qqqttt123 commented on PR #13810: URL: https://github.com/apache/iceberg/pull/13810#issuecomment-3816148947
> @qqqttt123 thank you for the feedback ! I believe in order for the catalog to authorize the access to the table based on the clients input, its requires a notion of trust between catalog and the client, we neither define AuthZ in IRC nor we define notion of Trusted Engine in IRC, hence how the catalog wanna authorize the access to the table based on reference-by is not intentionally described here. > > We covered this discussion in [here](https://github.com/apache/iceberg/pull/13810#discussion_r2293754655) as well as in the design doc [here](https://docs.google.com/document/d/15zgmACxue8jH8SIBAJNzZ64Mx6RTRmDv2IoH3Clc2uQ/edit?tab=t.0#heading=h.q3g0vtjlftwt) as proposal mentions its first step towards enable, there will subsequent work required in the catalog end to complete E2E > > Please let us know if it helps answer your concern ! Yes, it helps a lot. Thanks. We shouldn't involve the authorization concepts for the spec. I found that Trino add `ICEBERG_VIEW_RUN_AS_OWNER` as the property of the view. Maybe we should add table identifiers of the view to the properties, too. It will benefits authorization of the Iceberg REST catalog. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
