Skip to content

Custom Service Repository for Access Management for Trino

Creating a Service Repository

To create a custom service repository, refer to the Creating a Service Repository.

Configure Custom Repository Name

  • Open the values.yaml file for editing:
    Bash
    1
2
    cd ~/privacera-trino-plugin
vi values.yaml

  • Update the values.yaml file with the following configuration:

    YAML
    1
2
3
    env:
  - name: TRINO_HIVE_POLICY_REPO_CATALOG_MAPPING
    value: "custom_repo_1:catalog_1;custom_repo_2:catalog_2,catalog_3"

    Note

    If the custom service repo is not defined, the plugin will use service repos starting with privacera by default.

Validation and Verification

To confirm the successful association of the custom service repo, perform the following steps:

  1. Prerequisites:
    • A custom service repository is created using the steps outlined above in the PrivaceraCloud portal under SQL Repo.
  2. Steps to Validate:
    1. Once your Trino cluster is up and running, open the /etc/trino/access-control.properties file and ensure that the following property is updated with the custom service repository name:
      YAML
      1
      ranger.hive.policy.repo.catalog.mapping
    2. Execute the following SQL commands in the Trino CLI to validate the custom service repository:
      SQL
       1
 2
 3
 4
 5
 6
 7
 8
 9
10
      CREATE TABLE custom_repo_1.test_table (
Emp_Id INT, 
First_Name STRING, 
Last_Name STRING
);

INSERT INTO custom_repo_1.test_table (Emp_Id, First_Name, Last_Name) VALUES (1, 'John', 'Doe'), 
(2, 'Jane', 'Smith'), (3, 'Alice', 'Johnson');

SELECT * FROM custom_repo_1.test_table;
    3. On the Privacera portal, navigate to Access ManagementAudits.
      • Look for the Service Name you provided when creating a service repository under Service Name / Type, e.g., dev_trino.
      • Verify the outcome of the resource policy. Successful access is indicated as Allowed, while failure is indicated as Denied.

Comments