:
        Keyspaces and column families that will be unmodifiable by users; other resources.
      • setup

        void setup()
        Hook to perform implementation specific initialization, called once upon system startup. For example, use this method to create any required keyspaces/column families.