search

os-climate / os_c_data_commons

Repository for Data Commons platform architecture overview, as well as developer and user documentation
Apache License 2.0
18 stars 10 forks source link

trino `admins` group cannot drop tables #83

Open erikerlandson opened 2 years ago

erikerlandson commented 2 years ago

A while ago I created a few tables as user erik, but have since moved to the more correct github-based erikerlandson account.

However, although in theory erikerlandson has privileges for admins group, I cannot delete this old table created by user erik:

cur.execute('drop table if exists osc_datacommons_dev.urgentem.itr_emissions_1')
cur.fetchall()

results in following error:

TrinoUserError: TrinoUserError(type=USER_ERROR, name=PERMISSION_DENIED,
message="Access Denied: Cannot drop table urgentem.itr_emissions_1: 
Owner of the table ('erik') is different from session user ('erikerlandson')", 
query_id=20211008_221126_02852_8347x)

I believe we need to configure the admins group to also include ability to drop tables.

cc @rimolive @HumairAK @caldeirav @MichaelTiemannOSC

erikerlandson commented 2 years ago

side-note, I also tried as user admin, but that also errored out:

TrinoUserError(type=USER_ERROR, name=PERMISSION_DENIED, 
message="Access Denied: Cannot drop table urgentem.itr_emissions_1: 
Owner of the table ('erik') is different from session user ('admin')", query_id=20211008_222513_02853_8347x)

May require somehow assigning the role admin to admins. I haven't figure out where or how role assignments get configured. https://trino.io/docs/current/connector/hive-security.html#sql-standard-based-authorization