tokoko commented on PR #4023: URL: https://github.com/apache/polaris/pull/4023#issuecomment-4087812921
This should definitely go behind a feature flag since there's currently no way to limit what a user can put in `polaris.storage.name` property. I hate to be adding to the feature flag proliferation in polaris, but maybe there should be a way to configure at what level override is allowed to happen. I can see an admin wanting to allow override on namespace level, but not on table level since `create table` permissions are generally more liberally granted than `create namespace` ones. A more proper fix is to integrate `polaris.storage.name` property in the authorization step, but I'm not sure that's practical for internal rbac. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
