danielcweeks commented on code in PR #13879:
URL: https://github.com/apache/iceberg/pull/13879#discussion_r3537343016
##########
open-api/rest-catalog-open-api.yaml:
##########
@@ -1051,6 +1051,15 @@ paths:
table. The configuration key "token" is used to pass an access token
to be used as a bearer token
for table requests. Otherwise, a token may be passed using a RFC 8693
token type as a configuration
key. For example, "urn:ietf:params:oauth:token-type:jwt=<JWT-token>".
+
+
+ The response may include a read-restrictions field. A reader that
supports read
+ restrictions must fail any read against the loaded table that cannot
apply a returned
+ restriction in full. This includes unrecognized action or expression
types, and actions
+ whose definition cannot be loaded, parsed, or evaluated. These
restrictions apply to every
+ read performed using this response (including subsequent planTableScan
and fetchScanTasks
+ calls), only to the authenticated principal associated with the
request, and must not be
+ interpreted as global policy.
Review Comment:
We need to change the wording on this. We're assuming terms like
`authenticated principal` and `global policy`.
It should read more like:
```suggestion
calls), but subsequent requests or requests made from a different
authentication scope may have different restrictions. The response should not
be cached outside of the authenticated scope.
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]