Security

You’ve come to the right place if you’re looking for in-depth information about the security features of the Starburst Enterprise platform (SEP). If you’re just starting to set up a cluster, we suggest going through our video training on securing Trino. The basic topics for securing Trino and SEP are the same, including: Client to server encryption Authentication and authorization in Trino Securing Trino’s internal communications Hive catalog security

View the training!

Introduction

• Security overview

Cluster access security

• HTTPS and TLS
• PEM files
• JKS files

Authentication

• Authentication types
• LDAP authentication
• Password file authentication
• Salesforce authentication
• OAuth 2.0 authentication
• OAuth 2.0 identity providers
• Okta authentication
• Kerberos authentication
• CLI Kerberos authentication
• Certificate authentication
• JWT authentication

User name management

• User mapping
• File group provider
• LDAP group provider

Access control

• Access control overview
• System access control
• File system access control
• User impersonation
• Password credential pass-through
• Kerberos credential pass-through
• OAuth 2.0 token pass-through

Apache Ranger access control

• Apache Ranger overview
• Global access control with Apache Ranger
• Hive and Delta Lake access control with Apache Ranger
• Global access control with the Privacera Platform
• Hive access control with the Privacera Platform
• Hive access control with Apache Sentry

Security inside the cluster

• Secure internal communication
• Secrets

Auditing

• Query audit