Thanks for working on this. I did one pass. Left some comments. One important thing missing in the PR is how it supports the existing realm. The new role (`catalog_role_manager`) is created only during bootstrap, and re-bootstrap is rejected for existing realms. The runtime silently skips the feature when the role is missing, so upgraded deployments will never get it. We need a migration path that creates the role on startup if absent, without requiring a full realm purge.
Yufei On Mon, Mar 23, 2026 at 10:19 AM Dmitri Bourlatchkov <[email protected]> wrote: > Linking old dev thread for reference: > https://lists.apache.org/thread/ws0blghsv8jl9rbwpgfgcbzjs7d38242 > > On 2026/03/23 17:17:51 Dmitri Bourlatchkov wrote: > > Hi All, > > > > Vignesh opened PR [3852] on Feb 20. > > > > This PR affects Polaris' internal RBAC. > > > > I personally do not have enough context in the internal RBAC use case to > be > > able to reason about possible adverse effects. > > > > Michael, Dennis: Please review this PR, if possible. > > > > From my side, I do not see any reason against merging this PR. > > > > I propose giving it a few more days in review and then merging. > > > > [3852] https://github.com/apache/polaris/pull/3852 > > > > Thanks, > > Dmitri. > > >
