Trino authorization, row masking, and policy translation at runtime

TL;DR: Trino authorization requests can be translated into Cerbos policy checks, enriched with identity attributes, and returned as table access, row filters, and column masks in the format Trino expects, according to Cerbos. The real change is governance, not convenience: authorization becomes portable, auditable, and attribute-driven across systems that do not share a common policy protocol.

NHIMG editorial — based on content published by Cerbos: Synapse orchestration for Trino authorization, row filtering, and column masking

Questions worth separating out

Q: How should security teams govern authorization when applications do not speak the same policy protocol?

A: Use a central policy model with protocol adapters, but assign explicit ownership for the translation layer, the policy store, and the identity attributes feeding decisions.

Q: Why do identity attributes matter so much in row-level security and column masking?

A: Because the policy engine often needs more context than the application request contains.

Q: What do teams get wrong when they centralise policy for analytics platforms?

A: They often focus on the policy syntax and ignore the lifecycle around it.

Practitioner guidance

• Map every protocol bridge to a governance owner Document which team owns the translation layer, the policy source, and the attribute source for each system that consumes external authorization decisions.
• Validate identity attributes before using them in policy Check that department, role, clearance, and similar attributes are sourced from a trusted identity provider and refreshed at decision time.
• Test all three authorization outcomes separately Create test cases for allow or deny decisions, row filters, and column masks so each output is validated independently before deployment.

What's in the full article

Cerbos' full article covers the operational detail this post intentionally leaves for the source:

• The exact Trino OPA request and response shapes used during query execution
• Policy snippets for access control, row filters, and column masks in Cerbos format
• The full walkthrough of how Synapse enriches principals with identity-provider attributes
• The operational flow for distributing, testing, and auditing policies through Cerbos Hub

👉 Read Cerbos' walkthrough of Synapse for Trino policy orchestration →

Trino authorization, row masking, and policy translation at runtime?

Explore further

View Full Forum →  |  NHI Foundation Course →