venkateshwaracholan commented on issue #4573: URL: https://github.com/apache/polaris/issues/4573#issuecomment-4577968066
I checked the current implementation on main. listCatalogs() is authorized via LIST_CATALOGS, which maps to the root-level CATALOG_LIST privilege. The same authorization requirement is reflected in PolarisAdminServiceAuthzTest.testListCatalogsPrivileges and in the CLI docs. That said, I can see the usability issue described here. A user may be able to access a catalog directly via getCatalog() and perform operations within that catalog, but still be unable to call listCatalogs() because they don't have the root-level privilege. Would it make sense for listCatalogs() to return only the catalogs a caller can already access, while preserving the current behavior for users that have CATALOG_LIST? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
