Secure catalogs

When you secure a catalog, you define the actions that a user can perform against the catalog. The catalog administrator secures a catalog.

To secure a catalog, the catalog administrator first grants privileges to the catalog by creating a catalog role. Next, to allow the catalog role’s privileges to be bestowed to a service principal when you create a new service connection, the catalog administrator grants the catalog role to a principal role.

Step 1 (Optional): Create principal roles

You can create principal roles, if needed, to logically group Polaris Catalog™ service principals together. For more information about principal roles, including examples, see Principal role.

To create a principal role, follow these steps:

  1. Sign in to Polaris Catalog.

  2. From the menu on the left, select Connections.

  3. Select the Roles tab.

  4. Select + Principal role.

  5. Enter a Name for the principal role and select Create.

Step 2: Grant privileges to a catalog

To grant privileges to a catalog, create a catalog role. You can grant privileges on:

  • The catalog

  • The catalog namespaces

  • The catalog tables

  • The catalog views

Polaris Catalog supports a many-to-many relationship between catalog roles and principal roles. You could grant privileges to a catalog that apply to a group of users and name the catalog role accordingly (for example, “Catalog readers”). For more information about catalog roles, see Catalog role.

Note

If you update the privileges bestowed to a service principal, the updates won’t take effect for up to one hour. This means that if you revoke or grant some privileges for a catalog, the updated privileges won’t take effect on any service principal with access to that catalog for up to one hour.

To grant privileges to a catalog by creating a catalog role, follow these steps:

  1. Sign in to Polaris Catalog.

  2. From the menu on the left, select Catalogs.

  3. From the list of catalogs, select the catalog for which you want to grant privileges.

  4. From the Catalog Details tab, in the Catalog Roles section, select + Catalog Role.

  5. In the New Catalog Role dialog, fill in the fields:

    1. In the Name field, enter a name for the catalog role. Important

      Catalog role names are case sensitive.

    2. In the Privileges field, select the privileges to grant on the catalog. For a description of the available privileges, see Access control privileges.

    3. If you need to grant additional privileges to the catalog, repeat the previous step.

    4. Select Create.

Step 3: Grant a catalog role to a principal role

Grant a catalog role to a principal role to bestow the catalog role’s privileges to the service principal(s) that the principal role is granted to. For more information about principal roles and service principals, see Principal role and Service principal.

To grant a catalog role to a principal role, follow these steps:

  1. Sign in to Polaris Catalog.

  2. From the menu on the left, select Catalogs.

  3. From the list of catalogs, select the catalog for which you want to grant a catalog role to a principal role.

  4. From the Catalog Details tab, in the Principal Roles Granted section, select Grant to Principal role.

  5. From the Grant Catalog Role dialog, fill in the fields:

    1. In the Catalog role to grant field, select the catalog role you created.

    2. In the Principal role to receive grant field, select the principal role that is granted to the service principal to which you want to grant the catalog privileges.

    3. Select Grant.

Language: English