User Access Management

You can define user access permissions for different catalogs and tables.

  1. On the coordinator, create the /etc/presto/access-control.properties file by running:
sudo vim /etc/presto/access-control.properties

The file content should be:

access-control.name=file
security.config-file=/etc/presto/rules.json
  1. Create the /etc/presto/rules.json file by running:
sudo vim /etc/presto/rules.json

The file content should include the following content that defines the mandatory ec2-user user:

{
  "catalogs": [
    {
      "user": "ec2-user",
      "allow": "all"
    },
    {
      "catalog": "(varada|hive|iceberg|varada_iceberg)",
      "allow": "read-only"
    },
    {
      "catalog": "system",
      "allow": "none"
    }
  ]
}

In this example, the ec2-user has access across all tables and schemas, and all other users have read-only access to the varada, hive, iceberg and varada_iceberg catalogs, and no access to other catalogs.

In this example, the ec2-user user has access across all tables and schemas, and the test-user will only be able to select data from the trips_data table:

{
  "catalogs": [
    {
      "user": "test-user",
      "allow": "all"
    },
    {
      "user": "ec2-user",
      "allow": "all"
    },
    {
      "catalog": "system",
      "allow": "none"
    }
  ],
 "tables": [
   {
      "user": "ec2-user",
      "privileges": ["SELECT", "INSERT", "DELETE", "OWNERSHIP"]
    },
    {
      "user": "test-user",
      "catalog": "varada",
      "privileges": ["SELECT"],
      "schema":"trips",
      "table":"trips_data"
    }
  ]
}
  1. Once the files are in place, add read permissions for all users by running:
sudo chmod a+r /etc/presto/access-control.properties /etc/presto/rules.json
  1. Restart the cluster.

👍

For more information and advanced options, see here.