munendrasn opened a new issue, #6763: URL: https://github.com/apache/iceberg/issues/6763
### Query engine _No response_ ### Question We are using the DynamoDb based Catalog implementation, and working on providing namespace level access control. DynamoDb table per namespace is not the option due to limitation on number of tables in DynamoDb per region. Hence, we are relying on Row-level access control provided by [DynamoDb](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/specifying-conditions.html). While providing access to Namespace entries we are hitting limitation, as DynamoDb provides row-access control on PartitionKey. For all the namespace entries, PartitionKey is [NAMESPACE](https://github.com/apache/iceberg/pull/2688) . So, we would end giving access to all the Namespace entries. One option is to store the namespace value in identifier which would enable Access control. With this, listNamespace would need to performed on GSI (existing one) instead of Primary Index. Is there any reason for storing the actual value in namespace attribute rather than identifier attribute for namespace? Also, Please share if there are any concerns with swapping the values for Namespace entry in the DynamoDb Catalog Implementation cc @SreeramGarlapati @mohitgargk @ChaladiMohanVamsi -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org For additional commands, e-mail: issues-h...@iceberg.apache.org
