flyrain commented on issue #4573: URL: https://github.com/apache/polaris/issues/4573#issuecomment-4636336909
The proposed behavior makes sense. Returning a list of catalogs only a caller can access feels more aligned with least privilege and with how most users would expect catalog discovery to work. Implementation wise, it doesn't seem particularly difficult either. The existing admin behavior could remain unchanged, while non admin callers receive a filtered list based on catalog level authorization checks similar to those already performed by getCatalog(). To me, the bigger question is agreeing on the API semantics rather than the implementation itself. I'm supportive on the change. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
