SteNicholas opened a new issue, #5430: URL: https://github.com/apache/kyuubi/issues/5430
### Code of Conduct - [X] I agree to follow this project's [Code of Conduct](https://www.apache.org/foundation/policies/conduct) ### Search before creating - [X] I have searched in the [task list](https://github.com/orgs/apache/projects/296) and found no similar tasks. ### Mentor - [X] I have sufficient knowledge and experience of this task, and I volunteer to be the mentor of this task to guide contributors to complete the task. ### Skill requirements - Familiarize the Authz plugin, Ranger and Paimon Spark plugin - Familiarize the Authz testing ### Background and Goals Paimon provides a series of system procedures for lifecycle management, which are essential for the lakehouse's administrator and users. And multiple plans may be executed in single procedure. Now the Authz plugin supports checking privileges for DMLs and DDLs on Iceberg tables, but system procedures are not in the range. It leaves a permission leaking to the Iceberg table management. This task is targeted to ensure privilege checking on the Spark system procedures of Paimon, including: - [ ] Snapshot management - rollback - [ ] Tag management - create_tag - delete_tag ### Implementation steps - Create e-2-e tests for Iceberg in Authz tests for each procedures - Prepare and provide proper test cases for positive and negative conditions in each procedure - Solve the unsupported logical plans of the procedures, which may have multiple plans in single procedure ### Additional context _No response_ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
