I'm going to have to update my comment to -1. Based on some of the discussion in the PR, I went back and reviewed the discussion and I don't think this approach works based on some comments I made in the recording (link with timestamp <https://youtu.be/orAXA5e9pmU?si=CjIEQk__dcTWcdEi&t=1438> and again here <https://youtu.be/orAXA5e9pmU?si=tvpIN6ytIu2JU_fj&t=1902>).
The main issue I see is that we're not enabling a secure way to do this because we cannot trust the client to provide the surrounding view. What would prevent a client from just addressing a defender view in a load table and accessing data the invoker should not have access to? I feel like there are security implications here that we haven't properly addressed. -Dan On Fri, Jan 30, 2026 at 8:52 AM Ryan Blue <[email protected]> wrote: > -1 for now (will probably change) > > I think that there is a problem in that a dot is used to separate the > namespace (which uses namespace separator) from the table name. If my > namespace separator is `|` then it would require `name|space.table`. Why > not use the same separator between the namespace and table name? If we use > `.` then the last namespace part cannot have a `.`, which is an odd > restriction. > > On Thu, Jan 29, 2026 at 12:07 PM Daniel Weeks <[email protected]> wrote: > >> +1 (binding) >> >> Minor comments on the Spec PR. I'm assuming everyone is voting >> specifically on the spec changes, but just want to clarify (implementation >> PR will go through normal review process). >> >> -Dan >> >> On Thu, Jan 29, 2026 at 9:38 AM Steve <[email protected]> wrote: >> >>> +1 (non-binding) >>> >>> On Thu, Jan 29, 2026 at 12:57 AM Alexandre Dutra <[email protected]> >>> wrote: >>> > >>> > +1 (non-binding) >>> > >>> > Thanks, >>> > Alex >>> > >>> > Le jeu. 29 janv. 2026 à 08:19, Bharath Krishna <[email protected]> >>> a écrit : >>> >> >>> >> +1, that was a missing piece for view authorization! >>> >> >>> >> On 2026/01/29 07:03:31 roryqi wrote: >>> >> > +1, excited to see this. I am working on related work about Apache >>> Gravitino. >>> >> > >>> >> > Christian Thiel <[email protected]> 于2026年1月29日周四 14:50写道: >>> >> > > >>> >> > > +1 (non-binding) >>> >> > > >>> >> > > Gábor Kaszab <[email protected]> schrieb am Do. 29. Jan. >>> 2026 um 07:22: >>> >> > >> >>> >> > >> +1 (nb) >>> >> > >> >>> >> > >> Gábor >>> >> > >> >>> >> > >> On Thu, 29 Jan 2026, 00:02 Adnan Hemani via dev, < >>> [email protected]> wrote: >>> >> > >>> >>> >> > >>> +1 (non-binding) >>> >> > >>> >>> >> > >>> On Wed, Jan 28, 2026 at 10:17 AM Steven Wu < >>> [email protected]> wrote: >>> >> > >>>> >>> >> > >>>> +1 >>> >> > >>>> >>> >> > >>>> On Wed, Jan 28, 2026 at 8:02 AM Russell Spitzer < >>> [email protected]> wrote: >>> >> > >>>>> >>> >> > >>>>> +1 >>> >> > >>>>> >>> >> > >>>>> On Wed, Jan 28, 2026 at 10:01 AM Eduard Tudenhöfner < >>> [email protected]> wrote: >>> >> > >>>>>> >>> >> > >>>>>> +1 >>> >> > >>>>>> >>> >> > >>>>>> On Tue, Jan 27, 2026 at 6:29 PM Prashant Singh < >>> [email protected]> wrote: >>> >> > >>>>>>> >>> >> > >>>>>>> Hello everyone ! >>> >> > >>>>>>> The namespace separator for nested namespaces discussion is >>> converged (thanks a ton Eduard) >>> >> > >>>>>>> I additionally also added wording for the nested views per >>> the feedback. >>> >> > >>>>>>> The spec proposal [1] is ready for review again, I have >>> also updated the reference implementation too from client side [2] per spec. >>> >> > >>>>>>> >>> >> > >>>>>>> Please do have a pass and vote based on how you all feel, >>> when you get some time. Appreciate all the feedback so far ! >>> >> > >>>>>>> >>> >> > >>>>>>> [1] https://github.com/apache/iceberg/pull/13810 >>> >> > >>>>>>> [2] https://github.com/apache/iceberg/pull/13979 >>> >> > >>>>>>> >>> >> > >>>>>>> Best, >>> >> > >>>>>>> Prashant Singh >>> >> > >>>>>>> >>> >> > >>>>>>> >>> >> > >>>>>>> >>> >> > >>>>>>> On Fri, Sep 5, 2025 at 10:04 AM Prashant Singh < >>> [email protected]> wrote: >>> >> > >>>>>>>> >>> >> > >>>>>>>> Thanks for the feedback, Ryan. I agree that we should >>> leave the vote open longer and get the wording right. I'll work on >>> addressing the new feedbacks. >>> >> > >>>>>>>> >>> >> > >>>>>>>> Best, >>> >> > >>>>>>>> Prashant Singh >>> >> > >>>>>>>> >>> >> > >>>>>>>> On Fri, Sep 5, 2025 at 8:59 AM Ryan Blue <[email protected]> >>> wrote: >>> >> > >>>>>>>>> >>> >> > >>>>>>>>> I think this is a good addition, but I think it may need >>> a bit of work to get the wording right and there's still ongoing >>> discussion. Maybe we should leave this vote open longer until the >>> discussion settles? >>> >> > >>>>>>>>> >>> >> > >>>>>>>>> Also, I want to point out that this is another use of a >>> specific separator char. I think it would be good to revisit our separator >>> discussion and finally close on it. >>> >> > >>>>>>>>> >>> >> > >>>>>>>>> On Fri, Sep 5, 2025 at 12:33 AM John Zhuge < >>> [email protected]> wrote: >>> >> > >>>>>>>>>> >>> >> > >>>>>>>>>> +1 (non-binding) >>> >> > >>>>>>>>>> >>> >> > >>>>>>>>>> On Thu, Sep 4, 2025 at 6:23 PM Yufei Gu < >>> [email protected]> wrote: >>> >> > >>>>>>>>>>> >>> >> > >>>>>>>>>>> +1 on the spec change. It’s a solid first step toward >>> enabling DEFINER views. As usual, the spec change is intentionally kept >>> separate from access control. >>> >> > >>>>>>>>>>> >>> >> > >>>>>>>>>>> Yufei >>> >> > >>>>>>>>>>> >>> >> > >>>>>>>>>>> >>> >> > >>>>>>>>>>> On Wed, Sep 3, 2025 at 8:18 AM huaxin gao < >>> [email protected]> wrote: >>> >> > >>>>>>>>>>>> >>> >> > >>>>>>>>>>>> +1 (non-binding) >>> >> > >>>>>>>>>>>> >>> >> > >>>>>>>>>>>> On Tue, Sep 2, 2025 at 6:38 PM Prashant Singh < >>> [email protected]> wrote: >>> >> > >>>>>>>>>>>>> >>> >> > >>>>>>>>>>>>> Hi All, >>> >> > >>>>>>>>>>>>> I propose adding an optional referenced-by to the >>> REST loadTable call, which will contain the fully qualified name of the >>> view (namespace of the view name and the view name) in case the table is >>> being referenced by a view. >>> >> > >>>>>>>>>>>>> >>> >> > >>>>>>>>>>>>> This will be really helpful in a couple of ways : >>> >> > >>>>>>>>>>>>> 1. First step towards enabling DEFINER views >>> >> > >>>>>>>>>>>>> 2. Audit, incase one wants to track what's the base >>> objects accessed from the direct object accessed (example: doc) >>> >> > >>>>>>>>>>>>> >>> >> > >>>>>>>>>>>>> For details please check: >>> >> > >>>>>>>>>>>>> >>> >> > >>>>>>>>>>>>> - Spec change PR: >>> https://github.com/apache/iceberg/pull/13810 >>> >> > >>>>>>>>>>>>> - Reference Implementation PR: >>> https://github.com/apache/iceberg/pull/13979 >>> >> > >>>>>>>>>>>>> - Discuss Thread: >>> https://lists.apache.org/thread/01gb9rygdd1gqks7lnl1o6440qocnh9m >>> >> > >>>>>>>>>>>>> >>> >> > >>>>>>>>>>>>> Please vote in the next 72 hours: >>> >> > >>>>>>>>>>>>> >>> >> > >>>>>>>>>>>>> [ ] +1 Add these changes to the spec >>> >> > >>>>>>>>>>>>> [ ] +0 >>> >> > >>>>>>>>>>>>> [ ] -1 I have questions and/or concerns >>> >> > >>>>>>>>>>>>> >>> >> > >>>>>>>>>>>>> Best, >>> >> > >>>>>>>>>>>>> Prashant Singh >>> >> > >>>>>>>>>> >>> >> > >>>>>>>>>> >>> >> > >>>>>>>>>> >>> >> > >>>>>>>>>> -- >>> >> > >>>>>>>>>> John Zhuge >>> >> > >>> >>
