PolicyDecider (Teiid API 13.0.1 API)

```
public interface PolicyDecider
```
A policy decider that reports authorization decisions for further action. A decider may be called many times for a single user command. Typically there will be 1 call for every command/subquery/temp table access/function call.

Method Summary

All Methods Instance Methods Abstract Methods
Modifier and Type	Method and Description
`Set<AbstractMetadataRecord>`	`getInaccessibleResources(DataPolicy.PermissionType action, Set<AbstractMetadataRecord> resources, DataPolicy.Context context, CommandContext commandContext)` Returns the set of resources not allowed to be accessed by the current user.
`boolean`	`hasRole(String roleName, CommandContext context)` Called by the system hasRole function to determine role membership.
`boolean`	`isLanguageAllowed(String language, CommandContext commandContext)` Returns true if the given language is allowed
`boolean`	`isTempAccessible(DataPolicy.PermissionType action, AbstractMetadataRecord resource, DataPolicy.Context context, CommandContext commandContext)` Checks if the temp table are accessible.
`boolean`	`validateCommand(CommandContext commandContext)` Determines if an authorization check should proceed

- Method Detail
  - hasRole
```
boolean hasRole(String roleName,
                CommandContext context)
```
    Called by the system hasRole function to determine role membership.
    
    Parameters:
    
    roleName -
    
    context -
    
    Returns:
    
    true if the user has the given role name, otherwise false
  - getInaccessibleResources
```
Set<AbstractMetadataRecord> getInaccessibleResources(DataPolicy.PermissionType action,
                                                     Set<AbstractMetadataRecord> resources,
                                                     DataPolicy.Context context,
                                                     CommandContext commandContext)
```
    Returns the set of resources not allowed to be accessed by the current user.
    
    Parameters:
    
    action - if context is METADATA, then action execute means a procedure or function, and read some other resource
    
    resources -
    
    context - in which the action is performed. For example you can have a context of DataPolicy.Context.UPDATE for a DataPolicy.PermissionType.READ for columns used in an UPDATE condition.
    
    commandContext -
    
    Returns:
    
    the set of inaccessible resources, never null
  - isLanguageAllowed
```
boolean isLanguageAllowed(String language,
                          CommandContext commandContext)
```
    Returns true if the given language is allowed
    
    Parameters:
    
    language -
    
    commandContext -
    
    Returns:
  - isTempAccessible
```
boolean isTempAccessible(DataPolicy.PermissionType action,
                         AbstractMetadataRecord resource,
                         DataPolicy.Context context,
                         CommandContext commandContext)
```
    Checks if the temp table are accessible. Typically as long as temp tables can be created, all operations are allowed.
    
    Parameters:
    
    action -
    
    resource - will be null for general temp access
    
    context - in which the action is performed. For example you can have a context of DataPolicy.Context.UPDATE for a DataPolicy.PermissionType.READ for columns used in an UPDATE condition.
    
    commandContext -
    
    Returns:
    
    true if the access is allowed, otherwise false
  - validateCommand
```
boolean validateCommand(CommandContext commandContext)
```
    Determines if an authorization check should proceed
    
    Parameters:
    
    commandContext -
    
    Returns:

Interface PolicyDecider

Method Summary

Method Detail

hasRole

getInaccessibleResources

isLanguageAllowed

isTempAccessible

validateCommand