search

trinodb / trino

Official repository of Trino, the distributed SQL query engine for big data, formerly known as PrestoSQL (https://trino.io)
https://trino.io
Apache License 2.0
10.08k stars 2.91k forks source link

Trino doesn't allow to create a role in hive catalog #22623

Open hsushmitha opened 1 month ago

hsushmitha commented 1 month ago

Hi, We are trying to create custom roles in Trino in hive catalog to restrict users from executing certain queries. We are executing this query through trino rest api: /v1/statement: CREATE ROLE customRole In hive we get this error: This connector does not support roles do we have an alternative to restrict users from executing certain queries eg: delete queries. Ideally we want to create role and map users to the roles and then grant privileges on these roles, but it looks like hive connector doesn't support role creation.

Thanks, Sushmitha

ebyhr commented 1 month ago

The connector supports creating roles. What hive.security are you using?

hsushmitha commented 1 month ago

we are setting hive.security=allow-all for hive catalog

ebyhr commented 1 month ago

The access control doesn't support creating roles. Why do you want to manage roles in allow-all security?

Praveen2112 commented 1 month ago

Hive does support creating roles when we set the hive.security=SQL_STANDARD . Any specific reason not using that security mode in case of hive ?

hsushmitha commented 1 month ago

Initially we started off with not having roles. But now we have a scenario where we need to be able to restrict users to allow select, delete functionality. so if we set hive.security=SQL_STANDARD, what roles would existing user assume?