Package com.datahub.plugins.auth.authorization

Interface Authorizer

All Superinterfaces:
Plugin
public interface Authorizer extends Plugin
An Authorizer is responsible for determining whether an actor should be granted a specific privilege.

  • Field Details

  • Method Details

    • init

      default void init(@Nonnull Map<String,Object> authorizerConfig, @Nonnull AuthorizerContext ctx)
      Initialize the Authorizer. Invoked once at boot time.
      Parameters:
      authorizerConfig - config provided to the authenticator derived from the Metadata Service YAML config. This config comes from the "authorization.authorizers.config" configuration.

    • authorize

      default AuthorizationResult authorize(@Nonnull AuthorizationRequest request)
      Authorizes an action based on the actor, the resource, and required privileges.

    • authorizedActors

      default AuthorizedActors authorizedActors(String privilege, Optional<EntitySpec> resourceSpec)
      Retrieves the current list of actors authorized to for a particular privilege against an optional resource

    • getActorPolicies

      default Set<com.linkedin.policy.DataHubPolicyInfo> getActorPolicies(@Nonnull com.linkedin.common.urn.Urn actorUrn)
      Given the actor's urn retrieve the policies.
      Parameters:
      actorUrn -
      Returns:

    • getActorGroups

      default Collection<com.linkedin.common.urn.Urn> getActorGroups(@Nonnull com.linkedin.common.urn.Urn actorUrn)
      Given the actor's urn retrieve the actor's groups

    • getActorPeers

      default Collection<com.linkedin.common.urn.Urn> getActorPeers(@Nonnull com.linkedin.common.urn.Urn actorUrn)
      Given an actor's urn retrieve the actor's peers