Skip to content

Starburst Integration

Deprecation notice

Support for this integration has been deprecated. Use the Starburst v2.0 integration instead.

Supported Versions

Immuta SaaS only supports this integration with Starburst Enterprise.


Immuta connects to Starburst as a plugin integration. This allows Immuta to apply policies directly in Starburst without data flowing through a proxy. Users can work within their existing Starburst tooling (querying, reporting, etc.) and have per-user policies applied into views at query time.


With Starburst Enterprise, the Immuta plugin comes prepackaged, streamlining the installation experience. Administrators create an immuta catalog that is managed by the custom Immuta Trino connector that generates the list of available schemas and views at query time based on the user making the request. When a user executes a query against one of the Immuta views, the connector dynamically generates the view definition and provides that to the Trino Execution Engine, which then connects to the backing catalogs and retrieves the data with appropriate policy enforcement.

Policy Enforcement

This integration uses a plugin to create policy-enforced view definitions that users access through an immuta catalog. When Starburst tables are registered in Immuta as data sources, these data sources are dynamically generated as views in the immuta catalog on the Starburst node. Then, users subscribed to those data sources in Immuta query the corresponding protected views in Starburst.

Changes to policies, user attributes, or data sources registered in Immuta trigger webhooks that keep these views up-to-date, empowering users to query policy-enforced data.

Data Flow

  1. An Immuta Application Administrator configures the Starburst integration, creating an Immuta catalog and connector on their Starburst node.
  2. Immuta creates a catalog inside the configured Starburst node.
  3. A Data Owner registers Starburst tables in Immuta as data sources. A Data Owner, Data Governor, or Administrator creates or changes a policy or user in Immuta.
  4. Data source metadata, tags, user metadata, and policy definitions are stored in Immuta's Metadata Database.
  5. The Immuta connector generates and provides the view definition to the Trino Execution Engine.
  6. A Starburst user who is subscribed to the data source in Immuta queries the corresponding table directly in Starburst through the immuta database.
  7. Using the querying user's project, purpose, and entitlements, Immuta applies policies to the views at query time, so the user sees policy-enforced data.

Trino Integration