You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When enabling file based access control in trino, there is no way for CREATE CATALOG to work.
Even though specifying any catalog for admin user in the rules. It still ends up with Access Denied.
{
"catalogs": [
{
"catalog": ".*",
"user": "admin",
"allow": "all"
}]
}
CREATE CATALOG tpch USING tpch;
io.trino.spi.security.AccessDeniedException: Access Denied: Cannot create catalog tpch
at io.trino.spi.security.AccessDeniedException.denyCreateCatalog(AccessDeniedException.java:131)
at io.trino.spi.security.AccessDeniedException.denyCreateCatalog(AccessDeniedException.java:126)
at io.trino.plugin.base.security.FileBasedSystemAccessControl.checkCanCreateCatalog(FileBasedSystemAccessControl.java:414)
at io.trino.plugin.base.security.ForwardingSystemAccessControl.checkCanCreateCatalog(ForwardingSystemAccessControl.java:136)
at io.trino.security.AccessControlManager.lambda$checkCanCreateCatalog$8(AccessControlManager.java:356)
at io.trino.security.AccessControlManager.systemAuthorizationCheck(AccessControlManager.java:1503)
at io.trino.security.AccessControlManager.checkCanCreateCatalog(AccessControlManager.java:356)
at io.trino.security.ForwardingAccessControl.checkCanCreateCatalog(ForwardingAccessControl.java:110)
at io.trino.tracing.TracingAccessControl.checkCanCreateCatalog(TracingAccessControl.java:142)
at io.trino.execution.CreateCatalogTask.execute(CreateCatalogTask.java:78)
at io.trino.execution.CreateCatalogTask.execute(CreateCatalogTask.java:44)
at io.trino.execution.DataDefinitionExecution.start(DataDefinitionExecution.java:146)
at io.trino.execution.SqlQueryManager.createQuery(SqlQueryManager.java:272)
at io.trino.dispatcher.LocalDispatchQuery.startExecution(LocalDispatchQuery.java:150)
at io.trino.dispatcher.LocalDispatchQuery.lambda$waitForMinimumWorkers$2(LocalDispatchQuery.java:134)
at io.airlift.concurrent.MoreFutures.lambda$addSuccessCallback$12(MoreFutures.java:570)
at io.airlift.concurrent.MoreFutures$3.onSuccess(MoreFutures.java:545)
at com.google.common.util.concurrent.Futures$CallbackListener.run(Futures.java:1137)
at io.trino.$gen.Trino_448____20240518_231645_2.run(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
at java.base/java.lang.Thread.run(Thread.java:1570)
When removing the access control config and restarting trino, the CREATE CATALOG works without issues.
Is there a way to define a rule so CREATE CATALOG still works even when access control is defined?
Trino Version: 448
The text was updated successfully, but these errors were encountered:
When enabling file based access control in trino, there is no way for CREATE CATALOG to work.
Even though specifying any catalog for admin user in the rules. It still ends up with Access Denied.
When removing the access control config and restarting trino, the CREATE CATALOG works without issues.
Is there a way to define a rule so CREATE CATALOG still works even when access control is defined?
Trino Version: 448
The text was updated successfully, but these errors were encountered: