Howdy Graeme, Personally, I think this would be a very interesting enhancement for Polaris. Right now, I do not believe that there has been much thought given to this area yet, but there have been a few things on our "discussed backlog" [1] such as attribute-based access control which would benefit from something like this.
In terms of why this is interesting, I have seen several providers starting to offer permissions as policies. It helps security professionals audit and ensure that the right privileges are given to the right folks. As organizations scale, having this as a configuration file makes building compliance tooling much easier. For example, I know that some people have found Cedar [2] as a useful standard since it allows for both RBAC & ABAC. It was open-sourced in 2023 under the Apache 2.0 License and it seems to have a robust ecosystem around it. [1] - https://github.com/apache/polaris/discussions/1028 [2] - https://www.cedarpolicy.com/en Cheers, Adam On Tue, Sep 23, 2025 at 11:30 AM Graeme Hendrickson <[email protected]> wrote: > Hi folks, > > One of the things that’s been a little painful for us operating Polaris is > configuring new catalogs or ensuring that a catalog has the roles and > grants configured that we expect. Has there been any interest or thought > put into an idempotent “apply” action for principal roles, catalog roles, > and privilege grants based on some sort of configuration file? If not, is > that something that’s interesting to this group? > > Cheers, > Graeme >
