Hi Dmitri,

Regarding your comment in GG discussion " Currently, IIRC, Polaris will
assign credential policies based on what the user is *allowed* to do by the
Authorizer, meaning that even read-only requests (such as loadTable) will
return R/W credentials if the user is authorized to write. ", I did some
additional testing to better understand how Polaris vends credentials, and
my observations appear to differ from the previous response.

In my testing, (a user with both R/W permissions)

   - For a read operation ( loadTable), the inline session policy in the
   vended credentials contained only read permissions (e.g., s3:GetObject).
   - For a write operation, the inline session policy included write
   permissions (e.g., s3:PutObject).

Based on these observations, the vended credentials appear to be scoped to
the requested operation rather than what the user is allowed to do. Below
are the inline policies I captured in my testing.

*Write Operation*:

"policy":
"{\"Version\":\"2012-10-17\",\"Statement\":[
{\"Effect\":\"Allow\",\"Action\":[\"*s3:PutObject*\",\"*s3:DeleteObject*\"],
\"Resource\":\"arn:aws:s3:::<Bucket-Name>/<Catalog-Name>/tpcds/customer-5950b4cce9/*\"},

{\"Effect\":\"Allow\",\"Action\":\"s3:ListBucket\",
\"Resource\":\"arn:aws:s3:::<Bucket-Name>\",
\"Condition\":{\"StringLike\":{\"s3:prefix\":[\"<Catalog-Name>/tpcds/customer-5950b4cce9/*\"]}}},

{\"Effect\":\"Allow\",\"Action\":\"s3:GetBucketLocation\",
\"Resource\":\"arn:aws:s3:::<Bucket-Name>\"},

{\"Effect\":\"Allow\",\"Action\":[\"*s3:GetObject*
\",\"s3:GetObjectVersion\"],
\"Resource\":\"arn:aws:s3:::<Bucket-Name>/<Catalog-Name>/tpcds/customer-5950b4cce9/*\"}
]}"


*Read Operation:*

"policy":
"{\"Version\":\"2012-10-17\",\"Statement\":[
{\"Effect\":\"Allow\",\"Action\":\"s3:ListBucket\",
\"Resource\":\"arn:aws:s3:::<Bucket-Name>\",
\"Condition\":{\"StringLike\":{\"s3:prefix\":[\"<Catalog-Name>/tpcds/customer-5950b4cce9/metadata/*\"]}}},

{\"Effect\":\"Allow\",\"Action\":\"s3:GetBucketLocation\",
\"Resource\":\"arn:aws:s3:::<Bucket-Name>\"},

{\"Effect\":\"Allow\",\"Action\":[\"*s3:GetObject*
\",\"s3:GetObjectVersion\"],
\"Resource\":\"arn:aws:s3:::<Bucket-Name>/<Catalog-Name>/tpcds/customer-5950b4cce9/metadata/*\"}
]}"

Am I missing something?

Thanks,

Rajesh
On Tue, Jun 30, 2026 at 12:42 PM Dmitri Bourlatchkov <[email protected]>
wrote:

> Hi Rajesh,
>
> The current situation regarding vended credentials in federated catalogs
> has been explained in the linked GG discussion, I believe :)
>
> Re: future direction, you're part of the community too :)
>
> I wonder whether vended credential pass-through is something that is
> beneficial to your use cases... just trying to understand the situation
> better.
>
> Why would you want the "BU" catalog to control credential vending?
>
> Thanks,
> Dmitri,
>
> On Tue, Jun 30, 2026 at 11:37 AM Rajesh Bulleddula <
> [email protected]> wrote:
>
> > Following the discussion on GitHub,  starting a dev thread on credential
> > vending behavior in Apache Polaris catalog federation.
> >
> > https://github.com/apache/polaris/discussions/4929
> >
> > I am evaluating catalog federation behavior in a data lakehouse setup
> using
> > Apache Iceberg with Apache Polaris.
> >
> > Architecture:
> >
> >    - One central enterprise catalog
> >    - Multiple BU (Business Unit) level child catalogs federated into the
> >    central catalog
> >
> > Expected flow (based on my understanding):
> >
> >    - Client queries an Iceberg table through the central catalog
> >    - Central catalog forwards the request to the appropriate BU catalog
> >    after RBAC validation
> >    - BU catalog returns table metadata and vended credentials
> >    - Central catalog returns the BU catalog’s metadata and the same
> vended
> >    credentials back to the client
> >
> > Actual behavior observed:
> >
> >    - BU catalog does return metadata + vended credentials
> >    - Central catalog drops/ignores the BU-provided vended credentials
> >    - Central catalog generates new vended credentials and sends that to
> the
> >    client instead
> >
> > Question:
> >
> > What is the intended credential vending model for catalog federation?
> >
> > - Should the central catalog propagate the vended credentials returned by
> > the child catalog to the client (credential pass-through)?
> >
> > Or
> >
> > - Should the central catalog always generate and return its own vended
> > credentials, regardless of whether the child catalog has already vended
> > credentials?
> >
> > I'm interested in understanding the intended design philosophy for
> > federation and whether supporting vended credential pass-through is
> > something the community believes should be part of Polaris.
> >
> > --
> > Thanks & Regards,
> > Rajesh Bulleddula
> >
>


-- 
Thanks & Regards,
Rajesh Bulleddula
281-853-4723

Reply via email to