Dynamic Presto (Public Preview)
Audience: System Administrators
Content Summary: This page details how to install the Native Dynamic Presto access pattern. Native Presto is only available with certain licenses, please see your Immuta representative for more information. Native Dynamic Presto in Immuta is only compatible with PrestoSQL/Trino. PrestoDB is not supported.
1 - Enable Native Presto
- Click the App Settings icon in the left sidebar.
Click Enable in the Presto SQL Integration section.
The catalog configuration displayed in this section will need to be written out on all Presto nodes (/etc/presto/config/catalog/immuta.properties).
2 - Install Dynamic Presto Plugin
Best Practice: Immuta Archives Access Required
A user with access to Immuta's Archives site is required to conduct the download in this step. Credentials to access the site can be obtained by visiting the Immuta Download Site and logging in with your Immuta Accounts credentials. At the very bottom of the page is an All Archives section with a here link that will take you directly to the archives site with your account credentials already applied.
Download the Presto plugin from Immuta's Archives site.
Follow Presto's documentation to install the plugin:
- Create this directory:
- Upload the plugin file you downloaded in the directory.
- Create this directory:
Install the Immuta Presto plugin on all Presto nodes within your cluster.
3 - Create an
Follow Presto's documentation to create this catalog directory:
To configure the Immuta connector, mount the Immuta connector as the Immuta catalog: Create an
immuta.propertiesfile with the following contents, replacing the connection properties with your Presto Cluster Configuration displayed on the App Settings page:
connector.name=immuta immuta.endpoint=https://your-immuta-url.com/ immuta.apikey=<your-api-key>
Best Practice: Presto Database Structure
The top level is set based on the name of the catalog properties files in the
Use the name
immuta.properties for this file, which will result in a Presto catalog named “immuta.”
4 - Configure Event Listener on Your Cluster
Follow Presto's documentation to use the
Event Listener Configuration from the App Settings page with an
5 - Configure Presto to Block Access
Best Practice: Give Users
read-only Access to Immuta Catalog
read-only access to the Immuta catalog. This will prevent users from describing the views, which in
turn prevents them from seeing secrets involved in some masking policies.
Follow Presto's System Access Control documentation to configure Presto to block access to any catalog that is not Immuta so that all user access has policies enacted on it.