In terms of achieving this I was thinking of this as the following as well : 1. role based column filtering as -> This should be achievable, without a lot of lift shift. 2. simple row based filters 3. column mask and row mask (when Iceberg UDF are established) And agree we just need to store the mask name and we can send it back to the engine in many ways, but i think for mask to mean something for all engines we need Iceberg UDF's for example email_mask means XYZ .... across Engine A, Engine B, how we achieve this if by IR or just storing it it in its individual dialect that still need some brainstorming, but I think in principle engine should come back to catalog for getting the function definition would imho be the best bet ! So maybe tackling the row mask and column mask when UDF are first class citizens might be best ,Though starting with 1 seems the simplest ! Given that I am working on a proposal doc for incorporating these thoughts for Polaris, I will share with the community *soon* and would love to get all of your feedback !
Best, Prashant Singh On Fri, Jun 6, 2025 at 2:48 PM Eric Maynard <eric.w.mayn...@gmail.com> wrote: > It seems to me that the *easiest* to start with would be role-based column > filtering. There are no functions to grapple with, no dialect differences. > You simply grab the list of columns that a given principal role has access > to according to the FGAC policy attached to a given table. > > --EM >
