Ryft provides a single control plane for managing permissions across all query engines that read and write your Iceberg tables - Trino, Snowflake, Athena, and others. Rather than configuring grants separately in each engine, you define access policies once in Ryft - in terms of IdP groups, not individual users. Ryft continuously reconciles these policies with every connected engine, keeping access controls consistent as your data and teams evolve.Documentation Index
Fetch the complete documentation index at: https://docs.ryft.io/llms.txt
Use this file to discover all available pages before exploring further.
Policy Scope
- Catalog - applies to all tables (including future ones) within that catalog
- Namespace - applies to all tables (including future ones) within that namespace and expands catalog-level policies
- Table - applies to a specific table and expands namespace-level policies
Security Considerations
All grant and policy changes are applied exclusively through the Ryft data plane. The control plane only reads the current state to detect drift - it never writes to any engine directly.Access management is currently additive-only - it applies grants defined in its policies but does not revoke grants that were set outside of Ryft. Engine-native permissions configured independently remain in place.