This topic describes how to enable Trino in Ranger and how to configure related permissions.

Prerequisites

A DataLake cluster or a custom cluster of EMR V3.45.0 or a later minor version, or EMR V5.11.0 or a later minor version is created, and the Trino and Ranger services are selected for the cluster. For more information about how to create a cluster, see Create a cluster.

Procedure

  1. Go to the Services tab.
    1. Log on to the EMR console. In the left-side navigation pane, click EMR on ECS.
    2. In the top navigation bar, select the region in which your cluster resides and select a resource group based on your business requirements.
    3. On the EMR on ECS page, find the desired cluster and click Services in the Actions column.
  2. Enable Trino in Ranger.
    1. On the Services tab of the page that appears, click Status in the Ranger-plugin section.
    2. In the Service Overview section of the Status tab, turn on enableTrino.
    3. In the Confirm message, click OK.
  3. Restart Trino.
    1. On the Services tab, click the More icon and select Trino.
    2. In the upper-right corner, choose More > Restart.
    3. In the dialog box that appears, configure the Execution Reason parameter and click OK.
    4. In the Confirm message, click OK.

Configure permissions

Overview

Before you configure permissions in Ranger, you must access the web UI of Ranger. For more information about how to access the web UI of Ranger, see Overview.

Then, you can click emr-trino in the TRINO section to configure Trino permissions, as shown in the following figure. trino
On the emr-trino page, you can view the list of all configured policies. trino policies
After you enable Trino in Ranger, you must use the trino user to access table data by default. 
trino --server master-1-1:9090 --user trino
Note Trino checks the permissions of a user twice. Trino first checks whether the user has access permissions on a catalog and then checks the permissions involved in the current access.

Configuration example

  1. Access the web UI of Ranger. For more information, see Overview.
  2. Click emr-trino.
  3. In the upper-right corner of the page that appears, click Add New Policy.
  4. Configure the parameters based on your business requirements. The following table describes the parameters.
    Create Policy
    ParameterDescription
    Policy NameThe name of the policy. You can specify a custom name.
    catalogThe catalog. You can select multiple catalogs.
    schemaThe schema. You can select multiple schemas. You can set this parameter to an asterisk (*) to specify all schemas.
    tableThe table. You can select multiple tables. You can set this parameter to an asterisk (*) to specify all tables.
    columnThe column. You can select multiple columns. You can set this parameter to an asterisk (*) to specify all columns.
    PermissionsThe permissions that you want to grant.
  5. Click Add.