Allow system tables to do system level access control #24726

lukasz-stec · 2025-01-16T14:12:41Z

Description

This is an initial proposal to add an option to do access control checks during system table reads.
The goal here is to open this for discussion with some concrete option on a table.

Additional context and related issues

This is related to an effort to add an iceberg system table that lists only iceberg tables (#24469).
A system table like that has to filter the table list using the AccessControl#filterTables method but up until now, AccessControl was not available for system tables.

Release notes

( ) This is not user-visible or is docs only, and no release notes are required.
( ) Release notes are required. Please propose a release note for me.
( ) Release notes are required, with the following suggested text:

## Section
* Fix some things. ({issue}`issuenumber`)

Add system level Identity to ConnectorSession

3696eed

cla-bot bot added the cla-signed label Jan 16, 2025

lukasz-stec requested review from electrum, martint, raunaqmorarka, ebyhr and mosabua January 16, 2025 14:15

Allow system tables to do system level access control

0f82a5c

lukasz-stec force-pushed the ls/2501/03-system-table-access-control branch from 427247a to 0f82a5c Compare January 16, 2025 15:21

mosabua requested a review from dain January 16, 2025 17:47

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Allow system tables to do system level access control #24726

Allow system tables to do system level access control #24726

lukasz-stec commented Jan 16, 2025 •

edited

Loading

Allow system tables to do system level access control #24726

Are you sure you want to change the base?

Allow system tables to do system level access control #24726

Conversation

lukasz-stec commented Jan 16, 2025 • edited Loading

Description

Additional context and related issues

Release notes

lukasz-stec commented Jan 16, 2025 •

edited

Loading