Calcite doesn’t implement SQL access control (GRANT and REVOKE) but it has the necessary machinery (specifically, the SqlValidatorTable.getAllowedAccess method, which is invoked from the validator).
Let’s suppose for a moment that Calcite was extended to have standard SQL access control. Then you could have a view V owned by user U in schema S1 which is visible, and it could reference tables T1 and T2 in schema S2 which is only visible to the view owner U. People would be able to query the view even though they cannot see the tables. The main thing to achieve this is to modify RelOptTableImpl.getAllowedAccess to look in a data structure rather than just returning SqlAccessType.ALL as it does today. Please log a jira case if you intend to move forward with this — we can discuss further there. Julian > On Nov 13, 2017, at 3:21 AM, [email protected] wrote: > > Hello, > > I have another question about using and/or enhancing calcite. > > I would like to hide a specific sub-schema from schemas defined in JSON for > Calcite. Only views from another sub-schema onto this hidden one would be > available. > > Is there any way to achieve this? If not - where such configuration and > logic should be implemented? If such enhancement is fine with you - maybe I > could contribute it. > > Thanks in advance for help and all suggestions. > > Pete
