Re:[DISCUSS] FLIP-XXX: Supports to pass the required privilege when catalog manager gets the table

Mon, 09 Feb 2026 18:28:31 -0800 

Thanks for driving this. Overall it looks good to me, and I have some minor 
comments below:
1. Please refer to other FLIPs and list the code changes to the public API in 
the "Public Interfaces" section.
2. CatalogManager is an internal API, and can we directly modify the existing 
getTable method?
3. For CDC write scenarios, setting TableWritePrivilege to INSERT feels a bit 
odd IMO, especially given its description "/** The privilege of adding rows to 
the table. */". Curious to hear others’ thoughts.





--

    Best!
    Xuyang



At 2026-02-09 23:39:09, "roryqi" <[email protected]> wrote:
>Hi Flink Community,
>
>I'd like to propose an enhancement to the Catalog interface to better
>support access control scenarios.
>
>Problem Statement
>
>For custom catalogs that implement access control, read and write
>permissions often need to be distinguished. Currently, Flink always invokes
>Catalog#getTableto look up tables, regardless of whether the operation is
>for reading or writing. This limitation makes it challenging for catalogs
>to enforce proper write-level access control.
>
>Proposed Solution
>
>I've submitted a PR that adds a new variant of getTable method which
>explicitly indicates when write privileges are required. Key aspects of
>this implementation:
>
>Backward Compatibility: The new method includes a default implementation
>that calls the existing getTable, ensuring no breaking changes
>
>Write Operation Coverage: All write operations (INSERT, UPDATE, DELETE,
>etc.) will use this new method for table lookup
>
>Industry Validation: This approach aligns with Apache Spark's similar
>interface enhancement (see https://github.com/apache/spark/pull/47772)
>
>Reference Materials
>
>FLIP Link:
>https://docs.google.com/document/d/1wf7PGYURa8jH69ISU-xV7HNctaWViZw3t9sy-niuAbI/edit?tab=t.0
>
>JIRA Issue: https://issues.apache.org/jira/browse/FLINK-38848
>
>Pull Request: https://github.com/apache/flink/pull/27389
>
>Previous discussion thread:
>https://lists.apache.org/thread/gfq316x9vrdwmgpw0hx4r7gpc0qkgvk1
>
>This enhancement would significantly improve catalog implementations'
>ability to enforce fine-grained access control, particularly important in
>multi-tenant environments. I'm happy to start a discussion on the dev
>mailing list if that would be more appropriate for this type of interface
>change.
>
>Looking forward to the community's feedback on this discussion
>
>Best
>
>Rory

Reply via email to