Hi Flink Community, I'd like to propose an enhancement to the Catalog interface to better support access control scenarios. Problem Statement
For custom catalogs that implement access control, read and write permissions often need to be distinguished. Currently, Flink always invokes Catalog#getTableto look up tables, regardless of whether the operation is for reading or writing. This limitation makes it challenging for catalogs to enforce proper write-level access control. Proposed Solution I've submitted a PR that adds a new variant of getTablemethod which explicitly indicates when write privileges are required. Key aspects of this implementation: - *Backward Compatibility*: The new method includes a default implementation that calls the existing getTable, ensuring no breaking changes - *Write Operation Coverage*: All write operations (INSERT, UPDATE, DELETE, etc.) will use this new method for table lookup - *Industry Validation*: This approach aligns with Apache Spark's similar interface enhancement (see https://github.com/apache/spark/pull/47772) Reference Materials - JIRA Issue: https://issues.apache.org/jira/browse/FLINK-38848 - Pull Request: https://github.com/apache/flink/pull/27389 This enhancement would significantly improve catalog implementations' ability to enforce fine-grained access control, particularly important in multi-tenant environments. I'm happy to start a discussion on the dev mailing list if that would be more appropriate for this type of interface change. Looking forward to the community's feedback on this discussion Best Rory
