loserwang1024 opened a new issue, #3668: URL: https://github.com/apache/fluss/issues/3668
### Search before asking - [x] I searched in the [issues](https://github.com/apache/fluss/issues) and found nothing similar. ### Motivation `LIST_DATABASES` currently filters databases using the `DESCRIBE` permission. This creates a least-privilege problem: 1. A user who only has permission on a specific table cannot see its parent database in `listDatabases` or Flink `SHOW DATABASES`. 2. Granting `DESCRIBE` on the database is too permissive because database-level permissions are inherited by all tables in that database. The user can consequently discover and describe tables that they were not explicitly granted access to. There is currently no permission that allows a user to discover or reference a database without also granting access to its contents. ### Solution <img width="840" height="415" alt="Image" src="https://github.com/user-attachments/assets/921e1c95-b1e5-4f30-8281-a10d16bdc2e3" /> Referring snowflake, introduce a new ACL operation named `USAGE`. `USAGE` represents the minimum permission required to discover and reference a container resource. It acts as a "door key" and does not grant permission to inspect, read, write, create, alter, or drop objects inside the resource. ### Anything else? _No response_ ### Willingness to contribute - [x] I'm willing to submit a PR! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
