Who donated Apache Polaris to the ASF?

Snowflake donated the Polaris catalog codebase to the Apache Software Foundation in June 2024, where it entered the Apache Incubator. This made Polaris a vendor-neutral, community-governed open-source project under ASF governance.

How does Apache Polaris differ from Project Nessie?

Both implement the Iceberg REST Catalog spec, but differ in capabilities: Polaris focuses on multi-principal access control, credential vending, and catalog federation (connecting external catalogs). Nessie adds Git-like branching and tagging semantics. Organizations can choose based on whether they prioritize governance (Polaris) or data versioning workflows (Nessie).

Apache Polaris: The Definitive Guide

Q: What is Apache Polaris?

Apache Polaris is an open-source, ASF-governed implementation of the Apache Iceberg REST Catalog specification. It was created by Snowflake and donated to the Apache Software Foundation in 2024. Polaris provides namespace management, table registration, RBAC access control, and credential vending for Iceberg tables.

What Is Apache Polaris?

Apache Polaris is an open-source Iceberg REST Catalog implementation governed by the Apache Software Foundation. Created by Snowflake as the catalog backend for Snowflake's Iceberg tables, Polaris was donated to the ASF in June 2024, making it the community-governed, vendor-neutral reference implementation of the REST catalog specification.

Polaris provides the full Iceberg REST Catalog API surface — namespace management, table CRUD, metadata loading, transaction commits, and OAuth2 token-based authentication — along with enterprise-grade features: role-based access control (RBAC) for fine-grained principal permissions, credential vending (returning short-lived cloud storage credentials alongside table metadata), and catalog federation (connecting external Hive or Iceberg catalogs as read-only federated sources).

Any engine implementing the Iceberg REST catalog client — Apache Spark, Trino, Apache Flink, PyIceberg, Dremio — can connect to Apache Polaris and interact with tables registered in its catalog. This makes Polaris the neutral catalog layer in a multi-engine lakehouse.

Polaris Architecture

Apache Polaris has three architectural layers:

REST API Layer

The Iceberg REST Catalog API endpoints — fully compliant with the specification. Clients authenticate with OAuth2 bearer tokens and call standard REST endpoints for all catalog operations.

Catalog Management Layer

Internal catalog state management: namespace hierarchy, table metadata tracking, principal and role definitions, and access policy evaluation. Polaris stores catalog state in a persistent backend (Postgres, etc.).

Storage Integration Layer

Polaris integrates with cloud storage providers to generate short-lived, scoped credentials. When a client loads a table, Polaris returns temporary S3, ADLS, or GCS credentials scoped to the table's storage prefix — ensuring neither the client nor a long-lived credential has broad storage access.

Apache Polaris Iceberg Catalog Ecosystem diagram — Figure 1: Apache Polaris in the Iceberg catalog ecosystem — the ASF-governed REST catalog connecting all engines.

Polaris RBAC and Access Control

Apache Polaris implements a comprehensive role-based access control model for Iceberg catalog resources:

Principals: Human users or service accounts (query engines, ETL jobs) that authenticate with Polaris
Principal Roles: Named collections of permissions that can be assigned to principals
Catalog Roles: Roles scoped to a specific catalog with permissions on namespaces and tables
Privileges: Specific allowed operations — TABLE_READ_DATA, TABLE_WRITE_DATA, NAMESPACE_CREATE, CATALOG_MANAGE_METADATA, etc.

This RBAC model enforces access control at the catalog API layer — consistently, regardless of which engine is connecting. A principal without TABLE_READ_DATA privilege cannot load table metadata, even if they have direct cloud storage credentials.

Catalog Federation in Polaris

A distinctive Polaris feature is catalog federation: the ability to register external Hive Metastore or other Iceberg catalogs as read-only federated sources within Polaris. This allows organizations to present a unified Polaris catalog namespace that spans both Polaris-native tables and tables from legacy Hive Metastore — without migrating or copying data.

Federation is a practical migration path: teams can begin registering new tables in Polaris while continuing to access legacy Hive tables through the federated view. Over time, tables can be migrated to Polaris-native registration as migration bandwidth allows.

Polaris Catalog Federation diagram — Figure 2: Polaris catalog federation — unified view across Polaris-native and legacy Hive Metastore tables.

Summary

Apache Polaris is the ASF's answer to the question of what the community-governed, vendor-neutral Iceberg catalog should look like. Its comprehensive RBAC model, credential vending, and catalog federation capabilities make it a production-grade catalog for organizations that need enterprise governance without vendor lock-in. Combined with Apache Iceberg's table format and any compliant query engine, Polaris completes the open lakehouse stack.