singhpk234 commented on code in PR #13879:
URL: https://github.com/apache/iceberg/pull/13879#discussion_r2511191605
##########
open-api/rest-catalog-open-api.yaml:
##########
@@ -3265,6 +3265,133 @@ components:
additionalProperties:
type: string
+ ReadRestrictions:
+ type: object
+ description: >
+ Read restrictions for a table, including column projections and row
filter expressions, according to the current schema.
+
+ A client MUST enforce the restrictions defined in this object when
reading data
+ from the table.
Review Comment:
My understanding is we don't define what `trust` means like untampared /
sandboxed compute etc hence we might need to define that if we were to
reference it here, though that `MUST` would imply the expectation from the
client end, please let me know your thoughts considering above, if we were to
define trust there are additonal things i think it would be helpful define like
predicate reorder attacks :
```
Suppose that a user who has access only to red widgets executes the query
shown earlier:
SELECT *
FROM widgets_view
WHERE 1/iff(color = 'Purple', 0, 1) = 1;
```
if `1/iff(color = 'Purple', 0, 1) = 1 ` to be executed before filtering the
red widgets this would make the user aware that there exists colour = 'Purple'
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
