From 944b026e548b20b60417988ccc9202f1e7893c1d Mon Sep 17 00:00:00 2001 From: Mitsunori Komatsu Date: Fri, 24 Oct 2025 14:53:18 +0900 Subject: [PATCH 1/6] Add RBAC APIs --- .../java/com/scalar/db/api/AuthAdmin.java | 251 ++++++++++++++++++ .../DecoratedDistributedTransactionAdmin.java | 101 +++++++ 2 files changed, 352 insertions(+) diff --git a/core/src/main/java/com/scalar/db/api/AuthAdmin.java b/core/src/main/java/com/scalar/db/api/AuthAdmin.java index debbfb7ac6..b0cd490ae9 100644 --- a/core/src/main/java/com/scalar/db/api/AuthAdmin.java +++ b/core/src/main/java/com/scalar/db/api/AuthAdmin.java @@ -175,12 +175,263 @@ default Set getPrivileges(String username, String namespaceName) throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); } + /** + * Creates a role with the given role name. + * + * @param roleName the role name + * @throws IllegalArgumentException if the role already exists + * @throws ExecutionException if the operation fails + */ + default void createRole(String roleName) throws ExecutionException { + throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); + } + + /** + * Drops a role with the given role name. + * + * @param roleName the role name + * @throws IllegalArgumentException if the role does not exist + * @throws ExecutionException if the operation fails + */ + default void dropRole(String roleName) throws ExecutionException { + throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); + } + + /** + * Retrieves a list of {@link RoleDetail}s. + * + * @return a list of {@link RoleDetail}s + * @throws ExecutionException if the operation fails + */ + default List getRoles() throws ExecutionException { + throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); + } + + /** + * Retrieves a list of {@link RoleDetail}s for the given user. + * + * @param username the username + * @return a list of {@link RoleDetail}s for the given user + * @throws ExecutionException if the operation fails + */ + default List getRolesForUser(String username) throws ExecutionException { + throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); + } + + /** + * Grants a role to a user. + * + * @param username the username + * @param roleName the role name + * @param withAdminOption if true, the user can grant the role to other users + * @throws IllegalArgumentException if the user does not exist or the role does not exist + * @throws ExecutionException if the operation fails + */ + default void grantRoleToUser(String username, String roleName, boolean withAdminOption) + throws ExecutionException { + throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); + } + + /** + * Revokes a role from a user. + * + * @param username the username + * @param roleName the role name + * @throws IllegalArgumentException if the user does not exist or the role does not exist + * @throws ExecutionException if the operation fails + */ + default void revokeRoleFromUser(String username, String roleName) throws ExecutionException { + throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); + } + + /** + * Revokes admin option from a user for a role. + * + * @param username the username + * @param roleName the role name + * @throws IllegalArgumentException if the user does not exist or the role does not exist + * @throws ExecutionException if the operation fails + */ + default void revokeAdminOptionFromUser(String username, String roleName) + throws ExecutionException { + throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); + } + + /** + * Retrieves a list of {@link UserRole}s for the given role. + * + * @param roleName the role name + * @return a list of {@link UserRole}s for the given role + * @throws ExecutionException if the operation fails + */ + default List getUsersForRole(String roleName) throws ExecutionException { + throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); + } + + /** + * Grants a role to another role. + * + * @param roleName the role name + * @param memberRole the member role name + * @param withAdminOption if true, the member role can grant the role to other roles + * @throws IllegalArgumentException if the role does not exist or the member role does not exist + * @throws ExecutionException if the operation fails + */ + default void grantRoleToRole(String roleName, String memberRole, boolean withAdminOption) + throws ExecutionException { + throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); + } + + /** + * Revokes a role from another role. + * + * @param roleName the role name + * @param memberRole the member role name + * @throws IllegalArgumentException if the role does not exist or the member role does not exist + * @throws ExecutionException if the operation fails + */ + default void revokeRoleFromRole(String roleName, String memberRole) throws ExecutionException { + throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); + } + + /** + * Revokes admin option from a role for another role. + * + * @param roleName the role name + * @param memberRole the member role name + * @throws IllegalArgumentException if the role does not exist or the member role does not exist + * @throws ExecutionException if the operation fails + */ + default void revokeAdminOptionFromRole(String roleName, String memberRole) + throws ExecutionException { + throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); + } + + /** + * Retrieves privileges for the given username, role and namespace. + * + * @param username the username + * @param roleName the role name + * @param namespaceName the namespace name + * @return a set of privileges for the given role and namespace + * @throws ExecutionException if the operation fails + */ + default Set getRolePrivileges(String username, String roleName, String namespaceName) + throws ExecutionException { + throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); + } + + /** + * Retrieves privileges for the given username, role, namespace, and table. + * + * @param username the username + * @param roleName the role name + * @param namespaceName the namespace name + * @param tableName the table name + * @return a set of privileges for the given role, namespace, and table + * @throws ExecutionException if the operation fails + */ + default Set getRolePrivileges( + String username, String roleName, String namespaceName, String tableName) + throws ExecutionException { + throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); + } + + /** + * Grants privileges to a role for all tables in the given namespace. + * + * @param roleName the role name + * @param namespaceName the namespace name + * @param privileges the privileges + * @throws IllegalArgumentException if the role does not exist or the namespace does not exist + * @throws ExecutionException if the operation fails + */ + default void grantPrivilegeToRole(String roleName, String namespaceName, Privilege... privileges) + throws ExecutionException { + throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); + } + + /** + * Grants privileges to a role for the given table. + * + * @param roleName the role name + * @param namespaceName the namespace name of the table + * @param tableName the table name + * @param privileges the privileges + * @throws IllegalArgumentException if the role does not exist or the table does not exist + * @throws ExecutionException if the operation fails + */ + default void grantPrivilegeToRole( + String roleName, String namespaceName, String tableName, Privilege... privileges) + throws ExecutionException { + throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); + } + + /** + * Revokes privileges from a role for all tables in the given namespace. + * + * @param roleName the role name + * @param namespaceName the namespace name + * @param privileges the privileges + * @throws IllegalArgumentException if the role does not exist or the namespace does not exist + * @throws ExecutionException if the operation fails + */ + default void revokePrivilegeFromRole( + String roleName, String namespaceName, Privilege... privileges) throws ExecutionException { + throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); + } + + /** + * Revokes privileges from a role for the given table. + * + * @param roleName the role name + * @param namespaceName the namespace name of the table + * @param tableName the table name + * @param privileges the privileges + * @throws IllegalArgumentException if the role does not exist or the table does not exist + * @throws ExecutionException if the operation fails + */ + default void revokePrivilegeFromRole( + String roleName, String namespaceName, String tableName, Privilege... privileges) + throws ExecutionException { + throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); + } + interface User { String getName(); boolean isSuperuser(); } + /** Represents a role */ + interface Role { + String getName(); + } + + interface RoleDetail { + Role getRole(); + + List getRoleHierarchies(); + } + + /** Represents a user-role assignment */ + interface UserRole { + String getUsername(); + + String getRoleName(); + + boolean hasAdminOption(); + } + + /** Represents a role hierarchy (role-to-role assignment) */ + interface RoleHierarchy { + String getRoleName(); + + String getMemberRoleName(); + + boolean hasAdminOption(); + } + /** The user options. */ enum UserOption { /** If specified, the user is created as a superuser. */ diff --git a/core/src/main/java/com/scalar/db/common/DecoratedDistributedTransactionAdmin.java b/core/src/main/java/com/scalar/db/common/DecoratedDistributedTransactionAdmin.java index 1447810cd5..c8535604b4 100644 --- a/core/src/main/java/com/scalar/db/common/DecoratedDistributedTransactionAdmin.java +++ b/core/src/main/java/com/scalar/db/common/DecoratedDistributedTransactionAdmin.java @@ -383,6 +383,107 @@ public Set getPrivileges(String username, String namespaceName, Strin return distributedTransactionAdmin.getPrivileges(username, namespaceName, tableName); } + @Override + public void createRole(String roleName) throws ExecutionException { + distributedTransactionAdmin.createRole(roleName); + } + + @Override + public void dropRole(String roleName) throws ExecutionException { + distributedTransactionAdmin.dropRole(roleName); + } + + @Override + public List getRoles() throws ExecutionException { + return distributedTransactionAdmin.getRoles(); + } + + @Override + public List getRolesForUser(String username) throws ExecutionException { + return distributedTransactionAdmin.getRolesForUser(username); + } + + @Override + public void grantRoleToUser(String username, String roleName, boolean withAdminOption) + throws ExecutionException { + distributedTransactionAdmin.grantRoleToUser(username, roleName, withAdminOption); + } + + @Override + public void revokeRoleFromUser(String username, String roleName) throws ExecutionException { + distributedTransactionAdmin.revokeRoleFromUser(username, roleName); + } + + @Override + public void revokeAdminOptionFromUser(String username, String roleName) + throws ExecutionException { + distributedTransactionAdmin.revokeAdminOptionFromUser(username, roleName); + } + + @Override + public List getUsersForRole(String roleName) throws ExecutionException { + return distributedTransactionAdmin.getUsersForRole(roleName); + } + + @Override + public void grantRoleToRole(String roleName, String memberRole, boolean withAdminOption) + throws ExecutionException { + distributedTransactionAdmin.grantRoleToRole(roleName, memberRole, withAdminOption); + } + + @Override + public void revokeRoleFromRole(String roleName, String memberRole) throws ExecutionException { + distributedTransactionAdmin.revokeRoleFromRole(roleName, memberRole); + } + + @Override + public void revokeAdminOptionFromRole(String roleName, String memberRole) + throws ExecutionException { + distributedTransactionAdmin.revokeAdminOptionFromRole(roleName, memberRole); + } + + @Override + public Set getRolePrivileges(String username, String roleName, String namespaceName) + throws ExecutionException { + return distributedTransactionAdmin.getRolePrivileges(username, roleName, namespaceName); + } + + @Override + public Set getRolePrivileges( + String username, String roleName, String namespaceName, String tableName) + throws ExecutionException { + return distributedTransactionAdmin.getRolePrivileges( + username, roleName, namespaceName, tableName); + } + + @Override + public void grantPrivilegeToRole(String roleName, String namespaceName, Privilege... privileges) + throws ExecutionException { + distributedTransactionAdmin.grantPrivilegeToRole(roleName, namespaceName, privileges); + } + + @Override + public void grantPrivilegeToRole( + String roleName, String namespaceName, String tableName, Privilege... privileges) + throws ExecutionException { + distributedTransactionAdmin.grantPrivilegeToRole( + roleName, namespaceName, tableName, privileges); + } + + @Override + public void revokePrivilegeFromRole( + String roleName, String namespaceName, Privilege... privileges) throws ExecutionException { + distributedTransactionAdmin.revokePrivilegeFromRole(roleName, namespaceName, privileges); + } + + @Override + public void revokePrivilegeFromRole( + String roleName, String namespaceName, String tableName, Privilege... privileges) + throws ExecutionException { + distributedTransactionAdmin.revokePrivilegeFromRole( + roleName, namespaceName, tableName, privileges); + } + @Override public void createPolicy(String policyName, @Nullable String dataTagColumnName) throws ExecutionException { From 7d3075cb20d9f2ceba220a542d544981c5c6b8e1 Mon Sep 17 00:00:00 2001 From: Mitsunori Komatsu Date: Fri, 24 Oct 2025 15:24:09 +0900 Subject: [PATCH 2/6] Update core/src/main/java/com/scalar/db/api/AuthAdmin.java Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- core/src/main/java/com/scalar/db/api/AuthAdmin.java | 1 + 1 file changed, 1 insertion(+) diff --git a/core/src/main/java/com/scalar/db/api/AuthAdmin.java b/core/src/main/java/com/scalar/db/api/AuthAdmin.java index b0cd490ae9..2c3ce2fe63 100644 --- a/core/src/main/java/com/scalar/db/api/AuthAdmin.java +++ b/core/src/main/java/com/scalar/db/api/AuthAdmin.java @@ -408,6 +408,7 @@ interface Role { String getName(); } + /** Represents a role with its hierarchy information. */ interface RoleDetail { Role getRole(); From a2db1dbf7caa0cfbb1d8c27f2c933c98416ac31c Mon Sep 17 00:00:00 2001 From: Mitsunori Komatsu Date: Tue, 28 Oct 2025 15:44:44 +0900 Subject: [PATCH 3/6] Remove `username` from getRolePrivileges() and rename `memberRole` to `memberRoleName` --- .../java/com/scalar/db/api/AuthAdmin.java | 24 +++++++++---------- .../DecoratedDistributedTransactionAdmin.java | 22 ++++++++--------- 2 files changed, 21 insertions(+), 25 deletions(-) diff --git a/core/src/main/java/com/scalar/db/api/AuthAdmin.java b/core/src/main/java/com/scalar/db/api/AuthAdmin.java index b0cd490ae9..23adf7f0db 100644 --- a/core/src/main/java/com/scalar/db/api/AuthAdmin.java +++ b/core/src/main/java/com/scalar/db/api/AuthAdmin.java @@ -272,12 +272,12 @@ default List getUsersForRole(String roleName) throws ExecutionExceptio * Grants a role to another role. * * @param roleName the role name - * @param memberRole the member role name + * @param memberRoleName the member role name * @param withAdminOption if true, the member role can grant the role to other roles * @throws IllegalArgumentException if the role does not exist or the member role does not exist * @throws ExecutionException if the operation fails */ - default void grantRoleToRole(String roleName, String memberRole, boolean withAdminOption) + default void grantRoleToRole(String roleName, String memberRoleName, boolean withAdminOption) throws ExecutionException { throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); } @@ -286,11 +286,12 @@ default void grantRoleToRole(String roleName, String memberRole, boolean withAdm * Revokes a role from another role. * * @param roleName the role name - * @param memberRole the member role name + * @param memberRoleName the member role name * @throws IllegalArgumentException if the role does not exist or the member role does not exist * @throws ExecutionException if the operation fails */ - default void revokeRoleFromRole(String roleName, String memberRole) throws ExecutionException { + default void revokeRoleFromRole(String roleName, String memberRoleName) + throws ExecutionException { throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); } @@ -298,41 +299,38 @@ default void revokeRoleFromRole(String roleName, String memberRole) throws Execu * Revokes admin option from a role for another role. * * @param roleName the role name - * @param memberRole the member role name + * @param memberRoleName the member role name * @throws IllegalArgumentException if the role does not exist or the member role does not exist * @throws ExecutionException if the operation fails */ - default void revokeAdminOptionFromRole(String roleName, String memberRole) + default void revokeAdminOptionFromRole(String roleName, String memberRoleName) throws ExecutionException { throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); } /** - * Retrieves privileges for the given username, role and namespace. + * Retrieves privileges for the given role and namespace. * - * @param username the username * @param roleName the role name * @param namespaceName the namespace name * @return a set of privileges for the given role and namespace * @throws ExecutionException if the operation fails */ - default Set getRolePrivileges(String username, String roleName, String namespaceName) + default Set getRolePrivileges(String roleName, String namespaceName) throws ExecutionException { throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); } /** - * Retrieves privileges for the given username, role, namespace, and table. + * Retrieves privileges for the given role, namespace, and table. * - * @param username the username * @param roleName the role name * @param namespaceName the namespace name * @param tableName the table name * @return a set of privileges for the given role, namespace, and table * @throws ExecutionException if the operation fails */ - default Set getRolePrivileges( - String username, String roleName, String namespaceName, String tableName) + default Set getRolePrivileges(String roleName, String namespaceName, String tableName) throws ExecutionException { throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); } diff --git a/core/src/main/java/com/scalar/db/common/DecoratedDistributedTransactionAdmin.java b/core/src/main/java/com/scalar/db/common/DecoratedDistributedTransactionAdmin.java index c8535604b4..ae5bb18fcf 100644 --- a/core/src/main/java/com/scalar/db/common/DecoratedDistributedTransactionAdmin.java +++ b/core/src/main/java/com/scalar/db/common/DecoratedDistributedTransactionAdmin.java @@ -426,34 +426,32 @@ public List getUsersForRole(String roleName) throws ExecutionException } @Override - public void grantRoleToRole(String roleName, String memberRole, boolean withAdminOption) + public void grantRoleToRole(String roleName, String memberRoleName, boolean withAdminOption) throws ExecutionException { - distributedTransactionAdmin.grantRoleToRole(roleName, memberRole, withAdminOption); + distributedTransactionAdmin.grantRoleToRole(roleName, memberRoleName, withAdminOption); } @Override - public void revokeRoleFromRole(String roleName, String memberRole) throws ExecutionException { - distributedTransactionAdmin.revokeRoleFromRole(roleName, memberRole); + public void revokeRoleFromRole(String roleName, String memberRoleName) throws ExecutionException { + distributedTransactionAdmin.revokeRoleFromRole(roleName, memberRoleName); } @Override - public void revokeAdminOptionFromRole(String roleName, String memberRole) + public void revokeAdminOptionFromRole(String roleName, String memberRoleName) throws ExecutionException { - distributedTransactionAdmin.revokeAdminOptionFromRole(roleName, memberRole); + distributedTransactionAdmin.revokeAdminOptionFromRole(roleName, memberRoleName); } @Override - public Set getRolePrivileges(String username, String roleName, String namespaceName) + public Set getRolePrivileges(String roleName, String namespaceName) throws ExecutionException { - return distributedTransactionAdmin.getRolePrivileges(username, roleName, namespaceName); + return distributedTransactionAdmin.getRolePrivileges(roleName, namespaceName); } @Override - public Set getRolePrivileges( - String username, String roleName, String namespaceName, String tableName) + public Set getRolePrivileges(String roleName, String namespaceName, String tableName) throws ExecutionException { - return distributedTransactionAdmin.getRolePrivileges( - username, roleName, namespaceName, tableName); + return distributedTransactionAdmin.getRolePrivileges(roleName, namespaceName, tableName); } @Override From 1432493a23abbc8fe111b580afe68f3d037fe75d Mon Sep 17 00:00:00 2001 From: Mitsunori Komatsu Date: Wed, 29 Oct 2025 19:16:28 +0900 Subject: [PATCH 4/6] Add UserRoleDetail and return it from getRolesForUser() --- core/src/main/java/com/scalar/db/api/AuthAdmin.java | 6 +++++- .../db/common/DecoratedDistributedTransactionAdmin.java | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/core/src/main/java/com/scalar/db/api/AuthAdmin.java b/core/src/main/java/com/scalar/db/api/AuthAdmin.java index 23adf7f0db..99aca6b35b 100644 --- a/core/src/main/java/com/scalar/db/api/AuthAdmin.java +++ b/core/src/main/java/com/scalar/db/api/AuthAdmin.java @@ -214,7 +214,7 @@ default List getRoles() throws ExecutionException { * @return a list of {@link RoleDetail}s for the given user * @throws ExecutionException if the operation fails */ - default List getRolesForUser(String username) throws ExecutionException { + default List getRolesForUser(String username) throws ExecutionException { throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); } @@ -412,6 +412,10 @@ interface RoleDetail { List getRoleHierarchies(); } + interface UserRoleDetail extends RoleDetail { + boolean hasAdminOptionOnUser(); + } + /** Represents a user-role assignment */ interface UserRole { String getUsername(); diff --git a/core/src/main/java/com/scalar/db/common/DecoratedDistributedTransactionAdmin.java b/core/src/main/java/com/scalar/db/common/DecoratedDistributedTransactionAdmin.java index ae5bb18fcf..c3fb55ae55 100644 --- a/core/src/main/java/com/scalar/db/common/DecoratedDistributedTransactionAdmin.java +++ b/core/src/main/java/com/scalar/db/common/DecoratedDistributedTransactionAdmin.java @@ -399,7 +399,7 @@ public List getRoles() throws ExecutionException { } @Override - public List getRolesForUser(String username) throws ExecutionException { + public List getRolesForUser(String username) throws ExecutionException { return distributedTransactionAdmin.getRolesForUser(username); } From 793fb0c49b91db4a5761c865aeba1ccfea347fd3 Mon Sep 17 00:00:00 2001 From: Mitsunori Komatsu Date: Tue, 4 Nov 2025 18:58:22 +0900 Subject: [PATCH 5/6] Fix comments --- .../java/com/scalar/db/api/AuthAdmin.java | 31 +++++++++++++------ 1 file changed, 22 insertions(+), 9 deletions(-) diff --git a/core/src/main/java/com/scalar/db/api/AuthAdmin.java b/core/src/main/java/com/scalar/db/api/AuthAdmin.java index 09f8325808..5b2b268c88 100644 --- a/core/src/main/java/com/scalar/db/api/AuthAdmin.java +++ b/core/src/main/java/com/scalar/db/api/AuthAdmin.java @@ -208,10 +208,10 @@ default List getRoles() throws ExecutionException { } /** - * Retrieves a list of {@link RoleDetail}s for the given user. + * Retrieves a list of {@link UserRoleDetail}s for the given user. * * @param username the username - * @return a list of {@link RoleDetail}s for the given user + * @return a list of {@link UserRoleDetail}s for the given user * @throws ExecutionException if the operation fails */ default List getRolesForUser(String username) throws ExecutionException { @@ -223,7 +223,7 @@ default List getRolesForUser(String username) throws ExecutionEx * * @param username the username * @param roleName the role name - * @param withAdminOption if true, the user can grant the role to other users + * @param withAdminOption if true, the user can grant the role to other users or roles * @throws IllegalArgumentException if the user does not exist or the role does not exist * @throws ExecutionException if the operation fails */ @@ -269,11 +269,13 @@ default List getUsersForRole(String roleName) throws ExecutionExceptio } /** - * Grants a role to another role. + * Grants a member role to a role. Users or roles that have the role will inherit all privileges + * from the member role. * * @param roleName the role name - * @param memberRoleName the member role name - * @param withAdminOption if true, the member role can grant the role to other roles + * @param memberRoleName the member role name to be granted to the role + * @param withAdminOption if true, users or roles that have the role can grant the member role to + * other users or roles * @throws IllegalArgumentException if the role does not exist or the member role does not exist * @throws ExecutionException if the operation fails */ @@ -401,7 +403,7 @@ interface User { boolean isSuperuser(); } - /** Represents a role */ + /** Represents a role. */ interface Role { String getName(); } @@ -413,11 +415,19 @@ interface RoleDetail { List getRoleHierarchies(); } + /** + * Represents a role detail for a specific user, including whether the user has admin option for + * this role. + */ interface UserRoleDetail extends RoleDetail { + /** + * Returns whether the user has admin option for this role. This is distinct from the admin + * option in role hierarchies, which applies to role-to-role grants. + */ boolean hasAdminOptionOnUser(); } - /** Represents a user-role assignment */ + /** Represents a user-role assignment. */ interface UserRole { String getUsername(); @@ -426,12 +436,15 @@ interface UserRole { boolean hasAdminOption(); } - /** Represents a role hierarchy (role-to-role assignment) */ + /** Represents a role hierarchy (role-to-role assignment). */ interface RoleHierarchy { + /** Returns the role name. */ String getRoleName(); + /** Returns the member role name granted to the role. */ String getMemberRoleName(); + /** Returns whether admin option is granted for this hierarchy. */ boolean hasAdminOption(); } From 79d696b6162bc6af98bd990b8a5da37cd44ad852 Mon Sep 17 00:00:00 2001 From: Mitsunori Komatsu Date: Wed, 5 Nov 2025 14:12:13 +0900 Subject: [PATCH 6/6] Update core/src/main/java/com/scalar/db/api/AuthAdmin.java Co-authored-by: Toshihiro Suzuki --- core/src/main/java/com/scalar/db/api/AuthAdmin.java | 1 + 1 file changed, 1 insertion(+) diff --git a/core/src/main/java/com/scalar/db/api/AuthAdmin.java b/core/src/main/java/com/scalar/db/api/AuthAdmin.java index 5b2b268c88..4cd2b2b29e 100644 --- a/core/src/main/java/com/scalar/db/api/AuthAdmin.java +++ b/core/src/main/java/com/scalar/db/api/AuthAdmin.java @@ -397,6 +397,7 @@ default void revokePrivilegeFromRole( throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); } + /** Represents a user. */ interface User { String getName();