Hi folks, I’d like to get feedback on a proposal to simplify the authorization API: https://github.com/apache/polaris/pull/4201. This PR removes AuthorizationTargetBinding and replaces it with a simpler model based on two lists: a target list and a secondary list.
This avoids enforcing a 1:1 mapping in the binding class (I might miss something regarding this enforcement, feel free to chime in), making it more flexible to support 1:1, 1:N or even N:M relationships. For example, supporting the attachment of one policy to multiple tables requires duplicating bindings, which are then flattened anyway. This design also aligns better with the existing RBAC semantics, where target securables are evaluated as one group and secondary securables as another, instead of enforcing pairwise mappings. Open question: We may not need N:M relationships. I couldn’t come up with a clear use case. Note: This interface was introduced recently and is not part of any release, so it can be removed without deprecation. Would love to hear feedback, especially on the intended semantics and real use cases. Yufei
