-
Notifications
You must be signed in to change notification settings - Fork 101
-
Notifications
You must be signed in to change notification settings - Fork 101
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[FEATURE REQUEST]Service Connection Per namespace in a catalog #194
Comments
I'm not sure I understand completely, but you can create the For example, you can create catalog roles like |
Thanks . Creating catalog roles per namespace should help take care of our usecases. Are there any limits to the number of principal roles, catalog roles and catalog per polaris instance or per catalog. |
I don't think there will be limitations on these numbers. cc @dennishuo @collado-mike @eric-maynard for more details. |
@flyrain I was able to use your suggestion and create catalog role per namespace and then map it later to a principal role and service principal. I am using Snowflake managed polaris to create all the desired configurations. Do you have any idea how I could get the service admin credentials. I want to use APIs to create catalog ,namespace and other polaris related configurations but the only way I am able to do that is get the token from the network tab and use that to invoke APIs. |
Hey @chetan-habu, if you have questions about a vendor-managed offering please reach out to that vendor. With Apache Polaris, you can view the root credentials during bootstrapping. |
Snowflake's Polaris doesn't yet let you do this, but the functionality exists in the OSS project. Unsure when the feature will be released in the managed Polaris offering. |
Thanks team. Can you help provide some more insights to the following questions if any.
We plan to create a catalog and then namespaces are our logical grouping . Each namespace would be associated with a catalog role which allows access to the namespace tables only. the catalog role will have an associated service principal. We would leverage the apis from the documentation to create the whole piece and hence the ask on the limits . |
Is your feature request related to a problem? Please describe.
Restrict access to tables in a namespace to a service connection
Describe the solution you'd like
I want to create one catalog and multiple child namespaces under a parent namespace. Each namespace will have their own service connection and individual service connection can only talk to catalog data in the namespace.
Describe alternatives you've considered
I would have to create a catalog ,namespace and service connection inorder to provide limited access to a single service connection
Additional context
No response
The text was updated successfully, but these errors were encountered: