Skip to main content

Privacera Documentation

Starburst Trino SQL command permissions

Below you can find the list of supported Starburst Trino SQL operations for the Iceberg connector, the check boxes indicate which Ranger permissions are required for each operation.

Operation

Sample Command

Required Permissions

Create

Update

Data_Admin

Create View

Alter

Select

Drop

Show

(S3/Files) Write

ALTER MATERIALIZED VIEW

ALTER MATERIALIZED VIEW IF EXISTS infraqa_db.matview_name RENAME TO infraqa_db.matview_name_cp;

ALTER SCHEMA

ALTER SCHEMA hive.infraqa_db RENAME TO hive.infraqa_db_rename;

ALTER TABLE

ALTER TABLE infraqa_db.sales_data RENAME TO infraqa_db.sales_data_alter;

ALTER TABLE IF EXISTS infraqa_db.sales_data_alter ADD COLUMN IF NOT EXISTS zip varchar;

ALTER TABLE hive.infraqa_db.sales_data_alter RENAME COLUMN zip TO user_zip;

ALTER TABLE hive.infraqa_db.sales_data_alter DROP COLUMN user_zip;

ALTER TABLE infra_infra_db.infra_infra_tb SET AUTHORIZATION hive;

ALTER VIEW

ALTER VIEW infraqa_db.sales_data_view RENAME TO infraqa_db.sales_data_view_alter;

ANALYZE

ANALYZE hive.anil_infra_db.anil_infra_tb;

CALL

CALL catalog.schema.test();

COMMENT

CREATE TABLE IF NOT EXISTS catalog.db_name.table_name_new COMMENT 'This is test table' AS SELECT * FROM catalog.db_name.table_name;

ALTER TABLE hive.infra_db_trino_glue_1.tbl_3 ADD COLUMN name2 varchar COMMENT 'This is test column';

COMMIT

COMMIT;

CREATE MATERIALIZED VIEW

CREATE MATERIALIZED VIEW infraqa_db.matview_name AS SELECT * from infraqa_db.table_name;

CREATE ROLE

CREATE ROLE moderator WITH ADMIN USER bob;

Not Supported

CREATE SCHEMA

CREATE SCHEMA IF NOT EXISTS hive.infraqa_db;

CREATE SCHEMA IF NOT EXISTS infra_infra_db WITH (location = 's3a://infraqa-test/input_data/output/format=db/sample/fgac');

CREATE TABLE

CREATE TABLE IF NOT EXISTS hive.infraqa_db.sales_data (id int,country varchar,region varchar,city varchar,name varchar,sales_amount double) WITH (format : 'ORC');

CREATE TABLE AS

CREATE TABLE IF NOT EXISTS catalog.db_name.table_name_new AS SELECT * FROM catalog.db_name.table_name;

CREATE VIEW

CREATE VIEW hive.infraqa_db.sales_data_view AS SELECT * FROM hive.infraqa_db.sales_data;

DEALLOCATE PREPARE

DEALLOCATE PREPARE my_query;

No Permission required

DELETE

DELETE FROM infraqa_db.sales_data WHERE name:'Seth';

DESCRIBE

DESCRIBE infraqa_db.sales_data;

DESCRIBE INPUT

DESCRIBE INPUT my_select2;

DESCRIBE OUTPUT

DESCRIBE OUTPUT my_select2;

DROP MATERIALIZED VIEW

DROP MATERIALIZED VIEW IF EXISTS infraqa_db.matview_name;

DROP ROLE

DROP ROLE admin;

Not Supported

DROP SCHEMA

DROP SCHEMA infraqa_db;

DROP TABLE

DROP TABLE infraqa_db.sales_data;

DROP VIEW

DROP VIEW infraqa_db.sales_data_view;

EXECUTE

EXECUTE my_select1;

EXPLAIN

EXPLAIN FROM src INSERT OVERWRITE TABLE dest_g1 SELECT src.key, sum(substr(src.value, 4)) GROUP BY src.key;

EXPLAIN ANALYZE

EXPLAIN ANALYZE SELECT count(*), name FROM anil_infra_db.anil_infra_tb WHERE sales_date > date '1995-01-01' GROUP BY name;

GRANT

GRANT INSERT, SELECT ON hive.infraqa_db.table_name TO infra_test_usr;

GRANT ROLES

GRANT bar TO USER foo;

Not Supported

INSERT

INSERT INTO infraqa_db.sales_data values (1,'US','Middle Atlantic','Williamsbury','Jennifer',15993.9),(2,'US','Middle Atlantic','Angelland','Crystal',69414.59);

MATCH_RECOGNIZE

SELECT * FROM orders MATCH_RECOGNIZE(PARTITION BY custkey ORDER BY orderdate MEASURES A.totalprice AS starting_price, LAST(B.totalprice) AS bottom_price, LAST(U.totalprice) AS top_price ONE ROW PER MATCH AFTER MATCH SKIP PAST LAST ROW PATTERN (A B+ C+ D+) SUBSET U = (C, D) DEFINE B AS totalprice < PREV(totalprice), C AS totalprice > PREV(totalprice) AND totalprice <= A.totalprice, D AS totalprice > PREV(totalprice) );

Row pattern recognition in window structures

SELECT * FROM orders MATCH_RECOGNIZE(PARTITION BY custkey ORDER BY orderdate MEASURES A.totalprice AS starting_price, LAST(B.totalprice) AS bottom_price, LAST(U.totalprice) AS top_price ONE ROW PER MATCH AFTER MATCH SKIP PAST LAST ROW PATTERN (A B+ C+ D+) SUBSET U = (C, D) DEFINE B AS totalprice < PREV(totalprice), C AS totalprice > PREV(totalprice) AND totalprice <= A.totalprice, D AS totalprice > PREV(totalprice) );

PREPARE

PREPARE my_select1 FROM SELECT * FROM infraqa_db.sales_data;

REFRESH MATERIALIZED VIEW

REFRESH MATERIALIZED VIEW infraqa_db.matview_name

RESET SESSION

RESET SESSION optimize_hash_generation;

REVOKE

REVOKE INSERT, SELECT ON hive.infraqa_db.table_name FROM infra_test_usr;

REVOKE ROLES

REVOKE bar FROM USER foo;

Not Supported

ROLLBACK

ROLLBACK;

No permission required

SELECT

SELECT * FROM infraqa_db.sales_data;

SET ROLE

SET ROLE ALL;

Not Supported

SET SESSION

SET SESSION optimize_hash_generation = true;

SET TIME ZONE

SET TIME ZONE LOCAL;

No permission required

SHOW CATALOGS

SHOW CALOGS;

SHOW COLUMNS

SHOW COLUMNS FROM infraqa_db.sales_data;

SHOW CREATE MATERIALIZED VIEW

SHOW CREATE MATERIALIZED VIEW infraqa_db.matview_name;

SHOW CREATE SCHEMA

SHOW CREATE SCHEMA infraqa_db;

SHOW CREATE TABLE

SHOW CREATE TABLE infraqa_db.sales_data;

SHOW CREATE VIEW

SHOW CREATE VIEW hive.infraqa_db.sales_data_view;

SHOW FUNCTIONS

SHOW FUNCTIONS LIKE 'array%';

No permission required

SHOW GRANTS

SHOW GRANTS ON TABLE Table_name;

Not Supported

SHOW ROLE GRANTS

SHOW ROLE GRANTS FROM Catalog_name;

Not Supported

SHOW ROLES

SHOW ROLES;

Not Supported

SHOW SCHEMAS

SHOW SCHEMAS;

SHOW SESSION

SHOW SESSION LIKE 'query%'

SHOW STATS

SHOW STATS FOR table;

SHOW TABLES

SHOW TABLES FROM infraqa_db;

START TRANSACTION

START TRANSACTION;

No permission required

TRUNCATE

TRUNCATE TABLE hive.infraqa_db.sales_data;

Not Supported

UPDATE

UPDATE infraqa_db.sales_data_trino SET country : 'US' WHERE region : 'Mountain';

USE

USE Catalog.Schema_Name;

VALUES

CREATE TABLE example AS SELECT * FROM ( VALUES (1, 'a'), (2, 'b'), (3, 'c') ) AS t (id, name);