singhpk234 commented on code in PR #2280: URL: https://github.com/apache/polaris/pull/2280#discussion_r2544215906
########## CHANGELOG.md: ########## @@ -36,6 +36,14 @@ request adding CHANGELOG notes for breaking (!) changes and possibly other secti [Iceberg Metrics Reporting]: https://iceberg.apache.org/docs/latest/metrics-reporting/ +- **S3 remote request signing** has been added, allowing Polaris to work with S3-compatible object storage systems. + *Remote signing is currently experimental and not enabled by default*. In particular, RBAC checks are currently not + production-ready. One new table privilege was introduced: `TABLE_REMOTE_SIGN`. To enable remote signing: + 1. Set the system-wide property `REMOTE_SIGNING_ENABLED` or the catalog-level `polaris.request-signing.enabled` + property to `true`. + 2. Grant the `TABLE_REMOTE_SIGN` privilege to a catalog role. The role must also be granted the `TABLE_READ_DATA` + and `TABLE_WRITE_DATA` privileges. Review Comment: It seems like either READ or WRITE works but the CHANGELOG gives an impression both is required ? should we update the wording ? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
