Govern an Open Lakehouse with Snowflake Open Catalog

Posted on by

While some catalogs have added an “open front door” by supporting the Apache Iceberg REST catalog API for reads and writes, they use a proprietary implementation. These catalogs offer flexibility for many engines you could integrate, but the proprietary implementation may make it harder to switch catalogs if you ever wanted to.

Other catalogs have built a “one-way front door” by supporting a read-only Apache Iceberg REST endpoint, and they provide an open source implementation. But the one-way front door significantly hampers your flexibility, limiting which engines you could use to write. And the open source implementation lacks transparency for vendor-neutral control. 

Apache Polaris provides an “open, two-way front door,” granting freedom to use a variety of engines to both read and write. Any engine that you can connect will integrate with the access controls defined in Apache Polaris, giving you a unified security plane across all the Apache Iceberg tables in your data lake or lakehouse. When any of these engines try to query a table, write to a table or see a list of namespaces and tables, Apache Polaris will first check if they have permission to do so. If they do, then Apache Polaris will provide a scoped set of temporary storage credentials needed to perform the operation.

In addition to these benefits by way of Apache Polaris, Snowflake Open Catalog provides more functionality, like multi-factor authentication (MFA), availability in multiple clouds and regions, and a web interface to make it even more secure and easier to use.

Snowflake Open Catalog can be integrated with Snowflake’s engine but is not required. Snowflake Open Catalog can be used as a catalog to provide governed interoperability for any Apache Iceberg REST-compatible engines.