Open Catalog for Iceberg on Azure

Documentation Index

Fetch the complete documentation index at: https://docs.streamnative.io/llms.txt

Use this file to discover all available pages before exploring further.

This guide describes how to prepare a Snowflake Open Catalog (Polaris) for use with StreamNative Ursa as an Iceberg catalog on Microsoft Azure.

​

Prerequisites

• A Snowflake standard account
• An Azure subscription with permissions to create storage accounts and configure trusted apps
• Access to the Snowflake Open Catalog feature

​

1. Create a Snowflake Open Catalog Account

The Snowflake Open Catalog console requires a dedicated Open Catalog account. From the standard Snowflake console, navigate to Admin -> Accounts and use the toggle to Create Snowflake Open Catalog Account. Configure the account with:

• Cloud: AWS or Azure (per Polaris availability)
• Region: the region in which your storage container resides
• Edition: any

Provide an admin username and password. After creation, click the Account URL to sign in to the Open Catalog console.

​

2. Collect Azure Account Information

​

2.1 Azure Tenant ID

In the Azure portal, search for Tenant properties and record the Tenant ID.

​

2.2 Storage Service Endpoint

In the Azure portal, navigate to Storage accounts, open the target storage account, and click Settings -> Endpoints. Record the Blob service primary endpoint (for example, https://<account>.blob.core.windows.net/).

​

2.3 Create a Container

In the storage account, navigate to Data storage -> Containers -> + Container and create a new container.

​

3. Create the Polaris Catalog

In the Snowflake Open Catalog console, create a new catalog.

Important: The StreamNative compaction service writes data using the AzureDFS protocol, so the Polaris catalog must use the same protocol. Use abfss://<container>@<account>.dfs.core.windows.net (note dfs, not blob).

Configure the catalog with:

• External: disabled
• Storage provider: AZURE
• Default base location: abfss://<container>@<storage-account>.dfs.core.windows.net
• Azure tenant ID: the value from step 2.1

​

4. Create a Trusted App in Azure

Open the catalog details and record the values of AZURE_CONSENT_URL and AZURE_MULTI_TENANT_APP_NAME. Open the AZURE_CONSENT_URL in a browser and click Accept. This redirects to Snowflake and creates a trusted app in Azure. The trusted app name is the portion of AZURE_MULTI_TENANT_APP_NAME before the underscore.

Note: Provisioning the trusted app in Azure can take several minutes.

​

5. Grant Container Permissions to the Trusted App

In the Azure portal, navigate to the storage account’s Access Control (IAM) -> + Add -> Add role assignment. Search for Storage Blob Data and select Storage Blob Data Contributor. Click Select members, search for the trusted app name from step 4, select it, and click Review + assign.

​

6. Create a Connection (Service Principal)

In the Open Catalog console, create a new connection that StreamNative Ursa will use to authenticate. Configure with:

• Name: any name
• Create new principal role: enabled
• Principal Role Name: any name

After creation, record the Client ID and Client Secret — the secret cannot be retrieved later.

​

7. Create a Catalog Role and Grant Privileges

Navigate to Catalogs -> [your catalog] -> Roles -> + Catalog Role and create a role with the following privileges:

• NAMESPACE_CREATE
• NAMESPACE_READ_PROPERTIES
• TABLE_CREATE
• TABLE_WRITE_DATA
• TABLE_READ_DATA

Click Grant to Principals Role and grant the catalog role to the principal role created in step 6.

​

Catalog Information Summary

When the steps above are complete, collect the following values for the StreamNative Ursa compaction service: For the next steps, see Configure Lakehouse Catalogs.