vrajat commented on code in PR #16043:
URL: https://github.com/apache/pinot/pull/16043#discussion_r2159882542
##########
pinot-broker/src/main/java/org/apache/pinot/broker/api/AccessControl.java:
##########
@@ -120,4 +122,15 @@ default TableAuthorizationResult
authorize(RequesterIdentity requesterIdentity,
return hasAccess(requesterIdentity, tables) ?
TableAuthorizationResult.success()
: new TableAuthorizationResult(tables);
}
+
+
+ /**
+ * Returns RLS/CLS filters for a particular table. By default, there are no
RLS/CLS filters on any table.
+ * @param requesterIdentity requested identity
+ * @param table Table used in the query. Table name can be with or without
tableType.
+ * @return {@link TableRowColAuthResult} with the result of the access
control check
+ */
+ default TableRowColAuthResult getRowColFilters(RequesterIdentity
requesterIdentity, String table) {
Review Comment:
Row level security etc. are not considered part of authorization in
databases. For example in Snowflake and PG, they are called row access policy
and row security policies. These are different from GRANT policies that specify
authorization rules in those databases. So the standard setup is to keep it
separate in the db core.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org
For additional commands, e-mail: commits-h...@pinot.apache.org
