sririshindra commented on PR #4023: URL: https://github.com/apache/polaris/pull/4023#issuecomment-4089010698
> This should definitely go behind a feature flag since there's currently no way to limit what a user can put in `polaris.storage.name` property. > > I hate to be adding to the feature flag proliferation in polaris, but maybe there should be a way to configure at what level override is allowed to happen. I can see an admin wanting to allow override on namespace level, but not on table level since `create table` permissions are generally more liberally granted than `create namespace` ones. A more proper fix is to integrate `polaris.storage.name` property in the authorization step, but I'm not sure that's practical for internal rbac. Thanks for the review, @tokoko! I'll go ahead and put this behind a feature flag. I intentionally kept authorization out of scope for this phase, but we can definitely address integrating `polaris.storage.name` into the authz step (and adding level-based configuration) in a follow-up PR. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
