singhpk234 commented on code in PR #13879:
URL: https://github.com/apache/iceberg/pull/13879#discussion_r2452533059
##########
open-api/rest-catalog-open-api.yaml:
##########
@@ -3260,6 +3260,71 @@ components:
additionalProperties:
type: string
+ ReadRestrictions:
+ type: object
+ description: >
+ Read restrictions for a table, including projection and row filter
expressions, according to the current schema.
+
+ A client MUST enforce the restrictions defined in this object when
reading data
+ from the table.
+
+ These restrictions apply only to the authenticated principal, user,
or account
Review Comment:
> Should we just summarize it as the authorization context
we haven't defined Authorization yet in the the IRC, as this is entirely
managed by catalog (for example grants / policies etc), i do agree these are
like authorization predicates but wouldn't saying this depends of the
authenticated prinicipal suff, do you have any specific case in mind ?
> Etag should be different for each response
My understanding was Etag should be same as that of the what we do in the
case of storage cred's ? if the callers has a different authenticated
prinicipal, the catalog should send the creds accordingly ? let me see what we
say from the ETag POV.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
