Skip to content

Dynamic Presto (Beta)

Audience: System Administrators

Content Summary: This page details how to install the Native Dynamic Presto access pattern. Native Dynamic Presto in Immuta is only compatible with PrestoSQL. PrestoDB is not supported.

1 - Enable Native Presto

  1. Click the App Settings icon in the left sidebar.
  2. Click Enable in the Presto SQL Integration section.

    Dynamic Presto Enable

  3. Click Save.

The catalog configuration displayed in this section will need to be written out on all Presto nodes (/etc/presto/config/catalog/immuta.properties).

2 - Install Dynamic Presto Plugin

Best Practice: Immuta Archives Access Required

A user with access to Immuta's Archives site is required to conduct the download in this step. Credentials to access the site can be obtained by visiting the Immuta Download Site and logging in with your Immuta Accounts credentials. At the very bottom of the page is an All Archives section with a here link that will take you directly to the archives site with your account credentials already applied.

  1. Download the Presto plugin from Immuta's Archives site.

  2. Follow Presto's documentation to install the plugin:

    • Create this directory: /usr/lib/presto/plugin/immuta.
    • Upload the plugin file you downloaded in the directory.
  3. Install the Immuta Presto plugin on all Presto nodes within your cluster.

3 - Create an Immuta Catalog

  1. Follow Presto's documentation to create this catalog directory: /etc/presto/config/catalog.

  2. To configure the Immuta connector, mount the Immuta connector as the Immuta catalog: Create an immuta.properties file with the following contents, replacing the connection properties with your Presto Cluster Configuration displayed on the App Settings page:

    connector.name=immuta
    immuta.endpoint=https://your-immuta-url.com/
    immuta.apikey=<your-api-key>
    

Best Practice: Presto Database Structure

The top level is set based on the name of the catalog properties files in the /etc/presto/catalog directory. Use the name immuta.properties for this file, which will result in a Presto catalog named “immuta.”

4 - Configure Presto to Block Access

Best Practice: Give Users read-only Access to Immuta Catalog

Give users read-only access to the Immuta catalog. This will prevent users from describing the views, which in turn prevents them from seeing secrets involved in some masking policies.

Follow Presto's System Access Control documentation to configure Presto to block access to any catalog that is not Immuta so that all user access has policies enacted on it.