RussellSpitzer commented on code in PR #13810:
URL: https://github.com/apache/iceberg/pull/13810#discussion_r2747893234
##########
open-api/rest-catalog-open-api.yaml:
##########
@@ -980,6 +980,30 @@ paths:
schema:
type: string
enum: [ all, refs ]
+ - in: query
+ name: referenced-by
+ description:
+ A comma-separated list of fully qualified view names (namespace
and view name) representing the view
+ reference chain when a table is loaded via a view. The list should
be ordered with the outermost view
Review Comment:
Do we have any prior art for engines/frameworks/systems that allow you
override a downstream invoker?
This scenario to be concrete
```
Definer => Invoker => Table
Definer View made by User A
Table is Accesible to User A
User B queries definer view
```
Does User B see rows from the table?
---
From Ryan's quote this doesn't seem like it would be allowed in postgres
I was checking Trino and it doesn't look like it supports this either.
> In the INVOKER security mode, tables referenced in the view are accessed
using the permissions of the user executing the query (the invoker of the
view). A view created in this mode is simply a stored query.
Snowflake doesn't support Invoker views, so it's always Definer
---
Not that I want to forbid a catalog being able to do this, but I think it
would be helpful to know if anyone actually plans on allowing this pattern?
Feels like it would be a security hole?
Are there any other use cases?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
