我的书签
添加书签
移除书签System Access Control
By default, the Presto coordinator allows any principal to run queries as any Presto user. In a secure environment, this is probably not desirable behavior and likely requires customization.
SystemAccessControlFactory is responsible for creating a SystemAccessControl instance. It also defines a SystemAccessControl name which is used by the administrator in a Presto configuration.
Verifying whether or not a given principal is authorized to execute queries as a specific user.
The implementation of SystemAccessControl and SystemAccessControlFactory must be wrapped as a plugin and installed on the Presto cluster.
Configuration
After a plugin that implements SystemAccessControl and SystemAccessControlFactory has been installed on the coordinator, it is configured using an file. All of the properties other than access-control.name are specific to the SystemAccessControl implementation.
Example configuration file:
