Group mapping#
Group providers in Trino map usernames onto groups for easier access control and resource group management.
Configure a group provider by creating an etc/group-provider.properties file
on the coordinator:
group-provider.name=file
The value for group-provider.name must be either file or ldap and the
configuration of the chosen group provider must be included in the same file.
Property name |
Description |
|---|---|
|
Name of the group provider to use. Supported values are:
|
|
Optional transformation of the case of the group name. Supported values are:
Defaults to |
Integration with access control#
Groups resolved by the group provider are passed to Trino’s system access control engine. Access control rules can reference these group names to grant or restrict permissions.
File group provider#
The file group provider resolves group memberships with the configuration in the group-provider.properties file on the coordinator.
Configuration#
Enable the file group provider by creating an etc/group-provider.properties
file on the coordinator:
group-provider.name=file
file.group-file=/path/to/group.txt
The following configuration properties are available:
Property name |
Description |
|---|---|
|
Path of the group file. |
|
Duration between refreshing the group mapping
configuration from the file. Defaults to |
Group file format#
The group file contains a list of groups and members, one per line, separated by a colon. Users are separated by a comma.
group_name:user_1,user_2,user_3
LDAP group provider#
To configure the LDAP group provider, see LDAP group provider configuration.
