All Products
Search

This Product

    E-MapReduce:Enable Trino in Ranger and configure related permissions

    Document Center

    E-MapReduce:Enable Trino in Ranger and configure related permissions

    Last Updated:Mar 26, 2026

    Apache Ranger integration with Trino gives you fine-grained access control at the catalog, schema, table, and column level. This topic walks you through enabling the Trino plugin in Ranger and creating access policies.

    Prerequisites

    Before you begin, make sure you have:

    • A DataLake cluster or custom cluster running EMR V3.45.0 or later, or EMR V5.11.0 or later

    • Both Trino and Ranger selected as services when the cluster was created

    For instructions on creating a cluster, see Create a cluster.

    Enable Trino in Ranger

    1. Go to the Services tab.

      1. Log on to the EMR console. In the left-side navigation pane, click EMR on ECS.

      2. In the top navigation bar, select the region where your cluster resides and select a resource group based on your business requirements.

      3. On the EMR on ECS page, find your cluster and click Services in the Actions column.

    2. Enable the Trino plugin.

      1. On the Services tab, click Status in the Ranger-plugin section.

      2. In the Service Overview section of the Status tab, turn on enableTrino.

      3. In the Confirm message, click OK.

    3. Restart Trino.

      1. On the Services tab, click the More icon and select Trino.

      2. In the upper-right corner, choose More > Restart.

      3. In the dialog box, set the Execution Reason parameter and click OK.

      4. In the Confirm message, click OK.

    Configure permissions

    The Ranger plugin for Trino supports fine-grained access control across catalogs, schemas, tables, and columns. You can create grant policies and apply them to individual users.

    After enabling Trino in Ranger, use the trino user to access table data by default:

    trino --server master-1-1:9090 --user trino
    Trino checks permissions twice per request — first whether the user has access to the catalog, then whether the user has the specific permissions required for the current operation.

    Access the Ranger web UI

    Before configuring policies, access the Ranger web UI. For instructions, see Overview.

    In the Ranger web UI, click emr-trino in the TRINO section to open Trino policy management.

    trino

    The emr-trino page lists all configured policies.

    trino policies

    Create a policy

    1. Access the Ranger web UI. For instructions, see Overview.

    2. Click emr-trino.

    3. In the upper-right corner, click Add New Policy.

    4. Configure the policy parameters.

      Create Policy
      Parameter Description
      Policy Name A custom name for the policy.
      catalog The catalog to apply the policy to. Multiple catalogs can be selected.
      schema The schema to apply the policy to. Multiple schemas can be selected. Use an asterisk (*) to include all schemas.
      table The table to apply the policy to. Multiple tables can be selected. Use an asterisk (*) to include all tables.
      column The column to apply the policy to. Multiple columns can be selected. Use an asterisk (*) to include all columns.
      Permissions The permissions to grant.

    5. Click Add.