Accessing Data

Once data is registered through the Trino connection, you will access your data through your Trino cluster as you normally would. If you are subscribed to the data source, Immuta grants you access to the data in Trino.

When you submit a query, the Trino Immuta plugin reaches out to Immuta and then provides policy decisions to the Trino execution engine. Then, the Trino execution engine applies policies to the backing catalogs and processes the query. You then get back the policy-enforced data.

The diagram below illustrates how Immuta, the Trino Immuta plugin, and the Trino execution engine interact when you access data.

User impersonation

User impersonation allows Trino users to query data as another Immuta user. The Trino integration supports native Trino impersonation approaches:

• JDBC method: In your JDBC connection driver properties, set the sessionUser property to the Immuta user you want to impersonate. See the Starburst JDBC driver documentation for details.

• Trino CLI method: Set the --session-user property to specify the session user as the Immuta user you want to impersonate when invoking the Trino CLI. See the Trino release notes for details.

User impersonation is automatically enabled with your Trino integration, but the authenticated user must be given the IMPERSONATE_USER permission in Immuta or match the Trino immuta.user.admin regex configuration property.