@@ -175,12 +175,280 @@ default Set<Privilege> getPrivileges(String username, String namespaceName)
175175 throw new UnsupportedOperationException (CoreError .AUTH_NOT_ENABLED .buildMessage ());
176176 }
177177
178+ /**
179+ * Creates a role with the given role name.
180+ *
181+ * @param roleName the role name
182+ * @throws IllegalArgumentException if the role already exists
183+ * @throws ExecutionException if the operation fails
184+ */
185+ default void createRole (String roleName ) throws ExecutionException {
186+ throw new UnsupportedOperationException (CoreError .AUTH_NOT_ENABLED .buildMessage ());
187+ }
188+
189+ /**
190+ * Drops a role with the given role name.
191+ *
192+ * @param roleName the role name
193+ * @throws IllegalArgumentException if the role does not exist
194+ * @throws ExecutionException if the operation fails
195+ */
196+ default void dropRole (String roleName ) throws ExecutionException {
197+ throw new UnsupportedOperationException (CoreError .AUTH_NOT_ENABLED .buildMessage ());
198+ }
199+
200+ /**
201+ * Retrieves a list of {@link RoleDetail}s.
202+ *
203+ * @return a list of {@link RoleDetail}s
204+ * @throws ExecutionException if the operation fails
205+ */
206+ default List <RoleDetail > getRoles () throws ExecutionException {
207+ throw new UnsupportedOperationException (CoreError .AUTH_NOT_ENABLED .buildMessage ());
208+ }
209+
210+ /**
211+ * Retrieves a list of {@link UserRoleDetail}s for the given user.
212+ *
213+ * @param username the username
214+ * @return a list of {@link UserRoleDetail}s for the given user
215+ * @throws ExecutionException if the operation fails
216+ */
217+ default List <UserRoleDetail > getRolesForUser (String username ) throws ExecutionException {
218+ throw new UnsupportedOperationException (CoreError .AUTH_NOT_ENABLED .buildMessage ());
219+ }
220+
221+ /**
222+ * Grants a role to a user.
223+ *
224+ * @param username the username
225+ * @param roleName the role name
226+ * @param withAdminOption if true, the user can grant the role to other users or roles
227+ * @throws IllegalArgumentException if the user does not exist or the role does not exist
228+ * @throws ExecutionException if the operation fails
229+ */
230+ default void grantRoleToUser (String username , String roleName , boolean withAdminOption )
231+ throws ExecutionException {
232+ throw new UnsupportedOperationException (CoreError .AUTH_NOT_ENABLED .buildMessage ());
233+ }
234+
235+ /**
236+ * Revokes a role from a user.
237+ *
238+ * @param username the username
239+ * @param roleName the role name
240+ * @throws IllegalArgumentException if the user does not exist or the role does not exist
241+ * @throws ExecutionException if the operation fails
242+ */
243+ default void revokeRoleFromUser (String username , String roleName ) throws ExecutionException {
244+ throw new UnsupportedOperationException (CoreError .AUTH_NOT_ENABLED .buildMessage ());
245+ }
246+
247+ /**
248+ * Revokes admin option from a user for a role.
249+ *
250+ * @param username the username
251+ * @param roleName the role name
252+ * @throws IllegalArgumentException if the user does not exist or the role does not exist
253+ * @throws ExecutionException if the operation fails
254+ */
255+ default void revokeAdminOptionFromUser (String username , String roleName )
256+ throws ExecutionException {
257+ throw new UnsupportedOperationException (CoreError .AUTH_NOT_ENABLED .buildMessage ());
258+ }
259+
260+ /**
261+ * Retrieves a list of {@link UserRole}s for the given role.
262+ *
263+ * @param roleName the role name
264+ * @return a list of {@link UserRole}s for the given role
265+ * @throws ExecutionException if the operation fails
266+ */
267+ default List <UserRole > getUsersForRole (String roleName ) throws ExecutionException {
268+ throw new UnsupportedOperationException (CoreError .AUTH_NOT_ENABLED .buildMessage ());
269+ }
270+
271+ /**
272+ * Grants a member role to a role. Users or roles that have the role will inherit all privileges
273+ * from the member role.
274+ *
275+ * @param roleName the role name
276+ * @param memberRoleName the member role name to be granted to the role
277+ * @param withAdminOption if true, users or roles that have the role can grant the member role to
278+ * other users or roles
279+ * @throws IllegalArgumentException if the role does not exist or the member role does not exist
280+ * @throws ExecutionException if the operation fails
281+ */
282+ default void grantRoleToRole (String roleName , String memberRoleName , boolean withAdminOption )
283+ throws ExecutionException {
284+ throw new UnsupportedOperationException (CoreError .AUTH_NOT_ENABLED .buildMessage ());
285+ }
286+
287+ /**
288+ * Revokes a role from another role.
289+ *
290+ * @param roleName the role name
291+ * @param memberRoleName the member role name
292+ * @throws IllegalArgumentException if the role does not exist or the member role does not exist
293+ * @throws ExecutionException if the operation fails
294+ */
295+ default void revokeRoleFromRole (String roleName , String memberRoleName )
296+ throws ExecutionException {
297+ throw new UnsupportedOperationException (CoreError .AUTH_NOT_ENABLED .buildMessage ());
298+ }
299+
300+ /**
301+ * Revokes admin option from a role for another role.
302+ *
303+ * @param roleName the role name
304+ * @param memberRoleName the member role name
305+ * @throws IllegalArgumentException if the role does not exist or the member role does not exist
306+ * @throws ExecutionException if the operation fails
307+ */
308+ default void revokeAdminOptionFromRole (String roleName , String memberRoleName )
309+ throws ExecutionException {
310+ throw new UnsupportedOperationException (CoreError .AUTH_NOT_ENABLED .buildMessage ());
311+ }
312+
313+ /**
314+ * Retrieves privileges for the given role and namespace.
315+ *
316+ * @param roleName the role name
317+ * @param namespaceName the namespace name
318+ * @return a set of privileges for the given role and namespace
319+ * @throws ExecutionException if the operation fails
320+ */
321+ default Set <Privilege > getRolePrivileges (String roleName , String namespaceName )
322+ throws ExecutionException {
323+ throw new UnsupportedOperationException (CoreError .AUTH_NOT_ENABLED .buildMessage ());
324+ }
325+
326+ /**
327+ * Retrieves privileges for the given role, namespace, and table.
328+ *
329+ * @param roleName the role name
330+ * @param namespaceName the namespace name
331+ * @param tableName the table name
332+ * @return a set of privileges for the given role, namespace, and table
333+ * @throws ExecutionException if the operation fails
334+ */
335+ default Set <Privilege > getRolePrivileges (String roleName , String namespaceName , String tableName )
336+ throws ExecutionException {
337+ throw new UnsupportedOperationException (CoreError .AUTH_NOT_ENABLED .buildMessage ());
338+ }
339+
340+ /**
341+ * Grants privileges to a role for all tables in the given namespace.
342+ *
343+ * @param roleName the role name
344+ * @param namespaceName the namespace name
345+ * @param privileges the privileges
346+ * @throws IllegalArgumentException if the role does not exist or the namespace does not exist
347+ * @throws ExecutionException if the operation fails
348+ */
349+ default void grantPrivilegeToRole (String roleName , String namespaceName , Privilege ... privileges )
350+ throws ExecutionException {
351+ throw new UnsupportedOperationException (CoreError .AUTH_NOT_ENABLED .buildMessage ());
352+ }
353+
354+ /**
355+ * Grants privileges to a role for the given table.
356+ *
357+ * @param roleName the role name
358+ * @param namespaceName the namespace name of the table
359+ * @param tableName the table name
360+ * @param privileges the privileges
361+ * @throws IllegalArgumentException if the role does not exist or the table does not exist
362+ * @throws ExecutionException if the operation fails
363+ */
364+ default void grantPrivilegeToRole (
365+ String roleName , String namespaceName , String tableName , Privilege ... privileges )
366+ throws ExecutionException {
367+ throw new UnsupportedOperationException (CoreError .AUTH_NOT_ENABLED .buildMessage ());
368+ }
369+
370+ /**
371+ * Revokes privileges from a role for all tables in the given namespace.
372+ *
373+ * @param roleName the role name
374+ * @param namespaceName the namespace name
375+ * @param privileges the privileges
376+ * @throws IllegalArgumentException if the role does not exist or the namespace does not exist
377+ * @throws ExecutionException if the operation fails
378+ */
379+ default void revokePrivilegeFromRole (
380+ String roleName , String namespaceName , Privilege ... privileges ) throws ExecutionException {
381+ throw new UnsupportedOperationException (CoreError .AUTH_NOT_ENABLED .buildMessage ());
382+ }
383+
384+ /**
385+ * Revokes privileges from a role for the given table.
386+ *
387+ * @param roleName the role name
388+ * @param namespaceName the namespace name of the table
389+ * @param tableName the table name
390+ * @param privileges the privileges
391+ * @throws IllegalArgumentException if the role does not exist or the table does not exist
392+ * @throws ExecutionException if the operation fails
393+ */
394+ default void revokePrivilegeFromRole (
395+ String roleName , String namespaceName , String tableName , Privilege ... privileges )
396+ throws ExecutionException {
397+ throw new UnsupportedOperationException (CoreError .AUTH_NOT_ENABLED .buildMessage ());
398+ }
399+
400+ /** Represents a user. */
178401 interface User {
179402 String getName ();
180403
181404 boolean isSuperuser ();
182405 }
183406
407+ /** Represents a role. */
408+ interface Role {
409+ String getName ();
410+ }
411+
412+ /** Represents a role with its hierarchy information. */
413+ interface RoleDetail {
414+ Role getRole ();
415+
416+ List <RoleHierarchy > getRoleHierarchies ();
417+ }
418+
419+ /**
420+ * Represents a role detail for a specific user, including whether the user has admin option for
421+ * this role.
422+ */
423+ interface UserRoleDetail extends RoleDetail {
424+ /**
425+ * Returns whether the user has admin option for this role. This is distinct from the admin
426+ * option in role hierarchies, which applies to role-to-role grants.
427+ */
428+ boolean hasAdminOptionOnUser ();
429+ }
430+
431+ /** Represents a user-role assignment. */
432+ interface UserRole {
433+ String getUsername ();
434+
435+ String getRoleName ();
436+
437+ boolean hasAdminOption ();
438+ }
439+
440+ /** Represents a role hierarchy (role-to-role assignment). */
441+ interface RoleHierarchy {
442+ /** Returns the role name. */
443+ String getRoleName ();
444+
445+ /** Returns the member role name granted to the role. */
446+ String getMemberRoleName ();
447+
448+ /** Returns whether admin option is granted for this hierarchy. */
449+ boolean hasAdminOption ();
450+ }
451+
184452 /** The user options. */
185453 enum UserOption {
186454 /** If specified, the user is created as a superuser. */
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?v=4&size=40){kind=avatar}
0 commit comments