Skip to content

Trino System Properties

This section describes System Properties in Trino and how to control them using Privacera Trino (privacera_trino) policies.

What is a System Property in Trino?

A System Property in Trino is a cluster-level session property that controls how the query engine behaves during query execution. It affects the query planner, optimizer, memory limits, execution behavior, retries, joins, spilling, and more. These are session-scoped properties: if the Trino CLI or client session is restarted, the property value is reset.

System Properties in privacera_trino Policies

In privacera_trino policies, the resource type System Property represents Trino system properties. You can define policies on these properties and grant the ALTER permission to allow users to modify them using SET SESSION in Trino.

Example

The following example uses the query_max_execution_time system property. You can set other Trino system properties in the same way by creating policies for the corresponding property name.

Command:

SQL
1
SET SESSION query_max_execution_time = '5s';

Purpose: This property defines the maximum time a query is allowed to execute. If a query exceeds this limit, Trino automatically terminates it. In the example above, the execution time is set to 5 seconds, so any query running longer than 5 seconds in that session will be killed by Trino.

Creating a Policy in Privacera Portal

To allow a user, group or role to set a specific system property (for example, query_max_execution_time), create or update a policy in the Privacera Portal with the following steps:

  1. Navigate to the Privacera Portal.
  2. Go to Access ManagementPolicies.
  3. Select the privacera_trino service.
  4. Click Add New Policy (or edit an existing policy, if applicable).

Configure the policy with the following values:

  • Resource Type: System Property
    Resource Name: query_max_execution_time (or the system property you want to allow)
  • Access Type: ALTER
  • Allowed User/Group/Role: assign the user, group or role that may set this property

Users who have this policy can run SET SESSION query_max_execution_time = '5s'; (and other values) in their Trino session. Users without the ALTER permission on that system property will be denied when they attempt to set it.