Hi Dmitri,
Regarding your comment in GG discussion " Currently, IIRC, Polaris will
assign credential policies based on what the user is *allowed* to do by the
Authorizer, meaning that even read-only requests (such as loadTable) will
return R/W credentials if the user is authorized to write. ", I did some
additional testing to better understand how Polaris vends credentials, and
my observations appear to differ from the previous response.
In my testing, (a user with both R/W permissions)
- For a read operation ( loadTable), the inline session policy in the
vended credentials contained only read permissions (e.g., s3:GetObject).
- For a write operation, the inline session policy included write
permissions (e.g., s3:PutObject).
Based on these observations, the vended credentials appear to be scoped to
the requested operation rather than what the user is allowed to do. Below
are the inline policies I captured in my testing.
*Write Operation*:
"policy":
"{\"Version\":\"2012-10-17\",\"Statement\":[
{\"Effect\":\"Allow\",\"Action\":[\"*s3:PutObject*\",\"*s3:DeleteObject*\"],
\"Resource\":\"arn:aws:s3:::<Bucket-Name>/<Catalog-Name>/tpcds/customer-5950b4cce9/*\"},
{\"Effect\":\"Allow\",\"Action\":\"s3:ListBucket\",
\"Resource\":\"arn:aws:s3:::<Bucket-Name>\",
\"Condition\":{\"StringLike\":{\"s3:prefix\":[\"<Catalog-Name>/tpcds/customer-5950b4cce9/*\"]}}},
{\"Effect\":\"Allow\",\"Action\":\"s3:GetBucketLocation\",
\"Resource\":\"arn:aws:s3:::<Bucket-Name>\"},
{\"Effect\":\"Allow\",\"Action\":[\"*s3:GetObject*
\",\"s3:GetObjectVersion\"],
\"Resource\":\"arn:aws:s3:::<Bucket-Name>/<Catalog-Name>/tpcds/customer-5950b4cce9/*\"}
]}"
*Read Operation:*
"policy":
"{\"Version\":\"2012-10-17\",\"Statement\":[
{\"Effect\":\"Allow\",\"Action\":\"s3:ListBucket\",
\"Resource\":\"arn:aws:s3:::<Bucket-Name>\",
\"Condition\":{\"StringLike\":{\"s3:prefix\":[\"<Catalog-Name>/tpcds/customer-5950b4cce9/metadata/*\"]}}},
{\"Effect\":\"Allow\",\"Action\":\"s3:GetBucketLocation\",
\"Resource\":\"arn:aws:s3:::<Bucket-Name>\"},
{\"Effect\":\"Allow\",\"Action\":[\"*s3:GetObject*
\",\"s3:GetObjectVersion\"],
\"Resource\":\"arn:aws:s3:::<Bucket-Name>/<Catalog-Name>/tpcds/customer-5950b4cce9/metadata/*\"}
]}"
Am I missing something?
Thanks,
Rajesh
On Tue, Jun 30, 2026 at 12:42 PM Dmitri Bourlatchkov <[email protected]>
wrote:
> Hi Rajesh,
>
> The current situation regarding vended credentials in federated catalogs
> has been explained in the linked GG discussion, I believe :)
>
> Re: future direction, you're part of the community too :)
>
> I wonder whether vended credential pass-through is something that is
> beneficial to your use cases... just trying to understand the situation
> better.
>
> Why would you want the "BU" catalog to control credential vending?
>
> Thanks,
> Dmitri,
>
> On Tue, Jun 30, 2026 at 11:37 AM Rajesh Bulleddula <
> [email protected]> wrote:
>
> > Following the discussion on GitHub, starting a dev thread on credential
> > vending behavior in Apache Polaris catalog federation.
> >
> > https://github.com/apache/polaris/discussions/4929
> >
> > I am evaluating catalog federation behavior in a data lakehouse setup
> using
> > Apache Iceberg with Apache Polaris.
> >
> > Architecture:
> >
> > - One central enterprise catalog
> > - Multiple BU (Business Unit) level child catalogs federated into the
> > central catalog
> >
> > Expected flow (based on my understanding):
> >
> > - Client queries an Iceberg table through the central catalog
> > - Central catalog forwards the request to the appropriate BU catalog
> > after RBAC validation
> > - BU catalog returns table metadata and vended credentials
> > - Central catalog returns the BU catalog’s metadata and the same
> vended
> > credentials back to the client
> >
> > Actual behavior observed:
> >
> > - BU catalog does return metadata + vended credentials
> > - Central catalog drops/ignores the BU-provided vended credentials
> > - Central catalog generates new vended credentials and sends that to
> the
> > client instead
> >
> > Question:
> >
> > What is the intended credential vending model for catalog federation?
> >
> > - Should the central catalog propagate the vended credentials returned by
> > the child catalog to the client (credential pass-through)?
> >
> > Or
> >
> > - Should the central catalog always generate and return its own vended
> > credentials, regardless of whether the child catalog has already vended
> > credentials?
> >
> > I'm interested in understanding the intended design philosophy for
> > federation and whether supporting vended credential pass-through is
> > something the community believes should be part of Polaris.
> >
> > --
> > Thanks & Regards,
> > Rajesh Bulleddula
> >
>
--
Thanks & Regards,
Rajesh Bulleddula
281-853-4723