javadoc

Author: snazy

polaris-core/src/main/java/org/apache/polaris/core/auth/PolarisAuthorizer.java

@@ -28,10 +28,34 @@
 /** Interface for invoking authorization checks. */
 public interface PolarisAuthorizer {
 
+  /**
+   * Whether the implementation expects Polaris principal roles to be present in the {@code
+   * activatedEntities} parameters of the {@link #authorizeOrThrow(PolarisPrincipal, Set,
+   * PolarisAuthorizableOperation, PolarisResolvedPathWrapper, PolarisResolvedPathWrapper)}
+   * functions.
+   *
+   * <p>If {@code false}, call sites may choose to not pass principal roles.
+   */
   boolean requiresPrincipalRoles();
 
+  /**
+   * Whether the implementation expects Polaris catalog roles to be present in the {@code
+   * activatedEntities} parameters of the {@link #authorizeOrThrow(PolarisPrincipal, Set,
+   * PolarisAuthorizableOperation, PolarisResolvedPathWrapper, PolarisResolvedPathWrapper)}
+   * functions.
+   *
+   * <p>If {@code false}, call sites may choose to not pass catalog roles.
+   */
   boolean requiresCatalogRoles();
 
+  /**
+   * Whether the implementation expects the {@link
+   * org.apache.polaris.core.persistence.ResolvedPolarisEntity}s in the {@link
+   * PolarisResolvedPathWrapper} instances of the {@code target} and {@code secondary} parameters to
+   * contain grant records information.
+   *
+   * <p>If {@code false}, call sites may choose to not pass grant records.
+   */
   boolean requiresResolvedEntities();
 
   void authorizeOrThrow(