# Redshift Pre-Configuration Details

This page describes the Redshift integration, configuration options, and features. For a tutorial to enable this integration, see the [installation guide](/latest/configuration/integrations/redshift/how-to-guides/redshift.md).

## Feature Availability

| Project Workspaces | Tag Ingestion | User Impersonation   | Query Audit | Multiple Integrations |
| ------------------ | ------------- | -------------------- | ----------- | --------------------- |
| :x:                | :x:           | :white\_check\_mark: | :x:         | :white\_check\_mark:  |

## Prerequisite

For automated installations, the credentials provided must be a Superuser or have the ability to create databases and users and modify grants.

## Supported Features

* Redshift datashares
* Redshift Serverless
* [Redshift Spectrum](https://docs.aws.amazon.com/redshift/latest/dg/c-getting-started-using-spectrum.html) For configuration and data source registration instructions, see the [configuration page](/latest/configuration/integrations/redshift/how-to-guides/redshift-spectrum.md).

## Authentication Methods

The Redshift integration supports the following authentication methods to configure the integration and create data sources:

* **Username and Password**: Users can authenticate with their Redshift username and password.
* **AWS Access Key**: Users can authenticate with an [AWS access key](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html).

## Tag Ingestion

Immuta cannot ingest tags from Redshift, but you can connect any of these [supported external catalogs](/latest/configuration/manage-data-metadata/catalogs/reference-guides/pre-configuration.md) to work with your integration.

## User Impersonation

{% hint style="info" %}
**Required Redshift privileges**

**Setup User**:

* `OWNERSHIP ON GROUP IMMUTA_IMPERSONATOR_ROLE`
* `CREATE GROUP`

**Immuta System Account**:

* `GRANT EXECUTE ON PROCEDURE grant_impersonation`
* `GRANT EXECUTE ON PROCEDURE revoke_impersonation`
  {% endhint %}

Impersonation allows users to query data as another Immuta user in Redshift. To enable user impersonation, see the [Configure Redshift guide](/latest/configuration/integrations/redshift/how-to-guides/redshift.md).

## Multiple Integrations

Users can enable multiple [Redshift integrations](/latest/configuration/integrations/redshift/how-to-guides/redshift.md) with a single Immuta tenant.

## Redshift Limitations

* The host of the data source must match the host of the connection for the view to be created.
* When using multiple Redshift integrations, a user has to have the same user account across all hosts.
* Case sensitivity of database, table, and column identifiers is not supported. The [<mark style="color:blue;">`enable_case_sensitive_identifier`</mark> <mark style="color:blue;">parameter</mark>](https://docs.aws.amazon.com/redshift/latest/dg/r_enable_case_sensitive_identifier.html) must be set to `false` (default setting) for your Redshift cluster to configure the integration and register data sources.

### Python UDF Specific Limitations

For most policy types in Redshift, Immuta uses SQL clauses to implement enforcement logic; however Immuta uses Python UDFs in the Redshift integration to implement the following masking policies:

* Masking using a regular expression
* Reversible masking
* Format-preserving masking
* Randomized response

The number of Python UDFs that can run concurrently per Redshift cluster is limited to one-fourth of the total concurrency level for the cluster. For example, if the Redshift cluster is configured with a concurrency of 15, a maximum of three Python UDFs can run concurrently. After the limit is reached, Python UDFs are queued for execution within workload management queues.

The `SVL_QUERY_QUEUE_INFO` view in Redshift, which is visible to a Redshift superuser, summarizes details for queries that spent time in a workload management (WLM) query queue. Queries must be completed in order to appear as results in the `SVL_QUERY_QUEUE_INFO` view.

If you find that queries on Immuta-built views are spending time in the workload management (WLM) query queue, you should either edit your Redshift cluster configuration to increase concurrency, or use fewer of the masking policies which leverage Python UDFs. For more information on increasing concurrency, see the Redshift docs on implementing [workload management](https://docs.aws.amazon.com/redshift/latest/dg/cm-c-implementing-workload-management.html).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://documentation.immuta.com/latest/configuration/integrations/redshift/reference-guides/pre-configuration.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.