Skip to main content

Privacera Documentation

Table of Contents

Starburst Trino and Trino SQL command permissions - Iceberg connector

Below you can find the list of supported SQL operations for the Iceberg connector, the check boxes indicate which Ranger permissions are required for each operation.

Operation

Sample Command

Required Permissions

Create

Update

Data_Admin

Create View

Alter

Select

Drop

Show

Grant

Execute

Ownership

Insert

Delete

(S3/Files) Write

ALTER MATERIALIZED VIEW

ALTER MATERIALIZED VIEW IF EXISTS infraqa_db.matview_name RENAME TO infraqa_db.matview_name_cp;

✅ view level

✅ view level

ALTER MATERIALIZED VIEW iceberg_db.iceberg_matview SET PROPERTIES x = 'y';

ALTER SCHEMA

ALTER SCHEMA infraqa_db RENAME TO infraqa_db_rename;

✅ schema level

ALTER SCHEMA iceberg_db SET AUTHORIZATION alice;

✅ schema level

ALTER TABLE

ALTER TABLE infraqa_db.sales_data RENAME TO infraqa_db.sales_data_alter;

✅ table level

✅ table level

ALTER TABLE IF EXISTS infraqa_db.sales_data_alter ADD COLUMN IF NOT EXISTS zip varchar;

✅ table level

ALTER TABLE hive.infraqa_db.sales_data_alter RENAME COLUMN zip TO user_zip;

✅ table level

ALTER TABLE hive.infraqa_db.sales_data_alter DROP COLUMN user_zip;

✅ table level

ALTER TABLE infra_infra_db.infra_infra_tb SET AUTHORIZATION hive;

✅ table level

ALTER TABLE infra_infra_db.infra_infra_tb SET PROPERTIES format = 'orc';

✅ table level

ALTER TABLE hive.schema.test_table EXECUTE optimize(file_size_threshold => '10MB')

✅ table level

✅ procedure level

ALTER VIEW

ALTER VIEW infraqa_db.sales_data_view RENAME TO infraqa_db.sales_data_view_alter;

✅ table level

✅ table level

ALTER VIEW iceberg_db.iceberg_tb_view SET AUTHORIZATION alice;

ANALYZE

ANALYZE hive.anil_infra_db.anil_infra_tb;

CALL

CALL catalog.schema.test();

COMMENT

CREATE TABLE IF NOT EXISTS catalog.db_name.table_name_new COMMENT 'This is test table' AS SELECT * FROM catalog.db_name.table_name;

✅ table level

✅ column level

ALTER TABLE hive.infra_db_trino_glue_1.tbl_3 ADD COLUMN name2 varchar COMMENT 'This is test column';

✅ table level

COMMIT

COMMIT;

CREATE MATERIALIZED VIEW

CREATE MATERIALIZED VIEW infraqa_db.matview_name AS SELECT * from infraqa_db.table_name;

✅ view level

✅ column level

CREATE ROLE

CREATE ROLE moderator WITH ADMIN USER bob;

Not Supported

CREATE SCHEMA

CREATE SCHEMA IF NOT EXISTS hive.infraqa_db;

✅ schema level

CREATE SCHEMA IF NOT EXISTS infra_infra_db WITH (location = 's3a://infraqa-test/input_data/output/format=db/sample/fgac');

✅ schema level

CREATE TABLE

CREATE TABLE IF NOT EXISTS hive.infraqa_db.sales_data (id int,country varchar,region varchar,city varchar,name varchar,sales_amount double) WITH (format : 'ORC');

✅ table level

CREATE TABLE AS

CREATE TABLE IF NOT EXISTS catalog.db_name.table_name_new AS SELECT * FROM catalog.db_name.table_name;

✅ table level

✅ column level

CREATE VIEW

CREATE VIEW hive.infraqa_db.sales_data_view AS SELECT * FROM hive.infraqa_db.sales_data;

✅ table level

✅ view level

DEALLOCATE PREPARE

DEALLOCATE PREPARE my_query;

No Permission required

DELETE

DELETE FROM infraqa_db.sales_data WHERE name:'Seth';

✅ column level

✅ table level

DESCRIBE TABLE

DESCRIBE infraqa_db.sales_data;

✅ column level

✅ table level

DESCRIBE INPUT

DESCRIBE INPUT my_select2;

✅ column level

DESCRIBE OUTPUT

DESCRIBE OUTPUT my_select2;

✅ column level

DROP MATERIALIZED VIEW

DROP MATERIALIZED VIEW IF EXISTS infraqa_db.matview_name;

✅ table level

DROP ROLE

DROP ROLE admin;

Not Supported

DROP SCHEMA

DROP SCHEMA infraqa_db;

✅ schema level

DROP TABLE

DROP TABLE infraqa_db.sales_data;

✅ table level

DROP VIEW

DROP VIEW infraqa_db.sales_data_view;

✅ table level

EXECUTE

EXECUTE my_select1;

✅ column level

EXPLAIN

EXPLAIN FROM src INSERT OVERWRITE TABLE dest_g1 SELECT src.key, sum(substr(src.value, 4)) GROUP BY src.key;

EXPLAIN ANALYZE

EXPLAIN ANALYZE SELECT count(*), name FROM anil_infra_db.anil_infra_tb WHERE sales_date > date '1995-01-01' GROUP BY name;

GRANT

GRANT INSERT, SELECT ON hive.infraqa_db.table_name TO infra_test_usr;

✅ table level

GRANT ROLES

GRANT bar TO USER foo;

Not Supported

INSERT

INSERT INTO infraqa_db.sales_data values (1,'US','Middle Atlantic','Williamsbury','Jennifer',15993.9),(2,'US','Middle Atlantic','Angelland','Crystal',69414.59);

✅ table level

MATCH_RECOGNIZE

SELECT * FROM orders MATCH_RECOGNIZE(PARTITION BY custkey ORDER BY orderdate MEASURES A.totalprice AS starting_price, LAST(B.totalprice) AS bottom_price, LAST(U.totalprice) AS top_price ONE ROW PER MATCH AFTER MATCH SKIP PAST LAST ROW PATTERN (A B+ C+ D+) SUBSET U = (C, D) DEFINE B AS totalprice < PREV(totalprice), C AS totalprice > PREV(totalprice) AND totalprice <= A.totalprice, D AS totalprice > PREV(totalprice) );

✅ table level

Row pattern recognition in window structures

SELECT * FROM orders MATCH_RECOGNIZE(PARTITION BY custkey ORDER BY orderdate MEASURES A.totalprice AS starting_price, LAST(B.totalprice) AS bottom_price, LAST(U.totalprice) AS top_price ONE ROW PER MATCH AFTER MATCH SKIP PAST LAST ROW PATTERN (A B+ C+ D+) SUBSET U = (C, D) DEFINE B AS totalprice < PREV(totalprice), C AS totalprice > PREV(totalprice) AND totalprice <= A.totalprice, D AS totalprice > PREV(totalprice) );

✅ table level

PREPARE

PREPARE my_select1 FROM SELECT * FROM infraqa_db.sales_data;

No Permission required

REFRESH MATERIALIZED VIEW

REFRESH MATERIALIZED VIEW infraqa_db.matview_name

✅ table level

RESET SESSION

RESET SESSION optimize_hash_generation;

✅ systemproperty

REVOKE

REVOKE INSERT, SELECT ON hive.infraqa_db.table_name FROM infra_test_usr;

✅ table level

REVOKE ROLES

REVOKE bar FROM USER foo;

Not Supported

ROLLBACK

ROLLBACK;

No Permission required

SELECT

SELECT * FROM infraqa_db.sales_data;

✅ column level

SET ROLE

SET ROLE ALL;

Not Supported

SET SESSION

SET SESSION optimize_hash_generation = true;

✅ systemproperty

SET TIME ZONE

SET TIME ZONE LOCAL;

✅ systemproperty

SHOW CATALOGS

SHOW CATALOGS;

✅ catalog

SHOW COLUMNS

SHOW COLUMNS FROM infraqa_db.sales_data;

✅ table level

SHOW CREATE MATERIALIZED VIEW

SHOW CREATE MATERIALIZED VIEW infraqa_db.matview_name;

✅ table level

SHOW CREATE SCHEMA

SHOW CREATE SCHEMA infraqa_db;

✅ schema level

SHOW CREATE TABLE

SHOW CREATE TABLE infraqa_db.sales_data;

✅ table level

SHOW CREATE VIEW

SHOW CREATE VIEW hive.infraqa_db.sales_data_view;

✅ table level

SHOW FUNCTIONS

SHOW FUNCTIONS LIKE 'array%';

No Permission required

SHOW GRANTS

SHOW GRANTS ON TABLE Table_name;

✅ column level

SHOW ROLE GRANTS

SHOW ROLE GRANTS FROM Catalog_name;

Not Supported

SHOW ROLES

SHOW ROLES;

Not Supported

SHOW SCHEMAS

SHOW SCHEMAS;

SHOW SESSION

SHOW SESSION LIKE 'query%'

SHOW STATS

SHOW STATS FOR table;

✅ column level

SHOW TABLES

SHOW TABLES FROM infraqa_db;

START TRANSACTION

START TRANSACTION;

No Permission required

TRUNCATE

TRUNCATE TABLE hive.infraqa_db.sales_data;

Not Supported

UPDATE

UPDATE infraqa_db.sales_data_trino SET country : 'US' WHERE region : 'Mountain';

✅ column level

✅ table level

USE

USE Catalog.Schema_Name;

VALUES

CREATE TABLE example AS SELECT * FROM ( VALUES (1, 'a'), (2, 'b'), (3, 'c') ) AS t (id, name);

✅ table level

✅ column level