atoti_plus.security module

class atoti_plus.security.BasicAuthentication(_java_api, users)
create_user(username, *, password=None, roles=None)

Add a user able to authenticate against the session using Basic Authentication.

The roles and password of the user can be changed at any time.

Example

>>> config = tt.config.create_config(
...     authentication=tt.config.create_basic_authentication()
... )
>>> session = tt.create_session("tesla", config=config)
>>> sorted(session.security.basic.users.keys())
[]
>>> elon = session.security.basic.create_user(
...     "elon", password="X Æ A-12", roles=["ROLE_SOUTH_AFRICA"]
... )
>>> # The special ROLE_USER role is automatically added
>>> sorted(elon.roles)
['ROLE_SOUTH_AFRICA', 'ROLE_USER']
>>> elon.roles.add("ROLE_USA")
>>> sorted(elon.roles)
['ROLE_SOUTH_AFRICA', 'ROLE_USA', 'ROLE_USER']
>>> # Change the password
>>> elon.password = "AE A-XII"
>>> # Revoke access
>>> del session.security.basic.users["elon"]
>>> sorted(session.security.basic.users.keys())
[]
Return type

User

users: BasicUsers
class atoti_plus.security.BasicUsers(_java_api)
authentication_type()

Get the type of user this contains.

Return type

str

class atoti_plus.security.KerberosAuthentication(_java_api, users)
create_user(username, *, roles=None)

Add a user able to authenticate against the session using Kerberos.

The roles of the user can be changed at any time.

See also

create_user() for a similar usage example.

Return type

User

users: KerberosUsers
class atoti_plus.security.KerberosUsers(_java_api)
authentication_type()

Get the type of user this contains.

Return type

str

class atoti_plus.security.Restrictions(_java_api, _role, _restrictions=None)
class atoti_plus.security.Role(name, restrictions, _java_api)

A role and its restrictions.

name: str
restrictions: Restrictions
class atoti_plus.security.Roles(_java_api)

All of the roles defined in the session.

class atoti_plus.security.Security(java_api)

Security management for the current session.

basic: BasicAuthentication
create_role(name, *, restrictions=None)

Create a role with the given restrictions.

The restrictions associated with a role can be modified at any time.

  • Restrictions apply on store columns and are inherited by all hierarchies based on these columns.

  • Restrictions on different hierarchies are intersected.

  • However, if a user has several roles with restrictions on the same hierarchies, access to the union of restricted members will be granted.

There are special roles which cannot be redefined:

  • ROLE_USER: required to access the application

  • ROLE_ADMIN: gives full access (read, write, delete, etc) to the application

Example

>>> role_france = session.security.create_role(
...     "ROLE_FRANCE", restrictions={"Country": ["France"]}
... )
>>> sorted(session.security.roles.keys())
['ROLE_FRANCE']
>>> role_america = session.security.create_role(
...     "ROLE_AMERICA", restrictions={"Country": ["Canada", "USA"]}
... )
>>> sorted(role_america.restrictions["Country"])
['Canada', 'USA']
>>> sorted(session.security.roles.keys())
['ROLE_AMERICA', 'ROLE_FRANCE']
>>> role_china = session.security.create_role(
...     "ROLE_CHINA", restrictions={"Country": ["China"]}
... )
>>> role_france.restrictions["City"] = ["Paris"]
>>> sorted(role_france.restrictions.keys())
['City', 'Country']

In this example:

  • A user with the role ROLE_AMERICA will only see the data related to USA and Canada and will not see the data for France.

  • A user with the role ROLE_FRANCE will only see the data where the country is France AND the city is Paris

  • A user with both ROLE_AMERICA and ROLE_CHINA will see the data where the country is USA, Canada, OR China.

Example

>>> del session.security.roles["ROLE_FRANCE"]
>>> sorted(session.security.roles.keys())
['ROLE_AMERICA', 'ROLE_CHINA']
Return type

Role

kerberos: KerberosAuthentication
roles: Roles
class atoti_plus.security.User(username, *, _java_api, password=None, roles=None, authentication_type)
password: Optional[str]
roles: UserRoles
username: str
class atoti_plus.security.UserRoles(_data, _user)
class atoti_plus.security.Users(_java_api)
abstract authentication_type()

Get the type of user this contains.

Return type

str

atoti_plus.security.change_user_password(self, username, *, password, authentication_type)
atoti_plus.security.create_user(self, user, *, authentication_type)
atoti_plus.security.delete_role(self, role_name)

Remove a role.

atoti_plus.security.delete_user(self, username, *, authentication_type)
atoti_plus.security.get_roles(self)
Return type

Mapping[str, Mapping[str, List[str]]]

atoti_plus.security.get_user(self, username, *, authentication_type)
Return type

Optional[User]

atoti_plus.security.get_users(self, *, authentication_type)
Return type

Mapping[str, User]

atoti_plus.security.update_user_roles(self, username, *, roles, authentication_type)
atoti_plus.security.upsert_role(self, role_name, restrictions)

Update the restrictions of a role.