Closed AlakmarShafin closed 8 months ago
Hi @AlakmarShafin, thanks for the report but it looks it works as expected. DROP
table permission is required in order to execute unregister_table
procedure, see: https://github.com/trinodb/trino/blob/5ac064541e62dd7253bdaac86e11a447cb427052/plugin/trino-delta-lake/src/main/java/io/trino/plugin/deltalake/procedure/UnregisterTableProcedure.java#L98C23-L98C40
But I need to grant permission only to unregister the table but in this case I have to put "allow":"all" { "user": "trinoadminrw", "catalog": ".*", "allow": "all" }
Which gives that user access to drop view, delete or update data, etc. these permissions i don't want to grant to a read-only user.
Closing as the expected behavior.
File-based access control rule:
Issue
While running unregister table
CALL deltalake.system.unregister_table(schema_name => 'dl_central_sharepoint', table_name => 'SaleSale_3062022' )
with trinoadminread gives the error "Access Denied: Cannot drop table deltalake.dl_central_sharepoint.salesale_3062022" while I am able to register the table with the same user.Note: Both register_table and unregister_table are working on the user trinoadminrw.
Stack trace:
Error while running register_table with trinoadminread: