rdblue commented on code in PR #13879:
URL: https://github.com/apache/iceberg/pull/13879#discussion_r2505853029
##########
open-api/rest-catalog-open-api.yaml:
##########
@@ -3265,6 +3265,133 @@ components:
additionalProperties:
type: string
+ ReadRestrictions:
+ type: object
+ description: >
+ Read restrictions for a table, including column projections and row
filter expressions, according to the current schema.
+
+ A client MUST enforce the restrictions defined in this object when
reading data
+ from the table.
+
+ These restrictions apply only to the authenticated principal, user,
or account
+ associated with the client. They MUST NOT be interpreted as global
policy and
+ MUST NOT be applied beyond the entity identified by the
Authentication header
+ (or other applicable authentication mechanism).
+ properties:
+ required-column-projections:
+ description: >
+ A list of projections that MUST be applied prior to any
query-specified
+ projections.
+ If the required-colum-projections property is absent, no mandatory
projection applies,
+ and a reader MAY project any subset of columns of the table,
including all columns.
+
+ 1. A reader MUST project only columns listed in the
required-colum-projections.
Review Comment:
I realize that the intent here is to be an allow list rather than the
opposite, but I don't think this is a good idea. It would result in large
payloads for wide tables and requires processing the schema to produce, rather
than allowing services to transform policy more directly.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
