Audience: System Administrators
Content Summary: This page describes the Starburst integration.
See the Enable Starburst page to enable this integration.
Immuta SaaS only supports this integration with Starburst Enterprise.
Immuta connects to Starburst as a plugin integration. This allows Immuta to apply policies directly in Starburst without data flowing through a proxy. Users can work within their existing Starburst tooling (querying, reporting, etc.) and have per-user policies applied into views at query time.
With Starburst Enterprise, the Immuta plugin comes prepackaged, streamlining the installation experience. Administrators
immuta catalog that
is managed by the custom Immuta Trino connector that generates the list of available schemas and views at
query time based on the user making the request. When a user executes a query against one of the Immuta views,
the connector dynamically generates the view definition and provides that to the Trino Execution Engine, which
then connects to the backing catalogs and retrieves the data with appropriate policy enforcement.
This integration uses a plugin to create policy-enforced view definitions that users access
immuta catalog. When Starburst tables are registered in Immuta as data sources, these data sources
are dynamically generated as views in the
immuta catalog on the Starburst node. Then, users subscribed to those
data sources in Immuta query the corresponding protected views in Starburst.
Changes to policies, user attributes, or data sources registered in Immuta trigger webhooks that keep these views up-to-date, empowering users to query policy-enforced data.
- An Immuta Application Administrator configures the Starburst integration, creating an Immuta catalog and connector on their Starburst node.
- Immuta creates a catalog inside the configured Starburst node.
- A Data Owner registers Starburst tables in Immuta as data sources. A Data Owner, Data Governor, or Administrator creates or changes a policy or user in Immuta.
- Data source metadata, tags, user metadata, and policy definitions are stored in Immuta's Metadata Database.
- The Immuta connector generates and provides the view definition to the Trino Execution Engine.
- A Starburst user who is subscribed to the data source in Immuta
queries the corresponding table directly in
Starburst through the
- Using the querying user's project, purpose, and entitlements, Immuta applies policies to the views at query time, so the user sees policy-enforced data.