atoti_plus.security module¶

class atoti_plus.security.BasicSecurity(_java_api, users)¶

create_user(username, *, password=None, roles=None)¶

Add a user able to authenticate against the session using Basic Authentication.

The roles and password of the user can be changed at any time.

Example

>>> session = tt.create_session(
...     "tesla", config={"authentication": {"basic": {}}}
... )
>>> sorted(session.security.basic.users.keys())
[]
>>> elon = session.security.basic.create_user(
...     "elon", password="X Æ A-12", roles=["ROLE_SOUTH_AFRICA"]
... )
>>> # The special ROLE_USER role is automatically added
>>> sorted(elon.roles)
['ROLE_SOUTH_AFRICA', 'ROLE_USER']
>>> elon.roles.add("ROLE_USA")
>>> sorted(elon.roles)
['ROLE_SOUTH_AFRICA', 'ROLE_USA', 'ROLE_USER']
>>> # Change the password
>>> elon.password = "AE A-XII"
>>> # Revoke access
>>> del session.security.basic.users["elon"]
>>> sorted(session.security.basic.users.keys())
[]

Return type: User

users: BasicUsers¶

class atoti_plus.security.BasicUsers(_java_api)¶

authentication_type()¶

Get the type of user this contains.

Return type: str

class atoti_plus.security.KerberosSecurity(_java_api, users)¶

create_user(username, *, roles=None)¶

Add a user able to authenticate against the session using Kerberos.

The roles of the user can be changed at any time.

See also

create_user() for a similar usage example.

Return type: User

users: KerberosUsers¶

class atoti_plus.security.KerberosUsers(_java_api)¶

authentication_type()¶

Get the type of user this contains.

Return type: str

class atoti_plus.security.Restrictions(*, _java_api, _role, _restrictions=None)¶

class atoti_plus.security.Role(name, *, restrictions, _java_api)¶

A role and its restrictions.

name: str¶

restrictions: Restrictions¶

class atoti_plus.security.Roles(_java_api)¶: All of the roles defined in the session.

class atoti_plus.security.Security(java_api)¶

Security management for the current session.

basic: BasicSecurity¶

create_role(name, *, restrictions=None)¶

Create a role with the given restrictions.

The restrictions associated with a role can be modified at any time.

Restrictions apply on table columns and are inherited by all hierarchies based on these columns.
Restrictions on different hierarchies are intersected.
However, if a user has several roles with restrictions on the same hierarchies, access to the union of restricted members will be granted.

There are special roles which cannot be redefined:

ROLE_USER: required to access the application

ROLE_ADMIN: gives full access (read, write, delete, etc) to the application

Example

>>> role_france = session.security.create_role(
...     "ROLE_FRANCE", restrictions={"Country": ["France"]}
... )
>>> sorted(session.security.roles.keys())
['ROLE_FRANCE']
>>> role_america = session.security.create_role(
...     "ROLE_AMERICA", restrictions={"Country": ["Canada", "USA"]}
... )
>>> sorted(role_america.restrictions["Country"])
['Canada', 'USA']
>>> sorted(session.security.roles.keys())
['ROLE_AMERICA', 'ROLE_FRANCE']
>>> role_china = session.security.create_role(
...     "ROLE_CHINA", restrictions={"Country": ["China"]}
... )
>>> role_france.restrictions["City"] = ["Paris"]
>>> sorted(role_france.restrictions.keys())
['City', 'Country']

In this example:

A user with the role ROLE_AMERICA will only see the data related to USA and Canada and will not see the data for France.
A user with the role ROLE_FRANCE will only see the data where the country is France AND the city is Paris
A user with both ROLE_AMERICA and ROLE_CHINA will see the data where the country is USA, Canada, OR China.

Example

>>> del session.security.roles["ROLE_FRANCE"]
>>> sorted(session.security.roles.keys())
['ROLE_AMERICA', 'ROLE_CHINA']

Return type: Role

kerberos: KerberosSecurity¶

roles: Roles¶

class atoti_plus.security.User(username, *, _java_api, authentication_type, password=None, roles=None)¶

password: Optional[str]¶

roles: UserRoles¶

username: str¶

class atoti_plus.security.UserRoles(_data, _user)¶

class atoti_plus.security.Users(_java_api)¶

abstract authentication_type()¶

Get the type of user this contains.

Return type: str

atoti_plus.security.change_user_password(self, username, *, password, authentication_type)¶

atoti_plus.security.create_user(self, user, *, authentication_type)¶

atoti_plus.security.delete_role(self, role_name)¶: Remove a role.

atoti_plus.security.delete_user(self, username, *, authentication_type)¶

atoti_plus.security.get_roles(self)¶

Return type: Mapping[str, Mapping[str, List[str]]]

atoti_plus.security.get_user(self, username, *, authentication_type)¶

Return type: Optional[User]

atoti_plus.security.get_users(self, *, authentication_type)¶

Return type: Mapping[str, User]

atoti_plus.security.update_user_roles(self, username, *, roles, authentication_type)¶

atoti_plus.security.upsert_role(self, role_name, restrictions)¶: Update the restrictions of a role.