Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.ryft.io/llms.txt

Use this file to discover all available pages before exploring further.

Starburst access management is currently only supported with the Polaris catalog. RBAC is defined and enforced at the catalog level in Polaris - Starburst acts as a query engine that forwards user identity, while Polaris evaluates the access policies.

Setup

Starburst supports per-user identity forwarding to the Iceberg REST catalog via OAuth2 passthrough (see Starburst OAuth2 passthrough docs). Two configuration files need to be updated. First, enable delegated OAuth2 authentication in config.properties: 
http-server.authentication.type=DELEGATED-OAUTH2
web-ui.authentication.type=DELEGATED-OAUTH2
Then configure the Polaris catalog properties file: 
connector.name=iceberg
iceberg.catalog.type=rest
iceberg.rest-catalog.uri=<polaris-host>/api/catalog
iceberg.rest-catalog.warehouse=<catalog-name>
iceberg.rest-catalog.security=OAUTH2
iceberg.rest-catalog.oauth2.server-uri=<polaris-host>/api/catalog/v1/oauth/tokens
iceberg.rest-catalog.oauth2.credential=<service-client-id>:<service-client-secret>
iceberg.rest-catalog.oauth2.scope=PRINCIPAL_ROLE:ALL