collado-mike opened a new issue, #359: URL: https://github.com/apache/polaris/issues/359
### Is this a possible security vulnerability? - [X] This is NOT a possible security vulnerability ### Describe the bug The `catalog_admin` catalog role is intended to manage access privileges within a given catalog. The `catalog_admin` can create CatalogRoles and grant those roles privileges. However, as is, the `catalog_admin` cannot grant those CatalogRoles to PrincipalRoles. The `service_admin` principal role manages Principals and PrincipalRoles, but is intended to be distinct from the `catalog_admin` in that the `service_admin` cannot grant privileges to catalog-level entities. This includes granting CatalogRoles to PrincipalRoles. Thus, the only way to grant PrincipalRoles to catalog-level entities is for the `service_admin` to also be the `catalog_admin` for every catalog. This defeats the entire purpose of keeping these roles separate, which was to allow admins to separate responsibilities and prevent a single set of credentials from having the ability to access all data in any catalog within a realm. ### To Reproduce 1. As `service_admin`, create a Catalog and grant the `catalog_admin` role to another PrincipalRole 2. As a member of this PrincipalRole, create a CatalogRole and attempt to grant it to a third PrincipalRole ### Actual Behavior _No response_ ### Expected Behavior _No response_ ### Additional context _No response_ ### System information _No response_ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
