amogh-jahagirdar commented on code in PR #13879:
URL: https://github.com/apache/iceberg/pull/13879#discussion_r2301300974
##########
open-api/rest-catalog-open-api.yaml:
##########
@@ -3260,25 +3260,25 @@ components:
additionalProperties:
type: string
- FineGrainedDataProtectionRules:
+ ReadRestrictions:
type: object
description: >
- Fine-grained data protection rules for a table as result of fine
grained policy evaluation at the catalog end based on the clients access rights.
-
- The client SHOULD use these rules to enforce fine-grained data
protection like column and row level access when reading data from the table.
+ Read Restrictions for a table including projection and row filter
expressions.
+ The client MUST enforce these rules to read data from the table.
Review Comment:
@singhpk234 The original wording that I had a concern about was saying
something like "as a result of fine grained policy evaluation at the catalog
end" since I didn't think it made sense for the spec to really mention anything
about policy evaluation or how the read restriction was determined, since
that's a catalog detail.
I'm good with including something like "The read restrictions apply only to
the authenticated principal/user/account associated with the client" or the
wording @rdblue suggested. This does make it clear that clients should not
blindly store and reuse this across different auth contexts, so that makes
sense.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
