Realm

This page explains what a realm is and what it is used for in Polaris.

What is it?

A realm in Polaris serves as logical partitioning mechanism within the catalog system. This isolation allows for multitenancy, enabling different teams, environments or organizations to operate independently within the same Polaris deployment.

Key Characteristics

Isolation: Each realm encapsulates its own set of resources, ensuring that operations, policies in one realm do not affect others.

Authentication Context: When configuring Polaris, principals credentials are associated with a specific realm. This allows for the separation of security concerns across different realms.

Configuration Scope: Realm identifiers are used in various configurations, such as connection strings feature configurations, etc.

An example of this is:

jdbc:postgresql://localhost:5432/{realm}

This ensures that each realm’s data is stored separately.

How is it used in the system?

RealmContext: It is a key concept used to identify and resolve the context in which operations are performed. For example DefaultRealmContextResolver, a realm is resolved from request headers, and operations are performed based on the resolved realm identifier.

Authentication and Authorization: For example, in DefaultAuthenticator, RealmContext is used to provide context about the current security domain, which is used to retrieve the correct PolarisMetastoreManager that manages all Polaris entities and associated grant records metadata for authorization.

Isolation: In classes like JdbcBasePersistenceImpl, the realm id from the realm context is part of the primary key to manage entities of realms in isolation (within the same database instance).