Hi R.J., Another point to consider: Polaris may need access to storage from async / background tasks [1].
This probably needs some thought too in the context of using API user's credentials for storage access. The critical point here is that although all tasks run in the same JVM now, they may become distributed later [2]. It is relevant to "DROP TABLE PURGE" requests, but may be needed in other contexts too (I'm not completely up-to-date on this code). [1] https://github.com/apache/polaris/blob/d03c7174ccf6771a0673e02b5e6d691d6cca9419/runtime/service/src/main/java/org/apache/polaris/service/task/TaskExecutorImpl.java#L58 [2] https://lists.apache.org/thread/gg0kn89vmblmjgllxn7jkn8ky2k28f5l Cheers, Dmitri. On Fri, Nov 21, 2025 at 9:58 AM Arsenault, Reginald P. via dev < [email protected]> wrote: > UNCLASSIFIED / NON CLASSIFIÉ > > Thanks for the initial guidance Dmitri! I've gotten as far as configuring > the class to handle either use-case, but I can't for the life of me find > anything that will allow me to get a users token! Getting the > securityContext into the AwsCredentialsStorageIntegration is rather easy, > but the securityContext can't provide a token for the user. Does anyone > have any suggestions for how to actually get the requesting users token? > Here's my rough draft so far - > https://github.com/cccs-cat001/polaris/commit/7d212033145a0a3f1dd3fa7137b35ace114bfcfc > > Thanks, > R.J. >
