gravitino.api.authorization.privileges.Privilege¶

class gravitino.api.authorization.privileges.Privilege¶

Bases: ABC

The interface of a privilege. The privilege represents the ability to execute kinds of operations for kinds of entities

__init__()¶

Methods

`__init__`()
`can_bind_to`(obj_type)	Check whether this privilege can bind to a securable object type.
`condition`()	Return the condition of the privilege.
`name`()	Return the generic name of the privilege.
`simple_string`()	Return a simple string representation of the privilege.

class Condition(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)¶

Bases: Enum

The condition of this privilege.

ALLOW means that you are allowed to use the privilege. DENY means that you are denied to use the privilege.

If you have ALLOW and DENY for the same privilege name of the same securable object, the DENY will take effect.

class Name(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)¶

Bases: Enum

The name of this privilege.

APPLY_POLICY = (0, 16777216)¶: The privilege to apply a policy.

APPLY_TAG = (0, 4194304)¶: The privilege to apply a tag.

CONSUME_TOPIC = (0, 8192)¶: The privilege to consume from a topic.

CREATE_CATALOG = (0, 1)¶: The privilege to create a catalog.

CREATE_FILESET = (0, 256)¶: The privilege to create a fileset.

CREATE_POLICY = (0, 8388608)¶: The privilege to create a policy.

CREATE_ROLE = (0, 65536)¶: The privilege to create a role.

CREATE_SCHEMA = (0, 8)¶: The privilege to create a schema.

CREATE_TABLE = (0, 32)¶: The privilege to create a table.

CREATE_TAG = (0, 2097152)¶: The privilege to create a tag.

CREATE_TOPIC = (0, 2048)¶: The privilege to create a topic.

LINK_MODEL_VERSION = (0, 524288)¶: The privilege to create a model version.

MANAGE_GRANTS = (0, 131072)¶: The privilege to grant or revoke a role for the user or the group.

MANAGE_GROUPS = (0, 32768)¶: The privilege to manage groups.

MANAGE_USERS = (0, 16384)¶: The privilege to manage users.

MODIFY_TABLE = (0, 64)¶: The privilege to modify a table.

PRODUCE_TOPIC = (0, 4096)¶: The privilege to produce to a topic.

READ_FILESET = (0, 1024)¶: The privilege to read a fileset.

REGISTER_JOB_TEMPLATE = (0, 33554432)¶: The privilege to register a job template.

REGISTER_MODEL = (0, 262144)¶: The privilege to create a model.

RUN_JOB = (0, 134217728)¶: The privilege to run a job.

SELECT_TABLE = (0, 128)¶: The privilege to select data from a table.

USE_CATALOG = (0, 4)¶: The privilege to use a catalog.

USE_JOB_TEMPLATE = (0, 67108864)¶: The privilege to use a job template.

USE_MODEL = (0, 1048576)¶: The privilege to view model metadata and download all model versions.

USE_SCHEMA = (0, 16)¶: The privilege to use a schema.

WRITE_FILESET = (0, 512)¶: The privilege to write a fileset.

property high_bits: int¶

Return the high bits of Name.

Returns:: int: The high bits of Name

property low_bits: int¶

Return the low bits of Name.

Returns:: int: The low bits of Name

abstract can_bind_to(obj_type: Type) → bool¶

Check whether this privilege can bind to a securable object type.

Args:: obj_type: The securable object’s metadata type.
Returns:: True if this privilege can bind to the given type, otherwise False.

abstract condition() → Condition¶

Return the condition of the privilege.

raises:: NotImplementedError: If the method is not implemented.
Returns:: Privilege.Condition: The condition of the privilege. ALLOW means that you are allowed to use the privilege, DENY means that you are denied to use the privilege

abstract name() → Name¶

Return the generic name of the privilege.

Raises:: NotImplementedError: If the method is not implemented.
Returns:: Privilege.Name: The generic name of the privilege.

abstract simple_string() → str¶

Return a simple string representation of the privilege.

Raises:: NotImplementedError: If the method is not implemented.
Returns:: str: A readable string representation for the privilege.