singhpk234 commented on code in PR #13879:
URL: https://github.com/apache/iceberg/pull/13879#discussion_r3256594497
##########
open-api/rest-catalog-open-api.yaml:
##########
@@ -3485,24 +3485,52 @@ components:
description: >
Read restrictions for a table, including column projections and row
filter expressions.
- A client MUST enforce the restrictions defined in this object when
reading data
- from the table.
+ A reader MUST enforce the restrictions defined in this object when
reading data
+ from the table. Read restrictions returned with a loadTable response
apply to
+ every read operation that uses metadata from this response, including
+ planTableScan calls that reference snapshots, manifests, or files
from this load.
+
+ In this section, "reader" refers to the read-side actor that applies
restrictions
+ per row or per column. "Engine" refers to the broader
query-execution context
+ that defines query lifetime and scope (e.g. a SQL session, a single
PyIceberg
+ scan), and is the actor responsible for query-scoped behavior such
as salt
+ generation in sha-256-query-local.
These restrictions apply only to the authenticated principal, user,
or account
associated with the request. They MUST NOT be interpreted as global
policy and
MUST NOT be applied beyond the entity identified by the
Authentication header
(or other applicable authentication mechanism).
- If both properties are absent or empty, the ReadRestrictions object
imposes no
- restrictions and is equivalent to the field being absent from the
response.
+ An empty ReadRestrictions object (no required-column-projections and
no
+ required-row-filter) imposes no restrictions and is equivalent to
the field
+ being absent from the response.
A server MUST NOT return an action for a column whose type is not
listed in
that action's "Applicable to" set.
- For all actions, if the input column value is NULL, the output MUST
be NULL.
+
+ NULL handling is action-specific. Each action's description
specifies its
+ behavior on NULL input.
If a column projection targets a struct-typed field, other column
projections
in the same ReadRestrictions MUST NOT target any of that struct's
subfields
(at any depth). This avoids ambiguity about which action governs a
given
leaf value.
+
+ Example:
+
+ {
+ "required-column-projections": [
+ { "field-id": 4, "action": "show-last-4" },
+ { "field-id": 6, "action": "replace-with-null" },
+ { "field-id": 8, "action": "truncate-to-year" },
+ { "field-id": 10, "action": "sha-256-global" },
+ { "field-id": 12, "action": "mask-alphanum" }
+ ],
+ "required-row-filter": {
+ "type": "eq",
+ "term": "region",
Review Comment:
we want to have `source-id` here to preserve the column renames, something
which is in Ryan's expression expansion proposal
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
