Deleting access rules in Managed Service for Trino

Written by

Yandex Cloud

Updated at January 29, 2026

You can delete all access rules applied within the cluster in one step.

Note

To delete a specific rule, delete its description from the configuration file and apply the changes.

CLI

Terraform

gRPC API

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

To delete all access rules for a Managed Service for Trino cluster, run this command:

yc managed-trino cluster remove-access-control <cluster_name_or_ID>

You can get the cluster ID and name with the list of clusters in the folder.

Open the current Terraform configuration file describing your infrastructure.

To learn how to create this file, see Creating a cluster.
Delete the yandex_trino_access_control resource from the configuration file.
Make sure the settings are correct.
1. In the command line, navigate to the directory that contains the current Terraform configuration files defining the infrastructure.
2. Run this command:
```
terraform validate
```
  Terraform will show any errors found in your configuration files.
Confirm updating the resources.
1. Run this command to view the planned changes:
```
terraform plan
```
  If you described the configuration correctly, the terminal will display a list of the resources to update and their parameters. This is a verification step that does not apply changes to your resources.
2. If everything looks correct, apply the changes:
  1. Run this command:
```
terraform apply
```
  2. Confirm updating the resources.
  3. Wait for the operation to complete.

For more information, see this Terraform provider guide.

Get an IAM token for API authentication and put it in an environment variable:
```
export IAM_TOKEN="<IAM_token>"
```
Clone the cloudapi repository:
```
cd ~/ && git clone --depth=1 https://github.com/yandex-cloud/cloudapi
```
Below, we assume that the repository contents reside in the ~/cloudapi/ directory.
Create a file named body.json and paste the following code into it:
```
{
  "cluster_id": "<cluster_ID>",
  "update_mask": {
    "paths": [
      "trino.access_control"
    ]
  },
  "trino": {
      "access_control": {}
  }
}
```
Where:
- cluster_id: Cluster ID.
  
  You can get the cluster ID with the list of clusters in the folder.
- update_mask: List of parameters to update as an array of strings (paths[]).
  Format for listing settings
  "update_mask": { "paths": [ "<setting_1>", "<setting_2>", ... "<setting_N>" ] }
  Warning
  
  When you update a cluster, all parameters of the object you are modifying will take their defaults unless explicitly provided in the request. To avoid this, list the settings you want to change in the update_mask parameter.
- access_control: Access rule configuration in the cluster.

Call the ClusterService.Update method, e.g., via the following gRPCurl request:

grpcurl \
  -format json \
  -import-path ~/cloudapi/ \
  -import-path ~/cloudapi/third_party/googleapis/ \
  -proto ~/cloudapi/yandex/cloud/trino/v1/cluster_service.proto \
  -rpc-header "Authorization: Bearer $IAM_TOKEN" \
  -d @ \
  trino.api.cloud.yandex.net:443 \
  yandex.cloud.trino.v1.ClusterService.Update \
  < body.json

Check the server response to make sure your request was successful.

Deleting access rules in Managed Service for Trino

Was the article helpful?