Praneeth-Sagar-13 opened a new pull request, #3927: URL: https://github.com/apache/polaris/pull/3927
Introduces a new catalog-level privilege CATALOG_READ_DATA (code 103) that grants read-only access to all data and navigational metadata within a specific catalog. This is intended for data analyst principals who need broad read access across an entire catalog without any write or administrative capabilities. CATALOG_READ_DATA subsumes the following privileges when granted on a catalog: - NAMESPACE_LIST and NAMESPACE_READ_PROPERTIES (catalog navigation) - TABLE_LIST, TABLE_READ_PROPERTIES, and TABLE_READ_DATA (table access) - VIEW_LIST and VIEW_READ_PROPERTIES (view access) It is itself subsumed by CATALOG_MANAGE_CONTENT (the existing full-access catalog privilege), preserving the existing privilege hierarchy. Changes: - PolarisPrivilege.java: add CATALOG_READ_DATA enum constant (code 103) - PolarisAuthorizerImpl.java: register subsumption rules in SUPER_PRIVILEGES - polaris-management-service.yml: add CATALOG_READ_DATA to CatalogPrivilege enum - PolarisPrivilegeTest.java: update code-to-privilege mapping test <!-- ๐ Describe what changes you're proposing, especially breaking or user-facing changes. ๐ See https://github.com/apache/polaris/blob/main/CONTRIBUTING.md for more. --> ## Checklist - [ ] ๐ก๏ธ Don't disclose security issues! (contact [email protected]) - [ ] ๐ Clearly explained why the changes are needed, or linked related issues: Fixes # - [ ] ๐งช Added/updated tests with good coverage, or manually tested (and explained how) - [ ] ๐ก Added comments for complex logic - [ ] ๐งพ Updated `CHANGELOG.md` (if needed) - [ ] ๐ Updated documentation in `site/content/in-dev/unreleased` (if needed) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
