yandex_trino_access_control (Resource)

Access control configuration for Managed Trino cluster.

Example usageExample usage

resource "yandex_trino_access_control" "trino_access_control" {
  cluster_id  = yandex_trino_cluster.trino.id
  catalogs = [
    {
      catalog = {
        ids = [
          yandex_trino_catalog.iceberg.id,
          yandex_trino_catalog.postgres.id,
        ]
      }
      users       = ["<iam_user_id>"]
      groups      = ["<iam_group_id>"]
      description = "Catalog access rule"
      permission  = "ALL"
    },
    {
      catalog = {
        name_regexp = "prod_.*"
      }
      permission = "NONE"
    },
    {
      permission = "READ_ONLY"
    },
  ]
}

SchemaSchema

RequiredRequired

• cluster_id (String) ID of the Trino cluster. Provided by the client when the Access Control is created.

OptionalOptional

• catalog_session_properties (Attributes List) Catalog session property access control rules. (see below for nested schema)
• catalogs (Attributes List) Catalog level access control rules. (see below for nested schema)
• functions (Attributes List) Function level access control rules. (see below for nested schema)
• procedures (Attributes List) Procedure level access control rules. (see below for nested schema)
• queries (Attributes List) Query level access control rules. (see below for nested schema)
• schemas (Attributes List) Schema level access control rules. (see below for nested schema)
• system_session_properties (Attributes List) System session property access control rules. (see below for nested schema)
• tables (Attributes List) Table level access control rules. (see below for nested schema)
• timeouts (Block, Optional) (see below for nested schema)

Nested Schema for Nested Schema for catalog_session_properties

Required:

• allow (String) Whether the rule allows setting the property. Valid values: NO, YES

Optional:

• catalog (Attributes) Catalog matcher specifying what catalogs the rule is applied to. Exactly one of name_regexp, ids attributes should be set. (see below for nested schema)
• description (String) Rule description.
• groups (List of String) IAM group IDs the rule is applied to.
• property (Attributes) Matcher specifying what properties the rule is applied to. Exactly one of name_regexp, names attributes should be set. (see below for nested schema)
• users (List of String) IAM user IDs the rule is applied to.

Nested Schema for Nested Schema for catalog_session_properties.catalog

Optional:

• ids (List of String) Catalog IDs rule is applied to.
• name_regexp (String) Catalog name regexp the rule is applied to.

Nested Schema for Nested Schema for catalog_session_properties.property

Optional:

• name_regexp (String) Property name regexp the rule is applied to.
• names (List of String) Property names rule is applied to.

Nested Schema for Nested Schema for catalogs

Required:

• permission (String) Permission granted by the rule. Valid values: NONE, READ_ONLY, ALL

Optional:

• catalog (Attributes) Catalog matcher specifying what catalogs the rule is applied to. Exactly one of name_regexp, ids attributes should be set. (see below for nested schema)
• description (String) Rule description.
• groups (List of String) IAM group IDs the rule is applied to.
• users (List of String) IAM user IDs the rule is applied to.

Nested Schema for Nested Schema for catalogs.catalog

Optional:

• ids (List of String) Catalog IDs rule is applied to.
• name_regexp (String) Catalog name regexp the rule is applied to.

Nested Schema for Nested Schema for functions

Optional:

• catalog (Attributes) Catalog matcher specifying what catalogs the rule is applied to. Exactly one of name_regexp, ids attributes should be set. (see below for nested schema)
• description (String) Rule description.
• function (Attributes) Matcher specifying what functions the rule is applied to. Exactly one of name_regexp, names attributes should be set. (see below for nested schema)
• groups (List of String) IAM group IDs the rule is applied to.
• privileges (List of String) Privileges granted by the rule. Valid values: EXECUTE, GRANT_EXECUTE, OWNERSHIP.
• schema (Attributes) Matcher specifying what Schemas the rule is applied to. Exactly one of name_regexp, names attributes should be set. (see below for nested schema)
• users (List of String) IAM user IDs the rule is applied to.

Nested Schema for Nested Schema for functions.catalog

Optional:

• ids (List of String) Catalog IDs rule is applied to.
• name_regexp (String) Catalog name regexp the rule is applied to.

Nested Schema for Nested Schema for functions.function

Optional:

• name_regexp (String) Function name regexp the rule is applied to.
• names (List of String) Function names rule is applied to.

Nested Schema for Nested Schema for functions.schema

Optional:

• name_regexp (String) Schema name regexp the rule is applied to.
• names (List of String) Schema names rule is applied to.

Nested Schema for Nested Schema for procedures

Optional:

• catalog (Attributes) Catalog matcher specifying what catalogs the rule is applied to. Exactly one of name_regexp, ids attributes should be set. (see below for nested schema)
• description (String) Rule description.
• groups (List of String) IAM group IDs the rule is applied to.
• privileges (List of String) Privileges granted by the rule. Valid values: EXECUTE.
• procedure (Attributes) Matcher specifying what procedures the rule is applied to. Exactly one of name_regexp, names attributes should be set. (see below for nested schema)
• schema (Attributes) Matcher specifying what Schemas the rule is applied to. Exactly one of name_regexp, names attributes should be set. (see below for nested schema)
• users (List of String) IAM user IDs the rule is applied to.

Nested Schema for Nested Schema for procedures.catalog

Optional:

• ids (List of String) Catalog IDs rule is applied to.
• name_regexp (String) Catalog name regexp the rule is applied to.

Nested Schema for Nested Schema for procedures.procedure

Optional:

• name_regexp (String) Procedure name regexp the rule is applied to.
• names (List of String) Procedure names rule is applied to.

Nested Schema for Nested Schema for procedures.schema

Optional:

• name_regexp (String) Schema name regexp the rule is applied to.
• names (List of String) Schema names rule is applied to.

Nested Schema for Nested Schema for queries

Optional:

• description (String) Rule description.
• groups (List of String) IAM group IDs the rule is applied to.
• privileges (List of String) Privileges granted by the rule. Valid values: VIEW, EXECUTE, KILL.
• query_owners (List of String) Owners of queries the rule is applied to.
• users (List of String) IAM user IDs the rule is applied to.

Nested Schema for Nested Schema for schemas

Required:

• owner (String) Ownership granted by the rule. Valid values: NO, YES

Optional:

• catalog (Attributes) Catalog matcher specifying what catalogs the rule is applied to. Exactly one of name_regexp, ids attributes should be set. (see below for nested schema)
• description (String) Rule description.
• groups (List of String) IAM group IDs the rule is applied to.
• schema (Attributes) Matcher specifying what schemas the rule is applied to. Exactly one of name_regexp, names attributes should be set. (see below for nested schema)
• users (List of String) IAM user IDs the rule is applied to.

Nested Schema for Nested Schema for schemas.catalog

Optional:

• ids (List of String) Catalog IDs rule is applied to.
• name_regexp (String) Catalog name regexp the rule is applied to.

Nested Schema for Nested Schema for schemas.schema

Optional:

• name_regexp (String) Schema name regexp the rule is applied to.
• names (List of String) Schema names rule is applied to.

Nested Schema for Nested Schema for system_session_properties

Required:

• allow (String) Whether the rule allows setting the property. Valid values: NO, YES

Optional:

• description (String) Rule description.
• groups (List of String) IAM group IDs the rule is applied to.
• property (Attributes) Matcher specifying what properties the rule is applied to. Exactly one of name_regexp, names attributes should be set. (see below for nested schema)
• users (List of String) IAM user IDs the rule is applied to.

Nested Schema for Nested Schema for system_session_properties.property

Optional:

• name_regexp (String) Property name regexp the rule is applied to.
• names (List of String) Property names rule is applied to.

Nested Schema for Nested Schema for tables

Optional:

• catalog (Attributes) Catalog matcher specifying what catalogs the rule is applied to. Exactly one of name_regexp, ids attributes should be set. (see below for nested schema)
• columns (Attributes List) Column rules. (see below for nested schema)
• description (String) Rule description.
• filter (String) Boolean SQL expression to filter table rows for particular user.
• groups (List of String) IAM group IDs the rule is applied to.
• privileges (List of String) Privileges granted by the rule. Valid values: SELECT, INSERT, DELETE, UPDATE, OWNERSHIP, GRANT_SELECT.
• schema (Attributes) Matcher specifying what Schemas the rule is applied to. Exactly one of name_regexp, names attributes should be set. (see below for nested schema)
• table (Attributes) Matcher specifying what tables the rule is applied to. Exactly one of name_regexp, names attributes should be set. (see below for nested schema)
• users (List of String) IAM user IDs the rule is applied to.

Nested Schema for Nested Schema for tables.catalog

Optional:

• ids (List of String) Catalog IDs rule is applied to.
• name_regexp (String) Catalog name regexp the rule is applied to.

Nested Schema for Nested Schema for tables.columns

Required:

• access (String) Column access mode. Valid values: NONE, ALL
• name (String) Column name.

Optional:

• mask (String) SQL expression mask to evaluate instead of original column values.

Nested Schema for Nested Schema for tables.schema

Optional:

• name_regexp (String) Schema name regexp the rule is applied to.
• names (List of String) Schema names rule is applied to.

Nested Schema for Nested Schema for tables.table

Optional:

• name_regexp (String) Table name regexp the rule is applied to.
• names (List of String) Table names rule is applied to.

Nested Schema for Nested Schema for timeouts

Optional:

• create (String) A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
• delete (String) A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
• update (String) A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).

ImportImport

The resource can be imported by using their cluster ID. For getting the cluster ID you can use Yandex Cloud Web Console or YC CLI.

# terraform import yandex_trino_access_control.<resource Name> <cluster Id>
terraform import yandex_trino_access_control.my_trino_access_control c9qk5**********h6a91