collado-mike opened a new issue, #363: URL: https://github.com/apache/polaris/issues/363
### Is your feature request related to a problem? Please describe. By default, a principal that has a `catalog_admin` role in a catalog cannot list principal roles using the API. The `catalog_admin`'s responsibility is managing privileges and access to the catalog roles in a catalog. After fixing https://github.com/apache/polaris/issues/359 , the `catalog_admin` has the ability to grant a catalog role to a principal role, but has no ability to see the list of available principal roles. This may be ok for cases where a principal has both the `service_admin` and the `catalog_admin` roles, but if there's an enforced separation, the lack of privilege to list principal roles is a hindrance. ### Describe the solution you'd like The authorization model typically requires a catalog to be in the scope of a request in order to detect that user has `catalog_admin` on the specified catalog. However, PrincipalRoles are not tied to a catalog, so it's difficult for the current authorization workflow to know if the current user does have admin privilege on any catalog. We can consider a separate API, where the `/principal_roles` endpoint is prefixed by catalog, but that feels cumbersome - especially if the caller is an admin on multiple catalogs. A more likely solution would be to manage a special PrincipalRole that has limited privileges on PrincipalRoles (and possibly Principals) that a user is automatically added to when granted `catalog_admin`. ### Describe alternatives you've considered _No response_ ### Additional context _No response_ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
