You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am unable to create catalog even with admin user when providing all access through ranger. What policy can be created in ranger to make this work ?
Error -
trino> CREATE CATALOG mysqluser2 USING mysql
-> WITH (
-> "connection-url" = 'jdbc:mysql://localhost:3306',
-> "connection-user" = 'myuse',
-> "connection-password" = 'mypass'
-> );
Query 20241104_121011_00305_h2u6c failed: Access Denied: Cannot create catalog mysqluser2
io.trino.spi.security.AccessDeniedException: Access Denied: Cannot create catalog mysqluser2
at io.trino.spi.security.AccessDeniedException.denyCreateCatalog(AccessDeniedException.java:131)
at io.trino.spi.security.AccessDeniedException.denyCreateCatalog(AccessDeniedException.java:126)
at io.trino.spi.security.SystemAccessControl.checkCanCreateCatalog(SystemAccessControl.java:243)
at io.trino.security.AccessControlManager.lambda$checkCanCreateCatalog$8(AccessControlManager.java:360)
at io.trino.security.AccessControlManager.systemAuthorizationCheck(AccessControlManager.java:1508)
at io.trino.security.AccessControlManager.checkCanCreateCatalog(AccessControlManager.java:360)
at io.trino.security.ForwardingAccessControl.checkCanCreateCatalog(ForwardingAccessControl.java:110)
at io.trino.tracing.TracingAccessControl.checkCanCreateCatalog(TracingAccessControl.java:142)
at io.trino.execution.CreateCatalogTask.execute(CreateCatalogTask.java:79)
at io.trino.execution.CreateCatalogTask.execute(CreateCatalogTask.java:45)
at io.trino.execution.DataDefinitionExecution.start(DataDefinitionExecution.java:146)
at io.trino.execution.SqlQueryManager.createQuery(SqlQueryManager.java:272)
at io.trino.dispatcher.LocalDispatchQuery.startExecution(LocalDispatchQuery.java:150)
at io.trino.dispatcher.LocalDispatchQuery.lambda$waitForMinimumWorkers$2(LocalDispatchQuery.java:134)
at io.airlift.concurrent.MoreFutures.lambda$addSuccessCallback$12(MoreFutures.java:570)
at io.airlift.concurrent.MoreFutures$3.onSuccess(MoreFutures.java:545)
at com.google.common.util.concurrent.Futures$CallbackListener.run(Futures.java:1137)
at io.trino.$gen.Trino_457_dirty____20241104_075239_2.run(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
at java.base/java.lang.Thread.run(Thread.java:1570)
This discussion was converted from issue #24022 on November 08, 2024 05:15.
Heading
Bold
Italic
Quote
Code
Link
Numbered list
Unordered list
Task list
Attach files
Mention
Reference
Menu
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I am unable to create catalog even with admin user when providing all access through ranger. What policy can be created in ranger to make this work ?
Error -
trino> CREATE CATALOG mysqluser2 USING mysql
-> WITH (
-> "connection-url" = 'jdbc:mysql://localhost:3306',
-> "connection-user" = 'myuse',
-> "connection-password" = 'mypass'
-> );
Query 20241104_121011_00305_h2u6c failed: Access Denied: Cannot create catalog mysqluser2
io.trino.spi.security.AccessDeniedException: Access Denied: Cannot create catalog mysqluser2
at io.trino.spi.security.AccessDeniedException.denyCreateCatalog(AccessDeniedException.java:131)
at io.trino.spi.security.AccessDeniedException.denyCreateCatalog(AccessDeniedException.java:126)
at io.trino.spi.security.SystemAccessControl.checkCanCreateCatalog(SystemAccessControl.java:243)
at io.trino.security.AccessControlManager.lambda$checkCanCreateCatalog$8(AccessControlManager.java:360)
at io.trino.security.AccessControlManager.systemAuthorizationCheck(AccessControlManager.java:1508)
at io.trino.security.AccessControlManager.checkCanCreateCatalog(AccessControlManager.java:360)
at io.trino.security.ForwardingAccessControl.checkCanCreateCatalog(ForwardingAccessControl.java:110)
at io.trino.tracing.TracingAccessControl.checkCanCreateCatalog(TracingAccessControl.java:142)
at io.trino.execution.CreateCatalogTask.execute(CreateCatalogTask.java:79)
at io.trino.execution.CreateCatalogTask.execute(CreateCatalogTask.java:45)
at io.trino.execution.DataDefinitionExecution.start(DataDefinitionExecution.java:146)
at io.trino.execution.SqlQueryManager.createQuery(SqlQueryManager.java:272)
at io.trino.dispatcher.LocalDispatchQuery.startExecution(LocalDispatchQuery.java:150)
at io.trino.dispatcher.LocalDispatchQuery.lambda$waitForMinimumWorkers$2(LocalDispatchQuery.java:134)
at io.airlift.concurrent.MoreFutures.lambda$addSuccessCallback$12(MoreFutures.java:570)
at io.airlift.concurrent.MoreFutures$3.onSuccess(MoreFutures.java:545)
at com.google.common.util.concurrent.Futures$CallbackListener.run(Futures.java:1137)
at io.trino.$gen.Trino_457_dirty____20241104_075239_2.run(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
at java.base/java.lang.Thread.run(Thread.java:1570)
Beta Was this translation helpful? Give feedback.
All reactions