diff --git a/trino docker/OPA_Tests/docker-compose.yml b/trino docker/OPA_Tests/docker-compose.yml
new file mode 100644
index 000000000..28bf9b61b
--- /dev/null
+++ b/trino docker/OPA_Tests/docker-compose.yml	
@@ -0,0 +1,17 @@
+version: "3.9"
+services:
+  opaservice:
+    container_name: opa_tests
+    image: openpolicyagent/opa:latest
+    ports:
+      - 9090:8181 
+    command:
+      - "test"
+      - "testting" 
+      - "-v"
+    volumes:
+      - ./opa/config.yaml:/config.yaml
+      - ./opa/log.properties:/etc/log.properties
+      - ./rego:/testting
+
+
diff --git a/trino docker/OPA_Tests/opa/config.yaml b/trino docker/OPA_Tests/opa/config.yaml
new file mode 100644
index 000000000..2bce8d69b
--- /dev/null
+++ b/trino docker/OPA_Tests/opa/config.yaml	
@@ -0,0 +1,13 @@
+services:
+  acmecorp:
+    url: https://host.docker.internal:7157/api/OPA/BundleGetv2
+    allow_insecure_tls : true
+
+bundles:
+  authz:
+    service: acmecorp
+    resource: somedir/bundle.tar.gz
+    persist: true
+    polling:
+      min_delay_seconds: 60
+      max_delay_seconds: 120
diff --git a/trino docker/OPA_Tests/opa/log.properties b/trino docker/OPA_Tests/opa/log.properties
new file mode 100644
index 000000000..642020558
--- /dev/null
+++ b/trino docker/OPA_Tests/opa/log.properties	
@@ -0,0 +1 @@
+io.trino=DEBUG
\ No newline at end of file
diff --git a/trino docker/OPA_Tests/rego/Policy.rego b/trino docker/OPA_Tests/rego/Policy.rego
new file mode 100644
index 000000000..8a0b8605f
--- /dev/null
+++ b/trino docker/OPA_Tests/rego/Policy.rego	
@@ -0,0 +1,35 @@
+package policy
+
+import rego.v1
+
+default allow := false
+
+#allow all highest level access
+allow if {
+	input.action.operation == "ExecuteQuery"
+}
+
+#allow catalog - only iceberg
+allow if {
+	input.action.operation == "AccessCatalog"
+	input.action.resource.catalog.name == "iceberg"
+}
+
+allow if {
+	input.action.operation == "SelectFromColumns"
+	user_in_correct_group
+}
+
+default user_roles := false
+
+groups_for_object contains group if {
+	some i
+	data.Perms[i].Project == input.action.resource.table.schemaName
+	group := data.Perms[i].Group
+}
+
+user_in_correct_group if {
+	some i, j
+	data.GroupMembers[i].Username == input.context.identity.user
+	data.GroupMembers[i].Group = groups_for_object[j]
+}
diff --git a/trino docker/OPA_Tests/rego/Policy_test.rego b/trino docker/OPA_Tests/rego/Policy_test.rego
new file mode 100644
index 000000000..bd881c306
--- /dev/null
+++ b/trino docker/OPA_Tests/rego/Policy_test.rego	
@@ -0,0 +1,107 @@
+package policy
+
+data = {
+    "Perms": [{
+            "Project": "sail0675v",
+            "Group": "SAIL_0675_Developer",
+            "PermType": "rw",
+            "Object": ""
+        }
+    ],
+    "GroupMembers": [{
+            "Group": "SAIL_0675_Developer",
+            "Username": "rawlinga"
+        }
+    ]
+}
+
+
+intput = {
+        "context": {
+            "identity": {
+                "user": "rawlinga",
+                "groups": []
+            },
+            "softwareStack": {
+                "trinoVersion": "444"
+            }
+        },
+        "action": {
+            "operation": "SelectFromColumns",
+            "resource": {
+                "table": {
+                    "catalogName": "postgresql",
+                    "schemaName": "sail0675v",
+                    "tableName": "cool",
+                    "columns": ["aaaaaa", "id"]
+                }
+            }
+        }
+    }
+
+test_Default {
+  allow 
+  with input as intput
+  with data as data
+}
+
+
+intput2 = {
+        "context": {
+            "identity": {
+                "user": "rawlinga",
+                "groups": []
+            },
+            "softwareStack": {
+                "trinoVersion": "444"
+            }
+        },
+        "action": {
+            "operation": "SelectFromColumns",
+            "resource": {
+                "table": {
+                    "catalogName": "postgresql",
+                    "schemaName": "nottheOne",
+                    "tableName": "cool",
+                    "columns": ["aaaaaa", "id"]
+                }
+            }
+        }
+    }
+
+test_schemaName_diff {
+  not allow 
+  with input as intput2
+  with data as data
+}
+
+
+
+intpu3 = {
+        "context": {
+            "identity": {
+                "user": "bob",
+                "groups": []
+            },
+            "softwareStack": {
+                "trinoVersion": "444"
+            }
+        },
+        "action": {
+            "operation": "SelectFromColumns",
+            "resource": {
+                "table": {
+                    "catalogName": "postgresql",
+                    "schemaName": "sail0675v",
+                    "tableName": "cool",
+                    "columns": ["aaaaaa", "id"]
+                }
+            }
+        }
+    }
+
+test_user_not_in {
+  not allow 
+  with input as intpu3
+  with data as data
+}
diff --git a/trino docker/OPA_Tests/rego/data.json b/trino docker/OPA_Tests/rego/data.json
new file mode 100644
index 000000000..5bab6460f
--- /dev/null
+++ b/trino docker/OPA_Tests/rego/data.json	
@@ -0,0 +1,14 @@
+{
+    "Perms": [{
+            "Project": "sail0675v",
+            "Group": "SAIL_0675_Developer",
+            "PermType": "rw",
+            "Object": ""
+        }
+    ],
+    "GroupMembers": [{
+            "Group": "SAIL_0675_Developer",
+            "Username": "rawlinga"
+        }
+    ]
+}
diff --git a/trino docker/OPA_Tests/run.bat b/trino docker/OPA_Tests/run.bat
new file mode 100644
index 000000000..7d0dc6c5a
--- /dev/null
+++ b/trino docker/OPA_Tests/run.bat	
@@ -0,0 +1 @@
+docker-compose up
\ No newline at end of file