Skip to content

You are viewing documentation for Immuta version 2022.1.

For the latest version, view our documentation for Immuta SaaS or the latest self-hosted version.

Trino and Starburst Pre-Configuration Details

Audience: System Administrators, Data Owners, and Data Users

Content Summary: This page describes the Trino and Starburst integration, configuration options, and features.

See the Trino integration page for a tutorial on enabling Trino or Starburst and these features through the App Settings page.

Feature Availability

Project Workspaces Trino Tag Ingestion User Impersonation Native Query Audit Multiple Integrations
❌ ❌ ✅ ✅ ✅

Starburst-Specific Details

Prerequisites

Tag Ingestion

The Immuta Trino integration cannot ingest tags from Trino or Starburst, but you can connect any of these supported external catalogs to work with your integration.

User Impersonation

Native impersonation allows users to natively query data as another Immuta user. To enable native user impersonation, see the Integration User Impersonation page.

Native Query Audit

When the Trino Event Listener is enabled during the installation, Immuta can translate those events into comprehensive audit logs for users with the Immuta AUDIT permission to view. For more information about what is included in those audit logs, see the Trino and Starburst Audit Logs page.

Multiple Trino and Starburst Instances

A user can configure multiple integrations of Trino or Starburst with a single Immuta instance and use them dynamically.

Limitations

  • Immuta will not be able to accurately represent certain deprecated policies in Trino, and data sources with these policies applied will not appear in the Immuta catalog. This limitation includes data sources

    • that have a differential privacy policy applied,
    • with an external policy handler, or
    • that are using the Advanced Rules DSL.
  • Certain interpolation functions can block the creation of a native view, specifically @interpolatedComparison() and @iam.

  • Trino supports an optional anonymous (no authentication) access, which is not supported through Immuta because Immuta ties the Trino user account to the Immuta user account to correctly apply policies. If your organization allows anonymous access, you will not be able to use this integration.