Hi, Rory. Thanks for sharing. I've took a look at your PR and have a few
questions:
1. I believe this warrants a FLIP, as it enriches the (public) Catalog
interface.
2. I noticed that in `convertSqlInsert`, the sink's privileges are set to
INSERT only. I'm a bit curious: in the context of an INSERT INTO ... statement,
when the sink processes CDC data, it not only inserts new rows but may also
update or delete existing rows.
3. Moreover, aside from write privileges, I can think of an interesting
scenario regarding read privileges: the user of the current pipeline has
privileges on a persistent view in the catalog but lacks privileges on the
underlying tables of that view. I’m wondering how we should handle this case —
should we reject it outright, or leave it to the catalog to handle?
--
Best!
Xuyang
At 2026-02-01 16:25:57, "roryqi" <[email protected]> wrote:
>Hi Flink Community,
>
>I'd like to propose an enhancement to the Catalog interface to better
>support access control scenarios.
>Problem Statement
>
>For custom catalogs that implement access control, read and write
>permissions often need to be distinguished. Currently, Flink always invokes
>Catalog#getTableto look up tables, regardless of whether the operation is
>for reading or writing. This limitation makes it challenging for catalogs
>to enforce proper write-level access control.
>Proposed Solution
>
>I've submitted a PR that adds a new variant of getTablemethod which
>explicitly indicates when write privileges are required. Key aspects of
>this implementation:
>
> -
>
> *Backward Compatibility*: The new method includes a default
> implementation that calls the existing getTable, ensuring no breaking
> changes
> -
>
> *Write Operation Coverage*: All write operations (INSERT, UPDATE,
> DELETE, etc.) will use this new method for table lookup
> -
>
> *Industry Validation*: This approach aligns with Apache Spark's similar
> interface enhancement (see https://github.com/apache/spark/pull/47772)
>
>Reference Materials
>
> -
>
> JIRA Issue: https://issues.apache.org/jira/browse/FLINK-38848
> -
>
> Pull Request: https://github.com/apache/flink/pull/27389
>
>This enhancement would significantly improve catalog implementations'
>ability to enforce fine-grained access control, particularly important in
>multi-tenant environments. I'm happy to start a discussion on the dev
>mailing list if that would be more appropriate for this type of interface
>change.
>
>Looking forward to the community's feedback on this discussion
>Best
>
>Rory
