[DISCUSS] Add CATALOG_READ_DATA privilege

vemula praneeth Thu, 05 Mar 2026 11:20:20 -0800

Hi dev,

I've submitted PR #3927 (https://github.com/apache/polaris/pull/3927)
which adds a new catalog-level privilege CATALOG_READ_DATA (code 103).


Motivation:
Currently, granting read-only access to a data analyst across an entire
catalog requires individually granting TABLE_READ_DATA on every table.
CATALOG_READ_DATA is a single catalog-level grant that subsumes:
  - TABLE_READ_DATA, TABLE_LIST, TABLE_READ_PROPERTIES
  - NAMESPACE_LIST, NAMESPACE_READ_PROPERTIES
  - VIEW_LIST, VIEW_READ_PROPERTIES

It fits naturally between CATALOG_MANAGE_METADATA (no data access)
and CATALOG_MANAGE_CONTENT (full access), filling a gap for read-only
analyst principals.

Feedback welcome!

Regards,
Praneeth

[DISCUSS] Add CATALOG_READ_DATA privilege

Reply via email to