Interface RowLevelSecurity

All Known Implementing Classes:

CockroachRowLevelSecurity, DB2RowLevelSecurity, NoRowLevelSecurity, PostgreSQLRowLevelSecurity, SQLServerRowLevelSecurity

@Incubating
public interface RowLevelSecurity

Abstracts support for database-native row-level security.

Since:

8.0

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static enum	RowLevelSecurity.TenantIdentifierSource	The database-side source used by row-level security policies to resolve the current tenant identifier.

Method Summary

Modifier and Type	Method	Description
default void	addTenantIdTableInitCommands(InFlightMetadataCollector collector, Table table, Column tenantIdentifierColumn, Metadata metadata, RowLevelSecurity.TenantIdentifierSource tenantIdentifierSource)	Register table initialization commands enforcing discriminator-based multitenancy via native row-level security.
default String[]	getTenantIdTableCreateStrings(Table table, Column tenantIdentifierColumn, Metadata metadata, SqlStringGenerationContext context, RowLevelSecurity.TenantIdentifierSource tenantIdentifierSource)	Create the DDL commands which enforce discriminator-based multitenancy via native row-level security.
default void	setTenantIdentifier(Connection connection, String tenantIdentifier, boolean root)	Apply the current Hibernate tenant identifier to the database connection.
boolean	supportsRowLevelSecurity()	Does this dialect natively support row-level security?
default boolean	supportsTenantIdentifierSource(RowLevelSecurity.TenantIdentifierSource tenantIdentifierSource)	Does this dialect support RLS policies which use the database user as the tenant identifier?

Method Details

supportsRowLevelSecurity

boolean supportsRowLevelSecurity()

Does this dialect natively support row-level security?

supportsTenantIdentifierSource

default boolean supportsTenantIdentifierSource(RowLevelSecurity.TenantIdentifierSource tenantIdentifierSource)

Does this dialect support RLS policies which use the database user as the tenant identifier?

addTenantIdTableInitCommands

default void addTenantIdTableInitCommands(InFlightMetadataCollector collector,
 Table table,
 Column tenantIdentifierColumn,
 Metadata metadata,
 RowLevelSecurity.TenantIdentifierSource tenantIdentifierSource)

Register table initialization commands enforcing discriminator-based multitenancy via native row-level security.

Parameters:

collector - The metadata collector

table - The table containing the tenant id column

tenantIdentifierColumn - The tenant id column

metadata - The mapping metadata

tenantIdentifierSource - The source used to resolve the tenant id

getTenantIdTableCreateStrings

default String[] getTenantIdTableCreateStrings(Table table,
 Column tenantIdentifierColumn,
 Metadata metadata,
 SqlStringGenerationContext context,
 RowLevelSecurity.TenantIdentifierSource tenantIdentifierSource)

Create the DDL commands which enforce discriminator-based multitenancy via native row-level security.

Parameters:

table - The table containing the tenant id column

tenantIdentifierColumn - The tenant id column

metadata - The mapping metadata

context - SQL rendering context

tenantIdentifierSource - The source used to resolve the tenant id

setTenantIdentifier

default void setTenantIdentifier(Connection connection,
 String tenantIdentifier,
 boolean root)
                          throws SQLException

Apply the current Hibernate tenant identifier to the database connection. Dialects may use this to populate session-local state referenced by their row-level security policies.

Parameters:

connection - The JDBC connection

tenantIdentifier - The tenant identifier rendered as a string

root - Whether the tenant identifier is a root tenant

Throws:

SQLException