Starburst (Trino) Integration
Audience: System Administrators
Content Summary: This page describes the Starburst (Trino) integration, through which Immuta applies policies directly in the user's native technology.
See the Starburst (Trino) integration page for a tutorial on enabling the integration and these features through the App Settings page.
Starburst and Trino
Immuta connects to Starburst (Trino) as a plugin integration. This allows Immuta to apply policies directly in Starburst (Trino) without data flowing through a proxy. Users can work with their existing tools (querying, reporting, etc.) and have per-user policies applied into views at query time.
Once the plugin has been pushed out to all nodes, administrators
immuta catalog that
is managed by the custom Immuta Trino connector that generates the list of available schemas and views at
query time based on the user making the request. When a user executes a query against one of the Immuta views,
the connector dynamically generates the view definition and provides that to the Trino execution engine, which
then connects to the backing catalogs and retrieves the data with appropriate policy enforcement.
This integration uses an
immuta-trino plugin to create policy-enforced view definitions that users access
immuta catalog. (Note that even though the plugin is named
immuta-trino it works and comes
pre-installed with Starburst Enterprise.) When Starburst (Trino) tables are registered in Immuta as data sources,
these data sources are dynamically generated as views in the
immuta catalog on the Starburst (Trino) node. Then,
users subscribed to those data sources in Immuta query the corresponding protected views in Starburst (Trino).
Changes to policies, user attributes, or data sources registered in Immuta trigger webhooks that keep these views up-to-date, empowering users to query policy-enforced data.
- An Immuta Application Administrator configures the Starburst (Trino) integration, creating an Immuta catalog and connector on their Starburst (Trino) node.
- Immuta creates a catalog inside the configured Starburst (Trino) node.
- A Data Owner registers Starburst (Trino) tables in Immuta as data sources. A Data Owner, Data Governor, or Administrator creates or changes a policy or user in Immuta.
- Data source metadata, tags, user metadata, and policy definitions are stored in Immuta's Metadata Database.
- The Immuta connector generates and provides the view definition to the Trino Execution Engine.
- A Starburst (Trino) user who is subscribed to the data source in Immuta
queries the corresponding table directly in
Starburst (Trino) through the
- Using the querying user's project, purpose, and entitlements, Immuta applies policies to the views at query time, so the user sees policy-enforced data.