Hi Kostas, Thank you for the PR and for opening this discussion thread!
I'm not against the proposed new metric tag, but I want to ensure everyone understands the potential consequences. Firstly, there's a risk of exposing sensitive information, specifically the principal name, within metric tags. Currently, this risk is minor because the principal name is internal to Polaris and isn't considered Personally Identifiable Information (PII) – at least that's my interpretation. However, this could change significantly in the future once federated principals are fully integrated into Polaris, as principal names could be things like personal emails. Secondly, there is the risk of server OOM due to high cardinality metric tags. We had a similar discussion back in May about the "realm_id" metric tag [1]. While I note your proposal to add the principal name only to API metrics (and not HTTP metrics), which is a reasonable choice, I'm concerned that enabling both this new tag and the existing "realm_id" tag in those metrics could amplify the potential for DoS attacks. For instance, a deployment with 100 realms and 1000 principals would likely be at risk. Again, I'm not against the idea. However, I wonder if we shouldn't implement a production readiness check to prevent users from accidentally deploying a risky configuration. Wdyt? Thanks, Alex [1]: https://lists.apache.org/thread/41y94pgzwgyff159tmo6kx5y8r6d0tgb On Tue, Aug 26, 2025 at 5:33 AM Kostas Zoumpatianos <kostas.zoumpatia...@fivetran.com.invalid> wrote: > > Hi team, > > I recently opened a PR that optionally adds the user principal name as a > tag in metrics. This is useful for tracing API calls back to individual > users. > > I understand that this can potentially expose information that people might > not want to necessarily expose, so this is why I set it to `false` by > default. > > I am raising visibility on this with this email. > > This is the associated issue: https://github.com/apache/polaris/issues/2444 > and the associated PR: https://github.com/apache/polaris/pull/2445 > > Best regards, > Kostas
