Could an administrator implement this two-step process by first creating the catalog and granting themself " CATALOG_MANAGE_CONTENT " before doing any other grants?
--EM On Mon, Oct 13, 2025 at 10:25 AM Jean-Baptiste Onofré <[email protected]> wrote: > Hi Dmitri > > That's a good point. > Imho, we should have a two step approach for catalog creation: first > create the "abstract" entity, and then all permission, etc. > > Regards > JB > > On Thu, Sep 25, 2025 at 5:36 PM Dmitri Bourlatchkov <[email protected]> > wrote: > > > > Hi All, > > > > Our feature flags code supports setting flags per catalog [1]. However > when > > dealing with catalog creation, it may be necessary to check those flags > too. > > > > This creates a chicken and egg problem where certain flags that apply to > > catalogs (e.g. ALLOW_SETTING_S3_ENDPOINTS) can only be set per realm. > > > > Would it make sense to allow a two phase approach to creating catalogs > > where > > 1) a catalog object is created as an empty shell (ID + name) > > 2) An admin user adjusts feature flags / permissions > > 3) A regular user sets catalog config properties > > > > Any other thoughts / suggestions on this matter? > > > > [1] > > > https://github.com/apache/polaris/blob/453e9fb19aaad48f8c46ef4ffe3d516df62e4706/polaris-core/src/main/java/org/apache/polaris/core/config/PolarisConfiguration.java#L167 > > > > Thanks, > > Dmitri. >
