eric-maynard commented on code in PR #2696:
URL: https://github.com/apache/polaris/pull/2696#discussion_r2383147584
##########
polaris-core/src/main/java/org/apache/polaris/core/config/FeatureConfiguration.java:
##########
@@ -386,4 +386,14 @@ public static void enforceFeatureEnabledOrThrow(
+ "Defaults to enabled, but service providers may want to
disable it.")
.defaultValue(true)
.buildFeatureConfiguration();
+
+ public static final FeatureConfiguration<Boolean>
+ ALLOW_SETTING_SUB_CATALOG_RBAC_FOR_FEDERATED_CATALOGS =
+ PolarisConfiguration.<Boolean>builder()
+ .key("ALLOW_SETTING_SUB_CATALOG_RBAC_FOR_FEDERATED_CATALOGS")
+ .description(
+ "If set to true (default), Polaris will allow configuring
namespace/table-level RBAC for federated catalogs per catalog."
+ + "If set to false, Polaris will only allow configuring
namespace/table-level RBAC for federated catalogs at realm level.")
Review Comment:
> namespace/table-level RBAC
Does this not also apply to policies, views, functions, and other things
that might potentially be stored within a catalog in the future?
If I'm understanding this flag correctly, it's basically meant to disallow
privilege grants (?) on all entities other than a catalog.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
