User Access Management
You can define user access permissions for different catalogs and tables.
- On the coordinator, create the /etc/presto/access-control.properties file by running:
sudo vim /etc/presto/access-control.properties
The file content should be:
access-control.name=file
security.config-file=/etc/presto/rules.json
- Create the /etc/presto/rules.json file by running:
sudo vim /etc/presto/rules.json
The file content should include the following content that defines the mandatory ec2-user user:
{
"catalogs": [
{
"user": "ec2-user",
"allow": "all"
},
{
"catalog": "(varada|hive|iceberg|varada_iceberg)",
"allow": "read-only"
},
{
"catalog": "system",
"allow": "none"
}
]
}
In this example, the ec2-user has access across all tables and schemas, and all other users have read-only access to the varada, hive, iceberg and varada_iceberg catalogs, and no access to other catalogs.
In this example, the ec2-user user has access across all tables and schemas, and the test-user will only be able to select data from the trips_data table:
{
"catalogs": [
{
"user": "test-user",
"allow": "all"
},
{
"user": "ec2-user",
"allow": "all"
},
{
"catalog": "system",
"allow": "none"
}
],
"tables": [
{
"user": "ec2-user",
"privileges": ["SELECT", "INSERT", "DELETE", "OWNERSHIP"]
},
{
"user": "test-user",
"catalog": "varada",
"privileges": ["SELECT"],
"schema":"trips",
"table":"trips_data"
}
]
}
- Once the files are in place, add read permissions for all users by running:
sudo chmod a+r /etc/presto/access-control.properties /etc/presto/rules.json
- Restart the cluster.
For more information and advanced options, see here.
Updated over 1 year ago