GitHub user bharos added a comment to the discussion: Consider support for role assumption (SET ROLE) to narrow effective permissions
Thanks @markhoerth for looking into this. The use-case I want to solve is similar to what I mentioned above, ie. `broad-access-role` and `restricted-access-role` Imagine a case where I want to expose a restricted set of tables (and nothing more) to a specific role `restricted-access-role` For the second part of your question, I did consider the option of passing the group via OAuth token some way using specific scopes, but AFAICT the IdP provider (Azure in our case) doesn't allow this, it just sends all the groups (upto 200 groups) that the user belongs to, and we can't choose to have a narrow set of groups based on scope. If this understanding is incorrect, then yeah that would be a potential option as well. GitHub link: https://github.com/apache/gravitino/discussions/10894#discussioncomment-16764658 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected]
