Hey folks I wanted to raise awareness of a small change in the privilege model in #3906. Currently, the catalog_admin role in a given catalog has privileges to grant a Catalog Role to any Principal Role. However, the catalog_admin role by itself is not enough to revoke that Catalog Role. Instead, the privilege model requires the user has both the catalog_admin role and also the privilege to manage grants for principal roles (typically, the service_admin). In effect, this means that the service_admin role has to have catalog_admin privileges on every catalog or catalog roles can't be revoked once they were granted.
The change in my PR removes the requirement to manage grants on the principale role so that the grant and revoke actions are symmetrical and require the same privilege - CATALOG_MANAGE_ACCESS on the target catalog. Unless there are objections, I'd like to merge this PR in the next couple of days. Please let me know if there are any concerns. https://github.com/apache/polaris/pull/3906 Mike
