Re: [PR] feat: add CATALOG_READ_DATA privilege for data analyst read-only catalog access [polaris]

Fri, 06 Mar 2026 12:07:40 -0800 


flyrain commented on code in PR #3927:
URL: https://github.com/apache/polaris/pull/3927#discussion_r2897634174


##########
polaris-core/src/main/java/org/apache/polaris/core/entity/PolarisPrivilege.java:
##########
@@ -256,6 +256,16 @@ public enum PolarisPrivilege {
       PolarisEntityType.TABLE_LIKE,
       List.of(PolarisEntitySubType.ICEBERG_TABLE, 
PolarisEntitySubType.GENERIC_TABLE),
       PolarisEntityType.CATALOG_ROLE),
+  /**
+   * Grants read-only access to all data and navigational metadata within a 
specific catalog.
+   * Intended for data analyst principals who need to read tables and views 
across an entire catalog
+   * without any write or administrative capabilities.
+   *
+   * <p>This privilege subsumes: {@link #NAMESPACE_LIST}, {@link 
#NAMESPACE_READ_PROPERTIES}, {@link
+   * #TABLE_LIST}, {@link #TABLE_READ_PROPERTIES}, {@link #TABLE_READ_DATA}, 
{@link #VIEW_LIST}, and
+   * {@link #VIEW_READ_PROPERTIES}.
+   */
+  CATALOG_READ_DATA(103, PolarisEntityType.CATALOG),

Review Comment:
   Should it cover `VIEW_READ_PROPERTIES`?



##########
polaris-core/src/main/java/org/apache/polaris/core/entity/PolarisPrivilege.java:
##########
@@ -256,6 +256,16 @@ public enum PolarisPrivilege {
       PolarisEntityType.TABLE_LIKE,
       List.of(PolarisEntitySubType.ICEBERG_TABLE, 
PolarisEntitySubType.GENERIC_TABLE),
       PolarisEntityType.CATALOG_ROLE),
+  /**
+   * Grants read-only access to all data and navigational metadata within a 
specific catalog.
+   * Intended for data analyst principals who need to read tables and views 
across an entire catalog
+   * without any write or administrative capabilities.
+   *
+   * <p>This privilege subsumes: {@link #NAMESPACE_LIST}, {@link 
#NAMESPACE_READ_PROPERTIES}, {@link
+   * #TABLE_LIST}, {@link #TABLE_READ_PROPERTIES}, {@link #TABLE_READ_DATA}, 
{@link #VIEW_LIST}, and
+   * {@link #VIEW_READ_PROPERTIES}.
+   */
+  CATALOG_READ_DATA(103, PolarisEntityType.CATALOG),

Review Comment:
   Should it cover `VIEW_READ_PROPERTIES`?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to