Thanks all,
I've started a new thread about the detailed proposal for the endpoint
here: https://lists.apache.org/thread/2jx33fn7lq37oxxm7sd6rjy0dnvbm4t6
Robert
On Tue, Jul 22, 2025 at 6:49 PM Ryan Blue wrote:
>
> I'm not sure that we need more time to review and comment since this is
> simila
I'm not sure that we need more time to review and comment since this is
similar to what we've been discussing for a while now. I'd recommend
getting started on a detailed proposal with REST spec changes, like what
Christian did for the events endpoint.
On Mon, Jul 21, 2025 at 10:06 PM Jean-Baptist
Hi
DISCLAIMER: I did a review/pass on the proposal before it reached the
dev@ mailing list.
After working with Prashant, Russell, Laurent on the "secured view"
FGAC proposal, I think this proposal is a good alternative. We can
start with "simple" boolean, up to a more complex dialect support. The
+1, I agree here too, having iceberg expressions for row-filters and
transforms for projections aka column masks seems the right way to go,
especially how portable and dialect agnostic they are ! As said above, we
can always model complex mask / row filters that require JOINs etc as
catalog UDF an
I agree with Russell. The proposal doesn't look too controversial given
previous discussions on how to support FGAC managed by the catalog. I also
agree that a more detailed proposal should use Iceberg expressions and
transforms for the row-level filters and column mask expressions, and
catalog-man
I think this is a really interesting approach as we've talked about in a few
community
syncs as well as in some other chats. If I understand the proposal correctly,
we are
essentially formalizing a way to return the FGAC "protection expressions" from
the catalog
to a trusted engine for executio
Hi all,
We, the authors of the proposal [1], have been thinking about support
for fine grained access control for quite some time and would like to
propose both row-level access control and column-level transformation
(“masking”) to the Iceberg REST catalog in an interoperable way.
The three
