在 Presto 中基于文件的系统访问控制中设置 table 规则时出现 AccessDeniedException
AccessDeniedException when setting table rules in file based system access control in Presto
我最近在 Kubernetes 上设置了一个小型 Presto 集群 - PrestoSQL 版本 345。一切正常,但我在设置基于文件的系统访问控制方面遇到了一些困难。
我尝试设置一个小型测试用例,其中我有一个管理员用户可以 select 来自所有目录和架构的所有 table 和一个只能访问一个 table 的用户 bob =32=] 来自 MySQL 目录的特定模式。
如果我只设置目录和架构规则,一切都会按预期进行。两个用户都只能看到我允许的目录。一旦我设置了任何 table 规则,我的用户就不能 select 任何东西,他们甚至再也看不到目录,管理员用户也应该根据权限在任何情况下都具有足够的权限table 在文档中 (https://prestosql.io/docs/current/security/file-system-access-control.html)。对于这两个用户,我都收到了 AccessDeniedExceptions(另请参阅末尾的协调器日志)。有人可以指出我做错了什么吗?
访问-rules.json
{
"catalogs": [
{
"user": "bob",
"catalog": "mysql",
"allow": "read-only"
},
{
"user": "admin",
"catalog": ".*",
"allow": "all"
}
],
"schemas": [
{
"user": "bob",
"catalog": "mysql",
"schema": "test",
"owner": false
},
{
"user": "admin",
"catalog": ".*",
"schema": ".*",
"owner": true
}
],
"tables": [
{
"user": "bob",
"group": ".*",
"catalog": "mysql",
"schema": "test",
"table": "test_table",
"privileges": ["SELECT"]
},
{
"user": "admin",
"group": ".*",
"catalog": ".*",
"schema": ".*",
"table": ".*",
"privileges": ["SELECT"]
}
]
}
协调器日志
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:19.435Z DEBUG dispatcher-query-0 io.prestosql.security.AccessControl Invocation of checkCanSetUser(principal=Optional[admin], userName='admin') succeeded in 56.48ms
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:19.525Z DEBUG dispatcher-query-0 io.prestosql.security.AccessControl Invocation of checkCanExecuteQuery(identity=Identity{user='admin', groups=[], principal=admin, roles={}, extraCredentials=[]}) succeeded in 1.10ms
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:19.621Z DEBUG dispatcher-query-1 io.prestosql.execution.QueryStateMachine Query 20201101_204019_00000_9jt42 is QUEUED
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:19.634Z DEBUG dispatcher-query-3 io.prestosql.execution.QueryStateMachine Query 20201101_204019_00000_9jt42 is WAITING_FOR_RESOURCES
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:19.738Z DEBUG Query-20201101_204019_00000_9jt42-208 io.prestosql.plugin.jdbc.mysql.jdbcclient Invocation of getSystemTable(session=FullConnectorSession{queryId=20201101_204019_00000_9jt42, user=admin, source=presto-jdbc, timeZoneKey=Europe/Berlin, locale=en_DE, start=2020-11-01T20:40:19.521525Z, properties={}}, tableName=test.test_table) succeeded in 33.84us
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:20.245Z DEBUG Query-20201101_204019_00000_9jt42-208 io.prestosql.plugin.jdbc.mysql.jdbcclient Invocation of getTableHandle(identity=JdbcIdentity{user=admin, principalName=Optional[admin], extraCredentials=[]}, schemaTableName=test.test_table) succeeded in 504.44ms
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:20.247Z DEBUG Query-20201101_204019_00000_9jt42-208 io.prestosql.plugin.jdbc.mysql.jdbcclient Invocation of getSystemTable(session=FullConnectorSession{queryId=20201101_204019_00000_9jt42, user=admin, source=presto-jdbc, timeZoneKey=Europe/Berlin, locale=en_DE, start=2020-11-01T20:40:19.521525Z, properties={}}, tableName=test.test_table) succeeded in 15.37us
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:20.247Z DEBUG Query-20201101_204019_00000_9jt42-208 io.prestosql.plugin.jdbc.mysql.jdbcclient Invocation of getSystemTable(session=FullConnectorSession{queryId=20201101_204019_00000_9jt42, user=admin, source=presto-jdbc, timeZoneKey=Europe/Berlin, locale=en_DE, start=2020-11-01T20:40:19.521525Z, properties={}}, tableName=test.test_table) succeeded in 9.30us
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:20.248Z DEBUG Query-20201101_204019_00000_9jt42-208 io.prestosql.plugin.jdbc.mysql.jdbcclient Invocation of getSystemTable(session=FullConnectorSession{queryId=20201101_204019_00000_9jt42, user=admin, source=presto-jdbc, timeZoneKey=Europe/Berlin, locale=en_DE, start=2020-11-01T20:40:19.521525Z, properties={}}, tableName=test.test_table) succeeded in 10.77us
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:20.322Z DEBUG Query-20201101_204019_00000_9jt42-208 io.prestosql.plugin.jdbc.BaseJdbcClient Mapping data type of 'test.test_table' column 'tinyint_1': JdbcTypeHandle{jdbcType=-6, jdbcTypeName=TINYINT, columnSize=3, decimalDigits=Optional[0]} mapped to Optional[ColumnMapping{type=tinyint}]
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:20.323Z DEBUG Query-20201101_204019_00000_9jt42-208 io.prestosql.plugin.jdbc.BaseJdbcClient Mapping data type of 'test.test_table' column 'tinyint_2': JdbcTypeHandle{jdbcType=-6, jdbcTypeName=TINYINT, columnSize=3, decimalDigits=Optional[0]} mapped to Optional[ColumnMapping{type=tinyint}]
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:20.324Z DEBUG Query-20201101_204019_00000_9jt42-208 io.prestosql.plugin.jdbc.BaseJdbcClient Mapping data type of 'test.test_table' column 'int_1': JdbcTypeHandle{jdbcType=4, jdbcTypeName=INT, columnSize=10, decimalDigits=Optional[0]} mapped to Optional[ColumnMapping{type=integer}]
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:20.324Z DEBUG Query-20201101_204019_00000_9jt42-208 io.prestosql.plugin.jdbc.BaseJdbcClient Mapping data type of 'test.test_table' column 'int_10': JdbcTypeHandle{jdbcType=4, jdbcTypeName=INT, columnSize=10, decimalDigits=Optional[0]} mapped to Optional[ColumnMapping{type=integer}]
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:20.326Z DEBUG Query-20201101_204019_00000_9jt42-208 io.prestosql.plugin.jdbc.mysql.jdbcclient Invocation of getColumns(session=FullConnectorSession{queryId=20201101_204019_00000_9jt42, user=admin, source=presto-jdbc, timeZoneKey=Europe/Berlin, locale=en_DE, start=2020-11-01T20:40:19.521525Z, properties={}}, tableHandle=test.test_table test.test_table) succeeded in 75.52ms
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:20.329Z DEBUG Query-20201101_204019_00000_9jt42-208 io.prestosql.plugin.jdbc.mysql.jdbcclient Invocation of getTableProperties(identity=JdbcIdentity{user=admin, principalName=Optional[admin], extraCredentials=[]}, tableHandle=test.test_table test.test_table) succeeded in 27.95us
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:20.333Z DEBUG Query-20201101_204019_00000_9jt42-208 io.prestosql.security.AccessControl Invocation of getColumnMasks(context=io.prestosql.security.SecurityContext@66d304f, tableName=mysql.test.test_table, columnName='tinyint_1', type=tinyint) succeeded in 2.93ms
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:20.334Z DEBUG Query-20201101_204019_00000_9jt42-208 io.prestosql.security.AccessControl Invocation of getColumnMasks(context=io.prestosql.security.SecurityContext@66d304f, tableName=mysql.test.test_table, columnName='tinyint_2', type=tinyint) succeeded in 88.59us
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:20.334Z DEBUG Query-20201101_204019_00000_9jt42-208 io.prestosql.security.AccessControl Invocation of getColumnMasks(context=io.prestosql.security.SecurityContext@66d304f, tableName=mysql.test.test_table, columnName='int_1', type=integer) succeeded in 59.19us
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:20.335Z DEBUG Query-20201101_204019_00000_9jt42-208 io.prestosql.security.AccessControl Invocation of getColumnMasks(context=io.prestosql.security.SecurityContext@66d304f, tableName=mysql.test.test_table, columnName='int_10', type=integer) succeeded in 58.13us
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:20.336Z DEBUG Query-20201101_204019_00000_9jt42-208 io.prestosql.security.AccessControl Invocation of getRowFilters(context=io.prestosql.security.SecurityContext@66d304f, tableName=mysql.test.test_table) succeeded in 819.99us
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:20.417Z INFO Query-20201101_204019_00000_9jt42-208 io.prestosql.plugin.base.security.FileBasedSystemAccessControl Refreshing system access control from /var/presto/etc/accesss-rules.json
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:20.433Z DEBUG Query-20201101_204019_00000_9jt42-208 io.prestosql.security.AccessControl Invocation of checkCanSelectFromColumns(context=io.prestosql.security.SecurityContext@66d304f, tableName=mysql.test.test_table, columnNames=[tinyint_1, tinyint_2, int_1, int_10]) took 15.47ms and failed with io.prestosql.spi.security.AccessDeniedException: Access Denied: Cannot select from table mysql.test.test_table
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:20.437Z DEBUG dispatcher-query-2 io.prestosql.execution.QueryStateMachine Query 20201101_204019_00000_9jt42 is FAILED
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:20.437Z DEBUG dispatcher-query-1 io.prestosql.execution.QueryStateMachine Query 20201101_204019_00000_9jt42 failed
presto-coordinator-5c69cd7479-fmbc7 coordinator io.prestosql.spi.security.AccessDeniedException: Access Denied: Cannot select from table mysql.test.test_table
presto-coordinator-5c69cd7479-fmbc7 coordinator at io.prestosql.spi.security.AccessDeniedException.denySelectTable(AccessDeniedException.java:278)
presto-coordinator-5c69cd7479-fmbc7 coordinator at io.prestosql.spi.security.AccessDeniedException.denySelectTable(AccessDeniedException.java:273)
presto-coordinator-5c69cd7479-fmbc7 coordinator at io.prestosql.plugin.base.security.FileBasedSystemAccessControl.checkCanSelectFromColumns(FileBasedSystemAccessControl.java:632)
presto-coordinator-5c69cd7479-fmbc7 coordinator at io.prestosql.plugin.base.security.ForwardingSystemAccessControl.checkCanSelectFromColumns(ForwardingSystemAccessControl.java:244)
presto-coordinator-5c69cd7479-fmbc7 coordinator at io.prestosql.security.AccessControlManager.lambda$checkCanSelectFromColumns(AccessControlManager.java:727)
presto-coordinator-5c69cd7479-fmbc7 coordinator at io.prestosql.security.AccessControlManager.systemAuthorizationCheck(AccessControlManager.java:950)
presto-coordinator-5c69cd7479-fmbc7 coordinator at io.prestosql.security.AccessControlManager.checkCanSelectFromColumns(AccessControlManager.java:727)
presto-coordinator-5c69cd7479-fmbc7 coordinator at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
presto-coordinator-5c69cd7479-fmbc7 coordinator at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
presto-coordinator-5c69cd7479-fmbc7 coordinator at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
presto-coordinator-5c69cd7479-fmbc7 coordinator at java.base/java.lang.reflect.Method.invoke(Method.java:566)
presto-coordinator-5c69cd7479-fmbc7 coordinator at io.prestosql.plugin.base.util.LoggingInvocationHandler.handleInvocation(LoggingInvocationHandler.java:60)
presto-coordinator-5c69cd7479-fmbc7 coordinator at com.google.common.reflect.AbstractInvocationHandler.invoke(AbstractInvocationHandler.java:86)
presto-coordinator-5c69cd7479-fmbc7 coordinator at com.sun.proxy.$Proxy112.checkCanSelectFromColumns(Unknown Source)
presto-coordinator-5c69cd7479-fmbc7 coordinator at io.prestosql.security.ForwardingAccessControl.checkCanSelectFromColumns(ForwardingAccessControl.java:297)
presto-coordinator-5c69cd7479-fmbc7 coordinator at io.prestosql.sql.analyzer.Analyzer.lambda$analyze[=12=](Analyzer.java:88)
presto-coordinator-5c69cd7479-fmbc7 coordinator at java.base/java.util.LinkedHashMap.forEach(LinkedHashMap.java:684)
presto-coordinator-5c69cd7479-fmbc7 coordinator at io.prestosql.sql.analyzer.Analyzer.lambda$analyze(Analyzer.java:87)
presto-coordinator-5c69cd7479-fmbc7 coordinator at java.base/java.util.LinkedHashMap.forEach(LinkedHashMap.java:684)
presto-coordinator-5c69cd7479-fmbc7 coordinator at io.prestosql.sql.analyzer.Analyzer.analyze(Analyzer.java:86)
presto-coordinator-5c69cd7479-fmbc7 coordinator at io.prestosql.sql.analyzer.Analyzer.analyze(Analyzer.java:75)
presto-coordinator-5c69cd7479-fmbc7 coordinator at io.prestosql.execution.SqlQueryExecution.analyze(SqlQueryExecution.java:257)
presto-coordinator-5c69cd7479-fmbc7 coordinator at io.prestosql.execution.SqlQueryExecution.<init>(SqlQueryExecution.java:183)
presto-coordinator-5c69cd7479-fmbc7 coordinator at io.prestosql.execution.SqlQueryExecution$SqlQueryExecutionFactory.createQueryExecution(SqlQueryExecution.java:759)
presto-coordinator-5c69cd7479-fmbc7 coordinator at io.prestosql.dispatcher.LocalDispatchQueryFactory.lambda$createDispatchQuery[=12=](LocalDispatchQueryFactory.java:123)
presto-coordinator-5c69cd7479-fmbc7 coordinator at io.prestosql.$gen.Presto_345____20201101_191624_2.call(Unknown Source)
presto-coordinator-5c69cd7479-fmbc7 coordinator at com.google.common.util.concurrent.TrustedListenableFutureTask$TrustedFutureInterruptibleTask.runInterruptibly(TrustedListenableFutureTask.java:125)
presto-coordinator-5c69cd7479-fmbc7 coordinator at com.google.common.util.concurrent.InterruptibleTask.run(InterruptibleTask.java:69)
presto-coordinator-5c69cd7479-fmbc7 coordinator at com.google.common.util.concurrent.TrustedListenableFutureTask.run(TrustedListenableFutureTask.java:78)
presto-coordinator-5c69cd7479-fmbc7 coordinator at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
presto-coordinator-5c69cd7479-fmbc7 coordinator at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
presto-coordinator-5c69cd7479-fmbc7 coordinator at java.base/java.lang.Thread.run(Thread.java:834)
presto-coordinator-5c69cd7479-fmbc7 coordinator
presto-coordinator-5c69cd7479-fmbc7 coordinator
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:20.520Z INFO dispatcher-query-1 io.prestosql.event.QueryMonitor TIMELINE: Query 20201101_204019_00000_9jt42 :: Transaction:[039c11ba-b2a6-4f6c-ad3f-8f864392d7f9] :: elapsed 815ms :: planning 815ms :: waiting 0ms :: scheduling 0ms :: running 0ms :: finishing 0ms :: begin 2020-11-01T20:40:19.618Z :: end 2020-11-01T20:40:20.433Z
我想我找到了问题所在。我明确地添加了默认值(根据 table 规则 ("group": ".*") 中组密钥的 documentation for Presto 345)。我没有在我的设置中指定任何组。删除组密钥已修复访问问题。
我最近在 Kubernetes 上设置了一个小型 Presto 集群 - PrestoSQL 版本 345。一切正常,但我在设置基于文件的系统访问控制方面遇到了一些困难。
我尝试设置一个小型测试用例,其中我有一个管理员用户可以 select 来自所有目录和架构的所有 table 和一个只能访问一个 table 的用户 bob =32=] 来自 MySQL 目录的特定模式。
如果我只设置目录和架构规则,一切都会按预期进行。两个用户都只能看到我允许的目录。一旦我设置了任何 table 规则,我的用户就不能 select 任何东西,他们甚至再也看不到目录,管理员用户也应该根据权限在任何情况下都具有足够的权限table 在文档中 (https://prestosql.io/docs/current/security/file-system-access-control.html)。对于这两个用户,我都收到了 AccessDeniedExceptions(另请参阅末尾的协调器日志)。有人可以指出我做错了什么吗?
访问-rules.json
{
"catalogs": [
{
"user": "bob",
"catalog": "mysql",
"allow": "read-only"
},
{
"user": "admin",
"catalog": ".*",
"allow": "all"
}
],
"schemas": [
{
"user": "bob",
"catalog": "mysql",
"schema": "test",
"owner": false
},
{
"user": "admin",
"catalog": ".*",
"schema": ".*",
"owner": true
}
],
"tables": [
{
"user": "bob",
"group": ".*",
"catalog": "mysql",
"schema": "test",
"table": "test_table",
"privileges": ["SELECT"]
},
{
"user": "admin",
"group": ".*",
"catalog": ".*",
"schema": ".*",
"table": ".*",
"privileges": ["SELECT"]
}
]
}
协调器日志
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:19.435Z DEBUG dispatcher-query-0 io.prestosql.security.AccessControl Invocation of checkCanSetUser(principal=Optional[admin], userName='admin') succeeded in 56.48ms
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:19.525Z DEBUG dispatcher-query-0 io.prestosql.security.AccessControl Invocation of checkCanExecuteQuery(identity=Identity{user='admin', groups=[], principal=admin, roles={}, extraCredentials=[]}) succeeded in 1.10ms
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:19.621Z DEBUG dispatcher-query-1 io.prestosql.execution.QueryStateMachine Query 20201101_204019_00000_9jt42 is QUEUED
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:19.634Z DEBUG dispatcher-query-3 io.prestosql.execution.QueryStateMachine Query 20201101_204019_00000_9jt42 is WAITING_FOR_RESOURCES
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:19.738Z DEBUG Query-20201101_204019_00000_9jt42-208 io.prestosql.plugin.jdbc.mysql.jdbcclient Invocation of getSystemTable(session=FullConnectorSession{queryId=20201101_204019_00000_9jt42, user=admin, source=presto-jdbc, timeZoneKey=Europe/Berlin, locale=en_DE, start=2020-11-01T20:40:19.521525Z, properties={}}, tableName=test.test_table) succeeded in 33.84us
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:20.245Z DEBUG Query-20201101_204019_00000_9jt42-208 io.prestosql.plugin.jdbc.mysql.jdbcclient Invocation of getTableHandle(identity=JdbcIdentity{user=admin, principalName=Optional[admin], extraCredentials=[]}, schemaTableName=test.test_table) succeeded in 504.44ms
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:20.247Z DEBUG Query-20201101_204019_00000_9jt42-208 io.prestosql.plugin.jdbc.mysql.jdbcclient Invocation of getSystemTable(session=FullConnectorSession{queryId=20201101_204019_00000_9jt42, user=admin, source=presto-jdbc, timeZoneKey=Europe/Berlin, locale=en_DE, start=2020-11-01T20:40:19.521525Z, properties={}}, tableName=test.test_table) succeeded in 15.37us
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:20.247Z DEBUG Query-20201101_204019_00000_9jt42-208 io.prestosql.plugin.jdbc.mysql.jdbcclient Invocation of getSystemTable(session=FullConnectorSession{queryId=20201101_204019_00000_9jt42, user=admin, source=presto-jdbc, timeZoneKey=Europe/Berlin, locale=en_DE, start=2020-11-01T20:40:19.521525Z, properties={}}, tableName=test.test_table) succeeded in 9.30us
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:20.248Z DEBUG Query-20201101_204019_00000_9jt42-208 io.prestosql.plugin.jdbc.mysql.jdbcclient Invocation of getSystemTable(session=FullConnectorSession{queryId=20201101_204019_00000_9jt42, user=admin, source=presto-jdbc, timeZoneKey=Europe/Berlin, locale=en_DE, start=2020-11-01T20:40:19.521525Z, properties={}}, tableName=test.test_table) succeeded in 10.77us
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:20.322Z DEBUG Query-20201101_204019_00000_9jt42-208 io.prestosql.plugin.jdbc.BaseJdbcClient Mapping data type of 'test.test_table' column 'tinyint_1': JdbcTypeHandle{jdbcType=-6, jdbcTypeName=TINYINT, columnSize=3, decimalDigits=Optional[0]} mapped to Optional[ColumnMapping{type=tinyint}]
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:20.323Z DEBUG Query-20201101_204019_00000_9jt42-208 io.prestosql.plugin.jdbc.BaseJdbcClient Mapping data type of 'test.test_table' column 'tinyint_2': JdbcTypeHandle{jdbcType=-6, jdbcTypeName=TINYINT, columnSize=3, decimalDigits=Optional[0]} mapped to Optional[ColumnMapping{type=tinyint}]
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:20.324Z DEBUG Query-20201101_204019_00000_9jt42-208 io.prestosql.plugin.jdbc.BaseJdbcClient Mapping data type of 'test.test_table' column 'int_1': JdbcTypeHandle{jdbcType=4, jdbcTypeName=INT, columnSize=10, decimalDigits=Optional[0]} mapped to Optional[ColumnMapping{type=integer}]
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:20.324Z DEBUG Query-20201101_204019_00000_9jt42-208 io.prestosql.plugin.jdbc.BaseJdbcClient Mapping data type of 'test.test_table' column 'int_10': JdbcTypeHandle{jdbcType=4, jdbcTypeName=INT, columnSize=10, decimalDigits=Optional[0]} mapped to Optional[ColumnMapping{type=integer}]
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:20.326Z DEBUG Query-20201101_204019_00000_9jt42-208 io.prestosql.plugin.jdbc.mysql.jdbcclient Invocation of getColumns(session=FullConnectorSession{queryId=20201101_204019_00000_9jt42, user=admin, source=presto-jdbc, timeZoneKey=Europe/Berlin, locale=en_DE, start=2020-11-01T20:40:19.521525Z, properties={}}, tableHandle=test.test_table test.test_table) succeeded in 75.52ms
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:20.329Z DEBUG Query-20201101_204019_00000_9jt42-208 io.prestosql.plugin.jdbc.mysql.jdbcclient Invocation of getTableProperties(identity=JdbcIdentity{user=admin, principalName=Optional[admin], extraCredentials=[]}, tableHandle=test.test_table test.test_table) succeeded in 27.95us
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:20.333Z DEBUG Query-20201101_204019_00000_9jt42-208 io.prestosql.security.AccessControl Invocation of getColumnMasks(context=io.prestosql.security.SecurityContext@66d304f, tableName=mysql.test.test_table, columnName='tinyint_1', type=tinyint) succeeded in 2.93ms
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:20.334Z DEBUG Query-20201101_204019_00000_9jt42-208 io.prestosql.security.AccessControl Invocation of getColumnMasks(context=io.prestosql.security.SecurityContext@66d304f, tableName=mysql.test.test_table, columnName='tinyint_2', type=tinyint) succeeded in 88.59us
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:20.334Z DEBUG Query-20201101_204019_00000_9jt42-208 io.prestosql.security.AccessControl Invocation of getColumnMasks(context=io.prestosql.security.SecurityContext@66d304f, tableName=mysql.test.test_table, columnName='int_1', type=integer) succeeded in 59.19us
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:20.335Z DEBUG Query-20201101_204019_00000_9jt42-208 io.prestosql.security.AccessControl Invocation of getColumnMasks(context=io.prestosql.security.SecurityContext@66d304f, tableName=mysql.test.test_table, columnName='int_10', type=integer) succeeded in 58.13us
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:20.336Z DEBUG Query-20201101_204019_00000_9jt42-208 io.prestosql.security.AccessControl Invocation of getRowFilters(context=io.prestosql.security.SecurityContext@66d304f, tableName=mysql.test.test_table) succeeded in 819.99us
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:20.417Z INFO Query-20201101_204019_00000_9jt42-208 io.prestosql.plugin.base.security.FileBasedSystemAccessControl Refreshing system access control from /var/presto/etc/accesss-rules.json
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:20.433Z DEBUG Query-20201101_204019_00000_9jt42-208 io.prestosql.security.AccessControl Invocation of checkCanSelectFromColumns(context=io.prestosql.security.SecurityContext@66d304f, tableName=mysql.test.test_table, columnNames=[tinyint_1, tinyint_2, int_1, int_10]) took 15.47ms and failed with io.prestosql.spi.security.AccessDeniedException: Access Denied: Cannot select from table mysql.test.test_table
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:20.437Z DEBUG dispatcher-query-2 io.prestosql.execution.QueryStateMachine Query 20201101_204019_00000_9jt42 is FAILED
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:20.437Z DEBUG dispatcher-query-1 io.prestosql.execution.QueryStateMachine Query 20201101_204019_00000_9jt42 failed
presto-coordinator-5c69cd7479-fmbc7 coordinator io.prestosql.spi.security.AccessDeniedException: Access Denied: Cannot select from table mysql.test.test_table
presto-coordinator-5c69cd7479-fmbc7 coordinator at io.prestosql.spi.security.AccessDeniedException.denySelectTable(AccessDeniedException.java:278)
presto-coordinator-5c69cd7479-fmbc7 coordinator at io.prestosql.spi.security.AccessDeniedException.denySelectTable(AccessDeniedException.java:273)
presto-coordinator-5c69cd7479-fmbc7 coordinator at io.prestosql.plugin.base.security.FileBasedSystemAccessControl.checkCanSelectFromColumns(FileBasedSystemAccessControl.java:632)
presto-coordinator-5c69cd7479-fmbc7 coordinator at io.prestosql.plugin.base.security.ForwardingSystemAccessControl.checkCanSelectFromColumns(ForwardingSystemAccessControl.java:244)
presto-coordinator-5c69cd7479-fmbc7 coordinator at io.prestosql.security.AccessControlManager.lambda$checkCanSelectFromColumns(AccessControlManager.java:727)
presto-coordinator-5c69cd7479-fmbc7 coordinator at io.prestosql.security.AccessControlManager.systemAuthorizationCheck(AccessControlManager.java:950)
presto-coordinator-5c69cd7479-fmbc7 coordinator at io.prestosql.security.AccessControlManager.checkCanSelectFromColumns(AccessControlManager.java:727)
presto-coordinator-5c69cd7479-fmbc7 coordinator at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
presto-coordinator-5c69cd7479-fmbc7 coordinator at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
presto-coordinator-5c69cd7479-fmbc7 coordinator at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
presto-coordinator-5c69cd7479-fmbc7 coordinator at java.base/java.lang.reflect.Method.invoke(Method.java:566)
presto-coordinator-5c69cd7479-fmbc7 coordinator at io.prestosql.plugin.base.util.LoggingInvocationHandler.handleInvocation(LoggingInvocationHandler.java:60)
presto-coordinator-5c69cd7479-fmbc7 coordinator at com.google.common.reflect.AbstractInvocationHandler.invoke(AbstractInvocationHandler.java:86)
presto-coordinator-5c69cd7479-fmbc7 coordinator at com.sun.proxy.$Proxy112.checkCanSelectFromColumns(Unknown Source)
presto-coordinator-5c69cd7479-fmbc7 coordinator at io.prestosql.security.ForwardingAccessControl.checkCanSelectFromColumns(ForwardingAccessControl.java:297)
presto-coordinator-5c69cd7479-fmbc7 coordinator at io.prestosql.sql.analyzer.Analyzer.lambda$analyze[=12=](Analyzer.java:88)
presto-coordinator-5c69cd7479-fmbc7 coordinator at java.base/java.util.LinkedHashMap.forEach(LinkedHashMap.java:684)
presto-coordinator-5c69cd7479-fmbc7 coordinator at io.prestosql.sql.analyzer.Analyzer.lambda$analyze(Analyzer.java:87)
presto-coordinator-5c69cd7479-fmbc7 coordinator at java.base/java.util.LinkedHashMap.forEach(LinkedHashMap.java:684)
presto-coordinator-5c69cd7479-fmbc7 coordinator at io.prestosql.sql.analyzer.Analyzer.analyze(Analyzer.java:86)
presto-coordinator-5c69cd7479-fmbc7 coordinator at io.prestosql.sql.analyzer.Analyzer.analyze(Analyzer.java:75)
presto-coordinator-5c69cd7479-fmbc7 coordinator at io.prestosql.execution.SqlQueryExecution.analyze(SqlQueryExecution.java:257)
presto-coordinator-5c69cd7479-fmbc7 coordinator at io.prestosql.execution.SqlQueryExecution.<init>(SqlQueryExecution.java:183)
presto-coordinator-5c69cd7479-fmbc7 coordinator at io.prestosql.execution.SqlQueryExecution$SqlQueryExecutionFactory.createQueryExecution(SqlQueryExecution.java:759)
presto-coordinator-5c69cd7479-fmbc7 coordinator at io.prestosql.dispatcher.LocalDispatchQueryFactory.lambda$createDispatchQuery[=12=](LocalDispatchQueryFactory.java:123)
presto-coordinator-5c69cd7479-fmbc7 coordinator at io.prestosql.$gen.Presto_345____20201101_191624_2.call(Unknown Source)
presto-coordinator-5c69cd7479-fmbc7 coordinator at com.google.common.util.concurrent.TrustedListenableFutureTask$TrustedFutureInterruptibleTask.runInterruptibly(TrustedListenableFutureTask.java:125)
presto-coordinator-5c69cd7479-fmbc7 coordinator at com.google.common.util.concurrent.InterruptibleTask.run(InterruptibleTask.java:69)
presto-coordinator-5c69cd7479-fmbc7 coordinator at com.google.common.util.concurrent.TrustedListenableFutureTask.run(TrustedListenableFutureTask.java:78)
presto-coordinator-5c69cd7479-fmbc7 coordinator at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
presto-coordinator-5c69cd7479-fmbc7 coordinator at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
presto-coordinator-5c69cd7479-fmbc7 coordinator at java.base/java.lang.Thread.run(Thread.java:834)
presto-coordinator-5c69cd7479-fmbc7 coordinator
presto-coordinator-5c69cd7479-fmbc7 coordinator
presto-coordinator-5c69cd7479-fmbc7 coordinator 2020-11-01T20:40:20.520Z INFO dispatcher-query-1 io.prestosql.event.QueryMonitor TIMELINE: Query 20201101_204019_00000_9jt42 :: Transaction:[039c11ba-b2a6-4f6c-ad3f-8f864392d7f9] :: elapsed 815ms :: planning 815ms :: waiting 0ms :: scheduling 0ms :: running 0ms :: finishing 0ms :: begin 2020-11-01T20:40:19.618Z :: end 2020-11-01T20:40:20.433Z
我想我找到了问题所在。我明确地添加了默认值(根据 table 规则 ("group": ".*") 中组密钥的 documentation for Presto 345)。我没有在我的设置中指定任何组。删除组密钥已修复访问问题。