Secure data sharing refers to providing external parties (partners, customers, regulators, subsidiaries) or cross-organizational internal teams with access to specific lakehouse datasets without physically copying data or exposing the full catalog. Modern Iceberg-based data sharing combines open format advantages (no proprietary lock-in) with catalog-level access control.
Iceberg-Native Data Sharing Approaches
The Apache Iceberg REST Catalog specification enables a new model for data sharing: a data provider grants a consuming organization access to specific catalog namespaces or tables through the REST Catalog API. The consumer connects their query engine directly to the shared catalog endpoint and reads the Iceberg metadata and Parquet files using vended, short-lived credentials issued by the provider's catalog. No data is copied. This is conceptually similar to Snowflake's Data Sharing but with open standards and multi-engine compatibility. Implementations include Dremio's catalog sharing features, Tabular's catalog sharing, and Snowflake's Open Catalog (based on Apache Polaris). Existing governance policies (RBAC, column masking, row filters) apply transparently to shared catalog access, ensuring data consumers only see what they are explicitly granted.
