waynexia commented on issue #7501: URL: https://github.com/apache/arrow-datafusion/issues/7501#issuecomment-1719046681
Adding a complete implementation of access control in DataFusion might be hard. But it looks viable to me to add some basic components, to make it easier to build customized ACL on top of DataFusion. Currently in our project, this functionality is implemented by matching the `LogicalPlan` and the SQL AST before executing it, just like @alamb mentioned above. https://github.com/GreptimeTeam/greptimedb/blob/9ff7670adfb56a80fe6ffeab8bdab9bcfe55543c/src/servers/src/interceptor.rs#L52-L60 For cases I have come up with, these hooks should be enough to accomplish ACL requirements, as the query and plan contain all the necessary information in theory. We can consider evolving DataFusion's hooks from that. Like replacing `QueryContext` with `TaskContext` or`SessionContext`. And maybe add an extra ACL-related field in that context. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
