https://polaris.apache.org/releases/1.4.1/configuration/configuring-polaris-for-production/Recent content in Configuring Polaris for Production on Apache PolarisHugoen-us<a href="https://www.apache.org/">Copyright © 2026 The Apache Software Foundation</a>.<br>Licensed under the <a href="https://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.https://polaris.apache.org/releases/1.4.1/configuration/configuring-polaris-for-production/configuring-gcs-cloud-storage-specific/Mon, 01 Jan 0001 00:00:00 +0000https://polaris.apache.org/releases/1.4.1/configuration/configuring-polaris-for-production/configuring-gcs-cloud-storage-specific/<p>This page provides guidance for configuring GCS Cloud Storage provider for use with Polaris. It covers credential vending, IAM roles, ACL requirements, and best practices to ensure secure and reliable integration.</p> <p>All catalog operations in Polaris for Google Cloud Storage (GCS)—including listing, reading, and writing objects—are performed using credential vending, which issues scoped (vended) tokens for secure access.</p> <p>Polaris requires both IAM roles and <a href="https://docs.cloud.google.com/storage/docs/hns-overview">Hierarchical Namespace (HNS)</a> ACLs (if HNS is enabled) to be properly configured. Even with the correct IAM role (e.g., <code>roles/storage.objectAdmin</code>), access to paths such as <code>gs://&lt;bucket&gt;/idsp_ns/sample_table4/</code> may fail with 403 errors if HNS ACLs are missing for scoped tokens. The original access token may work, but scoped (vended) tokens require HNS ACLs on the base path or relevant subpath.</p>