14.8. Group Provider#
Presto can map usernames onto groups for easier access control management.
This mapping is performed by a
An LDAP group provider is bundled with SEP.
GroupProviderFactory is responsible for creating a
It also defines the name of the group provider as used in the configuration file.
GroupProvider contains a one method,
getGroups(String user) which
Set<String> of group names. This set of group names becomes part
ConnectorIdentity objects representing the user,
and can then be used by System Access Control.
The implementation of
GroupProvider and it’s corresponding
GroupProviderFactory must be wrapped as a Presto plugin and installed on the cluster.
After a plugin that implements
GroupProviderFactory has been installed on the coordinator, it is configured using an
All of the properties other than
group-provider.name are specific to the
group-provider.name property is used by Presto to find a registered
GroupProviderFactory based on the name returned by
The remaining properties are passed as a map to
Example configuration file:
group-provider.name=custom-group-provider custom-property1=custom-value1 custom-property2=custom-value2
With that file in place, Presto will attempt user group name resolution, and will be able to use the group names while evaluating access control rules.