Hey Pucheng, Both the proposals worked fundamentally on the same principle : i.e access decision exchange instead of policies between catalog and engine, which the community has discussed / debated a lot in the past. We along with the community and authors of REST Fine Grained Access Control proposal are working *together* to clearly spec this is out as IRC : SPEC PR - https://github.com/apache/iceberg/pull/13879
Nevertheless you should still have access to the Secure View proposal via this link ( [OSS] Secure Views for dynamic policy enforcement <https://docs.google.com/document/d/1AJicez7xPhzwKXenGZ19h0hngxrwAg3rSajDV1v0x-s/edit?tab=t.0#heading=h.857wopjfxe7n>) which was shared later in the thread if you wanna check it out. Best, Prashant Singh On Fri, Nov 14, 2025 at 3:01 AM Pucheng Yang <[email protected]> wrote: > Hi all, thank you for the work. I wonder if this is still an active work > since the design doc permission seems to be revoked. If yes, what's the > relationship between this proposal and the "Iceberg REST Fine Grained > Access Control proposal" proposal? Thanks! > > On Wed, Jun 25, 2025 at 10:29 PM Laurent Goujon <[email protected]> > wrote: > >> Thanks for the shoutout although I believe my contribution has been quite >> modest as consisting mostly of providing some initial feedback, and I >> don't >> think I had a key part in the overall design. >> But I'm also excited by the recent interest surrounding FGAC with Robert's >> proposal[1] and this proposal, which I personally see as complementary, >> and >> will keep contributing to both. >> >> Laurent >> >> [1] https://lists.apache.org/thread/nfw1t0glfdfj1hwmzzzzwwyrfnq44yr5 >> >> >> On Wed, Jun 25, 2025 at 11:06 AM Prashant Singh <[email protected] >> > >> wrote: >> >> > Hi everyone, >> > >> > We’d like to share a proposal to extend Iceberg's view capabilities to >> > support Secure Views for Dynamic Policy Enforcement. >> > >> > This builds upon earlier discussion and proposal around Iceberg Spec >> > Extensions for Data Access Decision Exchange >> > < >> https://docs.google.com/document/d/14nmuxxfzQsYo59o0Fbpb-pxOlzS6bVtduL8P8pwKZ6U/edit?tab=t.0#heading=h.irh2zymohx17 >> >, >> > with the goal of enabling fine-grained access control (FGAC) through >> view >> > redirection, rather than requiring engines to directly integrate with >> > policy stores or evaluators. >> > >> > The core idea is simple: instead of returning a table in response to >> > loadTable, the catalog can return a secure view—dynamically constructed >> > based on the caller's access policies and context. This allows engines >> like >> > Trino or Spark to enforce row/column-level governance without policy >> > evaluation logic baked into the engine itself. Several organizations >> > already use similar techniques in production, such as LinkedIn >> (ViewShift >> > < >> https://trino.io/assets/blog/trino-summit-2024/trino-summit-2024-linkedin-policy.pdf >> >), >> > Amazon. >> > >> > We’ve documented the E2E design details here [OSS] Secure Views for >> > dynamic policy enforcement >> > < >> https://docs.google.com/document/d/13roTQxVkaLSZq9iKL7v9ur9wR47K8QWQzjiArrP7vx4/edit?tab=t.0#heading=h.857wopjfxe7n >> >. >> > This outlines how the approach works without any IRC spec changes and >> > with close to zero engine changes, Importantly, this now means cross >> > engine FGAC by a centrally managed IRC catalog, can work seamlessly even >> > with an engine version released years ago as long as they support IRC. >> > >> > >> > We have also outlined a phased support plan, including how this approach >> > can evolve alongside upcoming Iceberg features like UDFs. >> > >> > Thanks to Kevin Liu and Roy Hasson from Microsoft, and Laurent and JB >> > from Dremio, for being co-conspirators in shaping this proposal and for >> > their invaluable feedback and support in making it a reality. >> > >> > Please let us know your thoughts, questions, or concerns. Looking >> forward >> > to the discussion! >> > >> > >> > *cc Iceberg community, as this approach leverages iceberg views and >> > expects further enhancements via Iceberg Expressions expansion and >> Iceberg >> > UDF's.* >> > Best, >> > Prashant Singh & Russell Spitzer >> > >> >
