I created a view on iceberg catalog for my data product. Data product is created successfully
Catalog iceberg with HDFS
impersonation is disabled,
iceberg security is SYSTEM
Bizarre problem is this, When i logged in Starburst UI as data product user, user’s select view query is getting secrity exception during sql query statement analysis.
Caused by: io.trino.spi.TrinoException: Permission denied: user [fu_trino_dbtuser] does not have [SELECT] privilege on [ods/test_ercin_dev3]
My question is, why does Starburst use UI user during Hive metastore although impersonation is disabled? Has anyone configured dtaa products without granting access to base tables?
Thanks @lester for the reply
As you mentioned, I am expecting Starburst should leverage DEFINER (owner) during HMS and Base table access. Instead of doing this, during SQL statement analysis it is using logged in user to connect HMS.
For example if view query is SELECT 1 .Data product is working without issue. When I use another catalog such Oracle or Hive, I am getting “logged in user doesn’t have SELECT permission at base tables”. It seems systems is trying to get metadata before query execution but this way of working is weird for Enterprise Security