Starburst PostgreSQL connector#

The Starburst PostgreSQL connector is an extended version of the PostgreSQL connector with configuration and usage identical.

The following improvements are included:

Note

The additional features of the connector require a valid Starburst Enterprise license, unless otherwise noted.

Performance#

The connector includes a number of performance improvements, detailed in the following sections.

Table statistics#

This feature is available for free, and does not require a valid license.

The PostgreSQL connector supports table and column statistics to improve query processing performance based on the actual data in the data source.

The statistics are collected by PostgreSQL and retrieved by the connector.

To collect statistics for a table, execute the following statement in PostgreSQL.

ANALYZE table_schema.table_name;

Refer to PostgreSQL documentation for additional ANALYZE options.

Pushdown#

The connector supports pushdown for a number of operations:

Dynamic filtering#

Dynamic filtering is enabled by default. It causes the connector to wait for dynamic filtering to complete before starting a JDBC query.

You can disable dynamic filtering by setting the property dynamic-filtering.enabled in your catalog properties file to false.

Caching table projections#

The connectors supports table scan redirection to improve performance and reduce load on the data source.

Security#

The connector includes a number of security-related features, detailed in the following sections.

User impersonation#

The PostgreSQL connector supports user impersonation.

User impersonation can be enabled in the catalog file:

postgresql.impersonation.enabled=true

User impersonation in PostgreSQL connector is based on SET ROLE. For more details visit: www.postgresql.org/docs.

Kerberos authentication#

The PostgreSQL connector supports Kerberos-based authentication with the following configuration:

postgresql.authentication.type=KERBEROS
kerberos.client.principal=example@example.com
kerberos.client.keytab=etc/kerberos/example.keytab
kerberos.config=etc/kerberos/krb5.conf

With this configuration the user example@example.com, defined in the principal property, is used to connect to the database, and the related Kerberos service ticket is located in the example.keytab file.

Kerberos credential pass-through#

The PostgreSQL connector can be configured to pass through Kerberos credentials, received by SEP, to the PostgreSQL database.

Configure Kerberos and SEP, following the instructions in Kerberos credential pass-through.

Then configure the connector to pass through the credentials from the server to the database in your catalog properties file and ensure the Kerberos client configuration properties are in place on all nodes.

postgresql.authentication.type=KERBEROS_PASS_THROUGH
http.authentication.krb5.config=/etc/krb5.conf
http-server.authentication.krb5.service-name=exampleServiceName
http-server.authentication.krb5.keytab=/path/to/Keytab/File

Now any database access via SEP is subject to the data access restrictions and permissions of the user supplied via Kerberos.

Password credential pass-through#

The connector supports password credential pass-through. To enable it, edit the catalog properties file to include the authentication type:

postgresql.authentication.type=PASSWORD_PASS_THROUGH

For more information about configurations and limitations, see Password credential pass-through.