Protecting Data

In the Trino integration, the Trino Immuta plugin enforces policies on data registered in Immuta at query time. The sequence diagram below outlines the events that occur when an Immuta user who is subscribed to a data source queries it in Trino.

Registering a connection

Trino is configured and data is registered through connections, an Immuta feature that allows administrators to register data objects in a technology through a single connection to make data registration more scalable for your organization.

Once the Trino connection is registered, you can author subscription and data policies in Immuta to enforce access controls.

See the Trino integration reference guide for more details about registering a connection.

Protecting data

After data objects are registered in Immuta, you can author data and subscription policies in Immuta to enforce access controls.

Subscription policies

When a subscription policy is applied to a data source, users who meet the conditions of the policy will be automatically subscribed to the data source. Then, the Trino Immuta plugin will allow the user to query that object.

See the Author a subscription policy page for guidance on applying a subscription policy to a data source. See the Subscription policy access types page for details about the subscription policy types supported and Trino privileges Immuta grants on objects registered as Immuta data sources.

Data policies

When a data policy is applied to a data source and a user subscribed to that data source queries it, the Immuta Trino plugin will request the policy definitions from the Immuta API. The Immuta API returns a SQL view definition to represent data policies. After that, the user's query result will be returned with the policy-protected data.

See the Data policies page for guidance on authoring data policies in Immuta and the supported data policies for the Trino integration.