In trino I keep getting `Access Denied: Cannot select from table system.jdbc.tables`

2 votes
2 answers
7344 views
                          I just created a new user dataengineer and user group data-engineer

When I try to connect with the user dataengineer using dbeaver I get the following errors.

	SQL Error : Query failed (#20210927_124120_00084_kcmzr): Access Denied: Cannot select from table system.jdbc.tables
	Query failed (#20210927_124120_00084_kcmzr): Access Denied: Cannot select from table system.jdbc.tables
	Query failed (#20210927_124120_00084_kcmzr): Access Denied: Cannot select from table system.jdbc.tables
		io.trino.spi.security.AccessDeniedException: Access Denied: Cannot select from table system.jdbc.tables
		Access Denied: Cannot select from table system.jdbc.tables

When I try to connect using the same user from the trino cli I get the following errors

	trino:jdbc> select 1;
	_col0
	-------
		1
	(1 row)

	Query 20210927_143506_00011_m9sds, FINISHED, 1 node
	https://trino.afsouth1ctcld.net/ui/query.html?20210927_143506_00011_m9sds 
	Splits: 1 total, 1 done (100,00%)
	CPU Time: 0,0s total,     0 rows/s,     0B/s, 0% active
	Per Node: 0,0 parallelism,     0 rows/s,     0B/s
	Parallelism: 0,0
	Peak Memory: 0B
	0,34 [0 rows, 0B] [0 rows/s, 0B/s]

	trino:jdbc> select * from system.jdbc.tables limit 10;
	Query 20210927_144444_00018_m9sds failed: Access Denied: Cannot select from table system.jdbc.tables
	io.trino.spi.security.AccessDeniedException: Access Denied: Cannot select from table system.jdbc.tables

So the user can connect to trino but not query the system tables.
If I connect with a different user called data science it works without any issues.

This is what my group.txt and rules.json file looks like

  	group.txt: |-
    data-science:datascience
    data-engineer:dataengineer

  	rules.json: |-
    {
      "catalogs": [
        {
          "user": "dpadmin",
          "allow": "all"
        },
        {
          "group": "data-engineering|data-platform-admin",
          "catalog": ".*",
          "allow": "all"
        },
        {
          "group": "data-science",
          "catalog": "(iceberg)",
          "allow": "all"
        },
        {
          "group": "data-science",
          "catalog": ".*",
          "allow": "read-only"
        },
        {
        "catalog": "system",
        "allow": "none"
        }
      ],
      "schemas": [
        {
          "user": "dpadmin",
          "schema": ".*",
          "owner": true
        },
        {
          "group": "data-engineering",
          "schema": ".*",
          "owner": true
        },

        {
          "group": "data-science",
          "catalog": ".*",
          "schema": ".*",
          "owner": false
        },
        {
          "user": "guest",
          "owner": false
        }
      ],
      "tables": [
        {
          "group": "data-science",
          "privileges": ["SELECT", "INSERT", "DELETE", "OWNERSHIP"],
          "catalog": "(iceberg)",
          "schema": "(ds_scratch)"
        },
        {
          "group": "data-science",
          "privileges": ["SELECT"],
          "catalog": ".*",
          "schema": ".*"
        }
      ]
    }

                        
Asked by nelaaro (767 rep)
Sep 27, 2021, 03:18 PM
Last activity: May 22, 2023, 02:17 PM
In trino I keep getting `Access Denied: Cannot select from table system.jdbc.tables`

Related Questions
