in service/common/src/main/java/org/apache/polaris/service/admin/PolarisAdminService.java [1722:1804]
public List<GrantResource> listGrantsForCatalogRole(String catalogName, String catalogRoleName) {
PolarisAuthorizableOperation op = PolarisAuthorizableOperation.LIST_GRANTS_FOR_CATALOG_ROLE;
authorizeBasicCatalogRoleOperationOrThrow(op, catalogName, catalogRoleName);
PolarisEntity catalogRoleEntity =
findCatalogRoleByName(catalogName, catalogRoleName)
.orElseThrow(() -> new NotFoundException("CatalogRole %s not found", catalogRoleName));
LoadGrantsResult grantList =
metaStoreManager.loadGrantsToGrantee(getCurrentPolarisContext(), catalogRoleEntity);
List<CatalogGrant> catalogGrants = new ArrayList<>();
List<NamespaceGrant> namespaceGrants = new ArrayList<>();
List<TableGrant> tableGrants = new ArrayList<>();
List<ViewGrant> viewGrants = new ArrayList<>();
Map<Long, PolarisBaseEntity> entityMap = grantList.getEntitiesAsMap();
for (PolarisGrantRecord record : grantList.getGrantRecords()) {
PolarisPrivilege privilege = PolarisPrivilege.fromCode(record.getPrivilegeCode());
PolarisBaseEntity baseEntity = this.getOrLoadEntityForGrant(entityMap, record);
if (baseEntity != null) {
switch (baseEntity.getType()) {
case CATALOG:
{
CatalogGrant grant =
new CatalogGrant(
CatalogPrivilege.valueOf(privilege.toString()),
GrantResource.TypeEnum.CATALOG);
catalogGrants.add(grant);
break;
}
case NAMESPACE:
{
NamespaceGrant grant =
new NamespaceGrant(
List.of(NamespaceEntity.of(baseEntity).asNamespace().levels()),
NamespacePrivilege.valueOf(privilege.toString()),
GrantResource.TypeEnum.NAMESPACE);
namespaceGrants.add(grant);
break;
}
case TABLE_LIKE:
{
if (baseEntity.getSubType() == PolarisEntitySubType.ICEBERG_TABLE
|| baseEntity.getSubType() == PolarisEntitySubType.GENERIC_TABLE) {
TableIdentifier identifier =
IcebergTableLikeEntity.of(baseEntity).getTableIdentifier();
TableGrant grant =
new TableGrant(
List.of(identifier.namespace().levels()),
identifier.name(),
TablePrivilege.valueOf(privilege.toString()),
GrantResource.TypeEnum.TABLE);
tableGrants.add(grant);
} else if (baseEntity.getSubType() == PolarisEntitySubType.ICEBERG_VIEW) {
TableIdentifier identifier =
IcebergTableLikeEntity.of(baseEntity).getTableIdentifier();
ViewGrant grant =
new ViewGrant(
List.of(identifier.namespace().levels()),
identifier.name(),
ViewPrivilege.valueOf(privilege.toString()),
GrantResource.TypeEnum.VIEW);
viewGrants.add(grant);
} else {
throw new IllegalStateException(
"Unrecognized entity subtype " + baseEntity.getSubType());
}
break;
}
default:
throw new IllegalArgumentException(
String.format(
"Unexpected entity type '%s' listing grants for catalogRole '%s' in catalog '%s'",
baseEntity.getType(), catalogRoleName, catalogName));
}
}
}
// Assemble these at the end so that they're grouped by type.
List<GrantResource> allGrants = new ArrayList<>();
allGrants.addAll(catalogGrants);
allGrants.addAll(namespaceGrants);
allGrants.addAll(tableGrants);
allGrants.addAll(viewGrants);
return allGrants;
}