singhpk234 opened a new pull request, #13879: URL: https://github.com/apache/iceberg/pull/13879
### About the proposal This aims at returning, policy evaluation result (Access decisions) for fine grained access policies based on the calling user as part of the loadTable response. This defines a new object called `FineGrainedDataProtectionRules` which an optional field catalog would use to convey the access decision, The expectation is these rules (projections and the row filters) are correctly applied and enforced by the client, which brings an implicit requirement to have a trusted partner, establishing trust between callers engine and catalog is not scope of this proposal as its totally up to the catalog on how its established via OAuth Delegation Flow or mTLS. The `FineGrainedDataProtectionRules` returns back projections which are modeled as [Term](https://github.com/apache/iceberg/blob/main/open-api/rest-catalog-open-api.yaml#L2287) and the row filters are modeled as [Expression](https://github.com/apache/iceberg/blob/main/open-api/rest-catalog-open-api.yaml#L2162) **This is based on my current understanding of community concencus.** Details of the community syncs can be reference here - https://www.youtube.com/watch?v=RRyohCUDnME #### Future Extension To support complex stuff like mapping tables (joins) or dialect specific SQL or complex policies, the Expressions and Terms can reference Iceberg UDFs (https://lists.apache.org/thread/rvy00kvgj1ybtond1v46t3bkv06v0jd0), which is currently being discussed in the community, once iceberg UDFs are defined we can enhance column projections and row filters to reference UDFs to handle these scenarios. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
