danielcweeks commented on code in PR #13879:
URL: https://github.com/apache/iceberg/pull/13879#discussion_r3537343016


##########
open-api/rest-catalog-open-api.yaml:
##########
@@ -1051,6 +1051,15 @@ paths:
         table. The configuration key "token" is used to pass an access token 
to be used as a bearer token
         for table requests. Otherwise, a token may be passed using a RFC 8693 
token type as a configuration
         key. For example, "urn:ietf:params:oauth:token-type:jwt=<JWT-token>".
+
+
+        The response may include a read-restrictions field. A reader that 
supports read
+        restrictions must fail any read against the loaded table that cannot 
apply a returned
+        restriction in full. This includes unrecognized action or expression 
types, and actions
+        whose definition cannot be loaded, parsed, or evaluated. These 
restrictions apply to every
+        read performed using this response (including subsequent planTableScan 
and fetchScanTasks
+        calls), only to the authenticated principal associated with the 
request, and must not be
+        interpreted as global policy.

Review Comment:
   
   We need to change the wording on this.  We're assuming terms like 
`authenticated principal` and `global policy`.
   
   It should read more like:
   
   ```suggestion
           calls), but subsequent requests or requests made from a different 
authentication scope may have different restrictions.  The response should not 
be cached outside of the authenticated scope.
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to