synint91 commented on issue #441:
URL: https://github.com/apache/polaris/issues/441#issuecomment-3742790997
Current implementation we use in Production (we have petabytes scale data
already in S3 which polaris is managing the catalog)
**Polaris Realm Type**: mixed
**External Realm**: Azure Entra ID (Entra ID federated users binded to group
claims to entra ID application for each principal role (data_engineers,
data_analysts, service_admin) (only nameClaimPath in polaris using preferred
username of user in Azure AD, and no idClaimPath considering Azure returns
uud's not compatible with NumericFields for principal id's in polaris database
schema).
**Internal Realm**: used to manually create principals syncing from Azure
groups, and binding them to associated principal roles.
**Polaris version** 1.2, with Postgres JDBC backend.
Couple of questions for this feature.
1. How is this new approach is interoperable with older mixed realm
approaches ?
2. Will enablement of these new features wont cause any corruption or
duplication of record entities inside meta database ?
For example, if I have a principal manually created using internal realm
that resembles actual user lets say [email protected] (principalname) in service
admin Azure group mapped to service_admin principal role inside polaris,. I
expect this new feature of new principal creation wont create duplicate records
for same principal name --> [email protected], and should map to older principal
already existing in meta database.
Would highly appreciate this feature to support interoperability, or
migration guidance with older approaches. of mixed realm
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
