Feature Request Support location access control

[lozbrown]

One of the challenges here is that this potentially opens out access to table data fromtables the user might not otherwise have access to..

One way to limit this would be to have a whitelist + blacklist of patterns to for locations users should/shouldnt be allowed access to. Particularly if that can include placeholder like {current_user}

Eg: Whitelist: s3://some-bucket-everyone-can-access/{current_user}

I'd also love to be able to configure multiple instance of this catalog with different names (similar to other plugins) and potentially different versions of the above whitelist/blacklist

EG admins have access to a global-storage catalog users have access to a user-storage catalog with a much stricter whitelist/blacklist

[nineinchnick]

Are you getting any errors when trying to configure multiple catalogs with this connector? You should be able to use different cloud users/roles to limit access.

[lozbrown]

How would we configure multiple catalogs (and or rename the catalog) for this?

From the documentation i see no mention of a config so it seems to we would always get a catalog named storage.

We can permission this at the catalog level as far as we can tell but as mentioned above this would give a global access. fine for admins but less useful to give access to end users.

Potential use case for us is to allow users to query / ETL the outputs of there ML models that get delivered to a user-name based prefix on S3.

Maybe much more granular permission etc is possible and documentation could be improved slightly to see that.

[nineinchnick]

Catalog name is determined by the name of the catalog properties file: https://trino.io/docs/current/installation/deployment.html#catalog-properties

[lozbrown]

ok

Thanks for that, regardless i don't see a to limit access to instances of this catalog so the feature request still stands.