Iceberg table support is in the beta phase of development and may not be available on your environment. Contact Palantir Support to request access. Iceberg must be enabled on your environment before you can configure these settings.
Iceberg table settings are configured per-enrollment in Control Panel. From this interface, relevant administrators can enable Iceberg, configure encryption settings, manage storage locations, and set defaults for how Iceberg tables are written across projects.
To access Iceberg settings, open Control Panel from the Applications portal and search for the Iceberg table settings page.
Only users with the Enrollment Administrator or Information Security Officer role can modify Iceberg settings in Control Panel.
After contacting Palantir Support and receiving approval, Palantir will enable Iceberg for your enrollment. You can verify that Iceberg is enabled by checking that Enable Foundry Iceberg is toggled on at the top of the Iceberg table settings page.
Foundry offers two layers of encryption for Iceberg tables:
Client-side Iceberg table encryption is a new and evolving capability that is not yet supported by all Foundry features, external compute engines, or tools that connect to Iceberg tables. Enabling it may limit functionality until broader compatibility is available. Within Foundry, use of Iceberg tables with CSE in single-node transforms and "faster" Pipeline Builder pipelines is not yet supported.
Foundry supports the following storage options for Iceberg tables:
If available in your environment, Foundry-managed storage will appear by default.
To add a customer-managed storage bucket, first follow the instructions to set up your BYOB source. Once you have your source created, you can select it in the Control Panel interface via Configure buckets in the Iceberg storage buckets section. You can configure multiple storage locations and use them for different projects to organize where Iceberg table data is written.
You can also set advanced storage settings on your BYOB buckets on this page, such as Access delegation details and Custom FileIO configuration properties.
You can configure default settings for how Iceberg tables are written across your enrollment, and optionally override these defaults for specific projects or namespaces.
In the Configure global Iceberg storage section:
To override enrollment-level defaults for specific projects or namespaces, select Add project or namespace in the Customize storage section. For each project or namespace, you can override:
Project-level or namespace-level overrides only apply to newly written tables in the project. Existing tables retain their current storage locations and encryption settings.
When you modify storage settings, such as storage location or encryption configuration, the new settings apply only to newly created tables. Existing tables will not be migrated or have their encryption settings altered.