Unable to select from view in FileBasedSystemAccessControl read-only catalog

[vincentpoon]

presto:test> create table test.test_base_table(pk varchar); CREATE TABLE presto:test> create view test.test_view as select * from test.test_base_table; CREATE VIEW presto:test> grant select on test.test_view to test_user; GRANT

Now user test_user is able to select from the view.

However, then enable File Based System Access Control with the following access policy:

{ "catalogs": [ { "allow": "read-only" } ] }

Now the user test_user is unable to select from the view:

Access Denied: View owner 'vincent.poon' cannot create view that selects from ...

[findepi]

cc @dain

[byungnam]

Slack discussion thread: https://trinodb.slack.com/archives/CGB0QHWSW/p1626321435442400

In short, current Trino acl implementation of select from view requires CREATE permission. It needs to be fixed.

[nerstak]

Hello! Is there any update on this issue?

Would it be possible to allow to select views even with "allow": "read-only", and without being the owner of the view?

I've found this line to be the blocking point: https://github.com/trinodb/trino/blob/69d128bc8d77d1a2fb3da1fdacba26a4e4349088/lib/trino-plugin-toolkit/src/main/java/io/trino/plugin/base/security/FileBasedSystemAccessControl.java#L763

[maxpoulain]

Hello !

Is there any update on this issue ? @dain @vincentpoon @byungnam

Thanks,

Maxime