3.5 Webinar Q&A Recap: StarRocks Security, Iceberg Support, and More
Some additional information in one line
Publish date: Aug 5, 2025 8:30:00 AM
Thanks to everyone who joined our StarRocks 3.5 webinar! We received great questions from the audience—here’s a quick summary of some of the questions asked and our answers:
Is automatic global dictionary creation only supported for Parquet files?
Yes, currently it only supports Parquet files.
Does StarRocks support row-level security using LDAP + Ranger?
Yes, if you're using Apache Ranger for authorization, row-level security is supported when combined with LDAP-based authentication.
Can I use the groups or roles claim from a JWT or Access Token for group-based authorization?
If you're using StarRocks with JWT-based login and want to implement group-based authorization, you need to:
-
Continue using JWT for authentication;
-
Configure a Group Provider (LDAP or File is recommended);
-
Define authorization policies in Apache Ranger based on user groups.
Read the docs: https://docs.starrocks.io/docs/best_practices/authentication_authorization/#group-provider-optional-but-recommended
When will UPDATE/DELETE be supported in Iceberg Catalog?
This feature is on the roadmap for end of this year. You can expect to see initial capabilities roughly six months after that, it’s part of a longer-term plan.
If using OAuth2 with Azure, is there a way to map Azure Enterprise Application roles to StarRocks roles?
It depends on how Azure is configured:
-
If Azure can expose a standard LDAP interface or can integrate at the Unix group level, then role mapping is possible.
-
As a fallback, you can always use the File Group Provider to define role mappings manually.
Let us know if you have more questions—we’re always happy to dive deeper. Join the StarRocks slack channel here: https://starrocks.io/redirecting-to-slack
