Trino

The PlainID Trino plugin is an access plugin to enable using the Platform's dynamic Policy-based authorization as part of any Trino query to receive data-filtering based on defined organization Authorization Policies. Essentially, for the column and row level of your database tables, you can determine access rights to all your users.

The PlainID Trino plugin is a System Access Control SPI responsible for intercepting Trino Authorization queries before they are executed and altering them according to the PlainID Policy Decision for a specific user.

The Platform offers unique support for database adaptive access using the policy resolution endpoint. This endpoint is designed to add/modify the SQL query the user tries to perform, so only authorized data is processed.

The PlainID Trino Plugin leverages the Policy Resolution endpoint to modify the Trino data selections granted or denied to users based on the Policies defined by the organization.

Trino Workflow

Usage Explanation

1. The end user attempts to accesses the application
2. The user is redirected to complete the authentication process on the IDP.
3. The application / BI tool requests access to data through Trino.
4. The Trino Authorizer requests an access decision from the Platform's PDP, which responds with a dynamically calculated access decision based on the policies configured within the Platform.
5. The response is translated to a filtered data query.
6. The original query is modified based on the Authorization Policy for the end user.