Hi everyone,

We’d like to share a proposal to extend Iceberg's view capabilities to
support Secure Views for Dynamic Policy Enforcement.

This builds upon earlier discussion and proposal around Iceberg Spec
Extensions for Data Access Decision Exchange
<https://docs.google.com/document/d/14nmuxxfzQsYo59o0Fbpb-pxOlzS6bVtduL8P8pwKZ6U/edit?tab=t.0#heading=h.irh2zymohx17>,
with the goal of enabling fine-grained access control (FGAC) through view
redirection, rather than requiring engines to directly integrate with
policy stores or evaluators.

The core idea is simple: instead of returning a table in response to
loadTable, the catalog can return a secure view—dynamically constructed
based on the caller's access policies and context. This allows engines like
Trino or Spark to enforce row/column-level governance without policy
evaluation logic baked into the engine itself. Several organizations
already use similar techniques in production, such as LinkedIn (ViewShift
<https://trino.io/assets/blog/trino-summit-2024/trino-summit-2024-linkedin-policy.pdf>),
Amazon.

We’ve documented the E2E design details here [OSS] Secure Views for dynamic
policy enforcement
<https://docs.google.com/document/d/13roTQxVkaLSZq9iKL7v9ur9wR47K8QWQzjiArrP7vx4/edit?tab=t.0#heading=h.857wopjfxe7n>.
This outlines how the approach works without any IRC spec changes and
with close
to zero engine changes, Importantly, this now means cross engine FGAC by a
centrally managed IRC catalog, can work seamlessly even with an engine
version released years ago as long as they support IRC.


We have also outlined a phased support plan, including how this approach
can evolve alongside upcoming Iceberg features like UDFs.

Thanks to Kevin Liu and Roy Hasson from Microsoft, and Laurent and JB from
Dremio, for being co-conspirators in shaping this proposal and for their
invaluable feedback and support in making it a reality.

Please let us know your thoughts, questions, or concerns. Looking forward
to the discussion!


*cc Iceberg community, as this approach leverages iceberg views and expects
further enhancements via Iceberg Expressions expansion and Iceberg UDF's.*
Best,
Prashant Singh & Russell Spitzer

Reply via email to