Hi Stephen, I suggest trying RelMetadataQuery#getColumnOrigins or using push-down rules to push necessary columns to the table scan, where you can then get the columns to authorize.
Stephen Carlin <scar...@cloudera.com.invalid> 于2024年11月20日周三 02:43写道: > Hi all, > > I'm hoping to get some pointers on how to do authorization for my database > using Calcite. > > I have an idea of how to do table level authorization at validation time. > But column level seems a lot more tricky. What would be the guidance on > when to do column level authorization? Is that something that is usually > done after RelNode conversion, so that there are 2 authorization steps that > are separated? > > Any advice from currently implemented architectures would be appreciated. > > Thanks! >
