Hi Travis, Thanks for the proposal. +1 on the idea of introducing a more fine-grained model for the commit operation.
Currently, Iceberg’s commit endpoint handles a wide range of updates — schema changes, partition and sort order updates, data modifications, and more. With a more granular approach, administrators could assign different permissions to different roles. For example, many roles could be allowed to add data to the table, while only specific supervisor roles could make schema changes, such as adding new columns. I’m looking forward to seeing more details on the implementation once there’s consensus on the direction. From an implementation perspective, we’ll likely need a way to group these fine-grained authorizable operations, since a single commit request often contains multiple updates. Best regards, Jonas On Tue, Sep 23, 2025 at 12:24 PM Travis Bowen <[email protected]> wrote: > (I'd originally sent this from my Snowflake email, but will deprecate that > thread in favor of this, since the Snowflake email seems to have gone to > many people's spam folders or had issues being sent with the mailing list). > > Hi all, > > I've been investigating ideas on how to have finer grained authorization > checks on the various types of updates that can be present in an update > table request in Polaris. > > I wrote a doc that represents a proposal that I think could achieve this in > a backwards compatible manner along with some of my reasons on why it seems > valuable. > > Would love to get input and start a discussion around this as it could be > valuable for both me and others as well. > > > https://docs.google.com/document/d/1LRB0LDevc6EQa0NWiLHi-jKmrwNA_XXWiHKfskZ6VwU/edit?usp=sharing > > Thanks! > Travis >
