Hi Stephen, Maybe you can complete authentication by building a sub-table. For example: select * from "scott".emp You can try converting this SQL to: select * from (select EMPNO, ENAME, JOB from "scott".emp) The column EMPNO,ENAME and JOB have the authorization.
Yanjing Wang <zhuangzixiao...@gmail.com> 于2024年11月20日周三 10:30写道: > > Hi Stephen, I suggest trying RelMetadataQuery#getColumnOrigins or using > push-down rules to push necessary columns to the table scan, where you can > then get the columns to authorize. > > Stephen Carlin <scar...@cloudera.com.invalid> 于2024年11月20日周三 02:43写道: > > > Hi all, > > > > I'm hoping to get some pointers on how to do authorization for my database > > using Calcite. > > > > I have an idea of how to do table level authorization at validation time. > > But column level seems a lot more tricky. What would be the guidance on > > when to do column level authorization? Is that something that is usually > > done after RelNode conversion, so that there are 2 authorization steps that > > are separated? > > > > Any advice from currently implemented architectures would be appreciated. > > > > Thanks! > >
