We can restrict permissions on Trino with system access control. Putting access-control.name=read-only in etc/access-control.properties works well. Example with an OPTIMIZE:
I tried to apply the same behavior with file-based access control. The docs says:
allow (required): string indicating whether a user has access to the catalog. This value can be all, read-only or none, and defaults to none. Setting this value to read-only has the same behavior as the read-only system access control plugin.
So I made the following configuration for rules.json:
Hello there,
We can restrict permissions on Trino with system access control. Putting
access-control.name=read-only
inetc/access-control.properties
works well. Example with an OPTIMIZE:I tried to apply the same behavior with file-based access control. The docs says:
So I made the following configuration for
rules.json
:This effectively prevents INSERT / DELETE / UPDATES operations to tables, but some operations can still be done. For example:
I tried to add empty sets of rules for procedures and functions, but it doesn't change the result:
Am I missing something?
Thanks