Security#

You’ve come to the right place if you’re looking for in-depth information about the security features of the Starburst Enterprise platform (SEP).

If you’re just starting to set up a cluster, we suggest going through our video training on securing Trino. The basic topics for securing Trino and SEP are the same, including:

  • Client to server encryption

  • Authentication and authorization in Trino

  • Securing Trino’s internal communications

  • Hive catalog security

View the training!

Introduction#

Learn about the basic workflow for securing your SEP cluster.

Cluster security#

Cluster security topics cover both securing external client access to your SEP cluster, and internal communications between cluster resources. Secrets are available for use in any configuration file throughout SEP to provide a secure means of managing values such as usernames, passwords and other strings used in the cluster through your provisioning system.

Authentication#

When setting up a new cluster, start with simple password file authentication. Once access to your cluster is secured, SEP provides a number of production-level options for authenticating users such as LDAP, Okta or OAuth 2.0.

Delegated authentication#

The pass-through features guarantee that SEP uses the same token as a user directly accessing a data source.

Once authenticated, users are authorized by one of SEP’s available access control systems, including our comprehensive built-in access control.

Built-in access control#

Starburst Enterprise platform (SEP) provides a built-in role-based access control system that is integrated with the Starburst Enterprise web UI. This system makes it easy to configure any user’s correct access rights to catalogs, individual schemas, and tables.

Other access control systems#

If your organization uses Ranger, Privacera, or Immuta, SEP integrates with those access control systems.

Miscellaneous security options#

Learn about other security options that may apply to your environment.