collado-mike commented on code in PR #3724:
URL: https://github.com/apache/polaris/pull/3724#discussion_r2799893174
##########
polaris-core/src/main/java/org/apache/polaris/core/auth/PolarisAuthorizableOperation.java:
##########
@@ -144,7 +145,7 @@ public enum PolarisAuthorizableOperation {
DROP_VIEW(VIEW_DROP),
VIEW_EXISTS(VIEW_LIST),
RENAME_VIEW(VIEW_DROP, EnumSet.of(VIEW_LIST, VIEW_CREATE)),
- REPORT_METRICS(EnumSet.noneOf(PolarisPrivilege.class)),
+ REPORT_METRICS(TABLE_REPORT_METRICS),
Review Comment:
I could be persuaded either way, but tbh, I think a new privilege here is
excessive. Anybody who is adding rows will end up posting metrics and I think
we want those. Read metrics are less useful in my mind, but still useful. With
this new privilege, a user needs to have full privileges on the table to report
anything. For backward compatibility, I'd suggest at least giving anyone with
write privilege the implicit new metrics privilege.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
