Skip to Content
Data SourcesConnect Trino

Connect Trino

Prerequisites

  • You have Trino coordinator connection details (Host, Port, Catalog, Username, optional Password).
  • You can create or use a dedicated Trino identity for Skoot.
  • The user has USAGE and SELECT access for the schemas and tables you want Skoot to query.
  • The user can read metadata from information_schema for schema discovery.

Set Inputs (Use Your Values)

  • CATALOG: Catalog Skoot should query (for example hive, iceberg, delta_lake).
  • TRINO_USER: User Skoot authenticates as (for example skoot_readonly_user).
  • TRINO_ROLE: Role you grant read permissions to (for example skoot_readonly_role).

Step 1 — Create the Trino User Identity

Trino does not create users with SQL. Create TRINO_USER in your Trino authentication system:

  • Password-file auth: add user to your password database.
  • LDAP/OIDC/Kerberos/JWT: create or map the principal in your identity provider.
  • Local dev Trino without password auth: use any valid username (for example trino).

Use a dedicated identity for Skoot instead of a shared analyst login.

Step 2 — Create and Assign the Role (If Supported)

Create TRINO_ROLE and assign it to TRINO_USER in your target catalog.

CREATE ROLE skoot_readonly_role IN hive;
GRANT skoot_readonly_role TO USER skoot_readonly_user IN hive;

If your connector or access-control model does not support SQL role management, skip this step and grant privileges directly to the user in Step 3.

Step 3 — Grant Read-Only Permissions

Grant read-only permissions at schema scope (recommended), or table scope (stricter):

-- Example for catalog "hive" and schema "analytics"
GRANT SELECT ON SCHEMA hive.analytics TO ROLE skoot_readonly_role;
 
-- Or, if you skipped role creation:
GRANT SELECT ON SCHEMA hive.analytics TO USER skoot_readonly_user;
 
-- Optional stricter table-level grants:
-- GRANT SELECT ON TABLE hive.analytics.orders TO ROLE skoot_readonly_role;

If your deployment enforces authorization through an external system (for example Ranger, Lake Formation, or connector-native ACLs), apply equivalent read-only rules there instead of SQL grants.

Step 4 — Verify Access as the Skoot User

Run these as TRINO_USER to validate that Skoot can discover and query data:

SELECT table_schema, table_name
FROM hive.information_schema.tables
WHERE table_schema = 'analytics'
LIMIT 20;
 
SELECT * FROM hive.analytics.some_table LIMIT 1;

Step 5 — Ensure Metadata Discovery Access

Skoot discovers schema by reading these metadata views:

  • <catalog>.information_schema.schemata
  • <catalog>.information_schema.tables
  • <catalog>.information_schema.columns

If connection tests succeed but schema is empty, verify the read-only identity can query those views in your selected catalog.

Step 6 — Optional: IP Whitelisting

This step is optional. Use it only if your Trino deployment is protected by network allowlists.

If needed, allowlist Skoot public egress IP from Data Sources  in your network/security layer.

Connect in Skoot App

After Trino setup is complete:

  1. Click Trino in Available Data Sources section Trino Connection .
  2. Fill these fields exactly:
    • Connection Name
    • Host
    • Port
    • Catalog
    • Username
    • Password (optional)
    • Use SSL
    • Query Timeout (ms) (minimum 1000)
  3. Save the connection.
  4. Confirm status is Connected.
Last updated on
Connect AWS AthenaConnect Postgres