> ## Documentation Index
> Fetch the complete documentation index at: https://docs.ryft.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Starburst

<Note>
  Starburst access management is currently only supported with the [Polaris catalog](/lakehouse-management/access-management/polaris). RBAC is defined and enforced at the catalog level in Polaris - Starburst acts as a query engine that forwards user identity, while Polaris evaluates the access policies.
</Note>

## Setup

Starburst supports per-user identity forwarding to the Iceberg REST catalog via OAuth2 passthrough (see [Starburst OAuth2 passthrough docs](https://docs.starburst.io/latest/security/oauth2-passthrough.html)). Two configuration files need to be updated.

First, enable delegated OAuth2 authentication in `config.properties`:

```properties theme={null}
http-server.authentication.type=DELEGATED-OAUTH2
web-ui.authentication.type=DELEGATED-OAUTH2
```

Then configure the Polaris catalog properties file:

```properties theme={null}
connector.name=iceberg
iceberg.catalog.type=rest
iceberg.rest-catalog.uri=<polaris-host>/api/catalog
iceberg.rest-catalog.warehouse=<catalog-name>
iceberg.rest-catalog.security=OAUTH2
iceberg.rest-catalog.oauth2.server-uri=<polaris-host>/api/catalog/v1/oauth/tokens
iceberg.rest-catalog.oauth2.credential=<service-client-id>:<service-client-secret>
iceberg.rest-catalog.oauth2.scope=PRINCIPAL_ROLE:ALL
```