How does RBAC work in Apache Polaris?

Apache Polaris implements RBAC through a hierarchy: Principals (users or service accounts) are assigned Principal Roles. Catalog Roles are defined with specific privileges (TABLE_READ, TABLE_WRITE, NAMESPACE_CREATE, etc.) on specific catalog resources. Catalog Roles are granted to Principal Roles. This two-tier model allows flexible, granular permission assignment across catalog resources.

Why is catalog-level RBAC better than storage-level RBAC?

Catalog-level RBAC (enforced in Polaris or Dremio Open Catalog) is engine-agnostic — permissions apply regardless of which engine queries the data. Storage-level RBAC (IAM + S3 bucket policies) is unaware of table structure and cannot enforce table or column-level access. Catalog RBAC enables fine-grained, table-level governance while credential vending ensures engines receive only the storage permissions needed for authorized tables.

Role-Based Access Control (RBAC): The Definitive Guide for Data Lakehouse

Q: What is RBAC in the data lakehouse?

Role-Based Access Control (RBAC) in the data lakehouse is a permission model where access rights (read, write, manage) to data assets (catalogs, namespaces, tables, columns) are assigned to named roles, and users or service accounts are then assigned to those roles. RBAC is more manageable than user-level permissions at scale — adding a new analyst means assigning them to existing roles rather than granting individual permissions.

What Is RBAC?

Role-Based Access Control (RBAC) is the governance model where permissions to access resources are assigned to named roles, and users or service accounts are then assigned to roles — rather than granting permissions directly to individual users. RBAC scales gracefully: adding a new analyst means assigning them to the 'analyst' role (which already has all appropriate permissions), rather than granting 50 individual table permissions. Changing the permissions of all analysts means updating the 'analyst' role, which automatically applies to all role members.

In the data lakehouse, RBAC is implemented at the Iceberg catalog level — where all engines connect before accessing table data. Catalog-level RBAC is the engine-agnostic governance standard: regardless of whether a query comes from Dremio, Spark, or Trino, the catalog enforces the same access policies.

RBAC in Apache Polaris

Apache Polaris implements a two-tier RBAC model:

Principals and Principal Roles

A Principal is a user or service account that authenticates with Polaris. Principal Roles are named collections that principals are assigned to — 'data-engineers', 'analysts', 'ml-team', 'bi-service-accounts'.

Catalog Roles and Privileges

A Catalog Role is a named set of privileges on specific catalog resources — namespaces and tables. Privileges include: TABLE_READ_DATA, TABLE_WRITE_DATA, TABLE_FULL_METADATA, NAMESPACE_CREATE, CATALOG_MANAGE_METADATA. Catalog Roles are granted to Principal Roles — connecting user groups to their permitted catalog resources.

RBAC Model Apache Polaris diagram — Figure 1: Apache Polaris RBAC — principals, principal roles, catalog roles, and privileges.

RBAC in Dremio

Dremio implements RBAC across its full resource hierarchy:

System-level roles: ADMIN (full system access), PUBLIC (default minimum access for all users)
Custom roles: Named roles with specific permissions on specific Dremio resources
Resource-level permissions: Each Dremio object (source, space, VDS, folder) has its own access control list — permissions can be set at the source level (all tables in a source), the schema level (all tables in a namespace), or the individual VDS level
Column-level masking: Data masking policies that replace sensitive column values with masked equivalents for specific roles

Dremio's RBAC controls both the semantic layer (which VDSs a role can see) and the underlying data access (which physical sources a role can query through).

RBAC in Dremio Lakehouse diagram — Figure 2: Dremio RBAC — role hierarchy from system roles to resource-level column masking policies.

Summary

Role-Based Access Control is the governance backbone of the enterprise data lakehouse. Implemented at the catalog layer (Apache Polaris, Dremio Open Catalog), RBAC provides engine-agnostic, principled access control that scales from a handful of users to thousands without per-user permission management overhead. Combined with column-level security for fine-grained data masking, RBAC gives organizations the governance framework to make the open lakehouse both openly accessible and securely governed — enabling self-service analytics without sacrificing compliance.