You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi,
I was able to integrate Trino with Polaris (an implementation of Iceberg Rest Catalog)
But the Catalog properties requires fixed authentication properties.
As per https://trino.io/docs/current/object-storage/metastores.html#rest-catalog
I had to add iceberg.rest-catalog.oauth2.credential in the catalog definition essentially making the catalog user specific.
But how can I make Trino apply the same privilege as the logged in user(in Trino) when querying from the catalog.
To explain, consider
userA, userB, userC can log into Trino
in iceberg catalog properties defined in Trino named let's say catA, we have provided userA's credentials to authenticate with Polaris IRC.
But then, even when userB or userC logs in and tries to access catA, s/he will be able to assume userA's principal role in Polaris.
How can I prevent this? I don't want to create individual catalogs for each user.
trino docs mention a property iceberg.rest-catalog.session which percolates trino user's info to catalog implementation but it's not clearly specified how this can work.
If anyone has idea how its done, or already done it, please guide.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Hi,
I was able to integrate Trino with Polaris (an implementation of Iceberg Rest Catalog)
But the Catalog properties requires fixed authentication properties.
As per https://trino.io/docs/current/object-storage/metastores.html#rest-catalog
I had to add
iceberg.rest-catalog.oauth2.credentialin the catalog definition essentially making the catalog user specific.But how can I make Trino apply the same privilege as the logged in user(in Trino) when querying from the catalog.
To explain, consider
How can I prevent this? I don't want to create individual catalogs for each user.
trino docs mention a property
iceberg.rest-catalog.sessionwhich percolates trino user's info to catalog implementation but it's not clearly specified how this can work.If anyone has idea how its done, or already done it, please guide.
Beta Was this translation helpful? Give feedback.
All reactions