- User Portal
- About the Platform
- Getting Started
- About Tenants
- About Environments
- About PAAs and PIP Settings
- Identity Workspace
- Authorization Workspace
- Orchestration Workspace
- About Policies
- About the Certification Process
- About Audit Reports
- About the Policy Simulator
- Developer Portal
- Admin Portal
- Architecture Diagram and High-Level Components
- Key Platform Components
- Tenant Admin
- Policy Information Point (PIP)
- Policy Authorization Agent (PAA)
- PlainID Token Enrichment Service
- Authorizers
- SaaS Authorization Management
- Token Enrichment Authorization Pattern
- API Access Authorization Pattern
- Data Access Authorization Pattern
- Amazon API Gateway
- Apigee
- Auth0
- Denodo
- Envoy
- Google BigQuery
- Istio
- Java Data Access SDK
- Microsoft Entra ID
- Microsoft Power BI
- NodeJS SDK
- Okta
- Ping
- Snowflake
- SQL Database Authorizer
- Trino
- Zscaler Private Access (ZPA)
- 01 Sep 2024
- 1 Minute to read
- Print
- DarkLight
- PDF
Trino
- Updated on 01 Sep 2024
- 1 Minute to read
- Print
- DarkLight
- PDF
The PlainID Trino plugin is an access plugin to enable using the Platform's dynamic Policy-based authorization as part of any Trino query to receive data-filtering based on defined organization Authorization Policies. Essentially, for the column and row level of your database tables, you can determine access rights to all your users.
The PlainID Trino plugin is a System Access Control SPI responsible for intercepting Trino Authorization queries before they are executed and altering them according to the PlainID Policy Decision for a specific user.
The Platform offers unique support for database adaptive access using the policy resolution endpoint. This endpoint is designed to add/modify the SQL query the user tries to perform, so only authorized data is processed.
The PlainID Trino Plugin leverages the Policy Resolution endpoint to modify the Trino data selections granted or denied to users based on the Policies defined by the organization.
Trino Workflow
Usage Explanation
- The end user attempts to accesses the application
- The user is redirected to complete the authentication process on the IDP.
- The application / BI tool requests access to data through Trino.
- The Trino Authorizer requests an access decision from the Platform's PDP, which responds with a dynamically calculated access decision based on the policies configured within the Platform.
- The response is translated to a filtered data query.
- The original query is modified based on the Authorization Policy for the end user.