Thanks for the shoutout although I believe my contribution has been quite modest as consisting mostly of providing some initial feedback, and I don't think I had a key part in the overall design. But I'm also excited by the recent interest surrounding FGAC with Robert's proposal[1] and this proposal, which I personally see as complementary, and will keep contributing to both.
Laurent [1] https://lists.apache.org/thread/nfw1t0glfdfj1hwmzzzzwwyrfnq44yr5 On Wed, Jun 25, 2025 at 11:06 AM Prashant Singh <prashant010...@gmail.com> wrote: > Hi everyone, > > We’d like to share a proposal to extend Iceberg's view capabilities to > support Secure Views for Dynamic Policy Enforcement. > > This builds upon earlier discussion and proposal around Iceberg Spec > Extensions for Data Access Decision Exchange > <https://docs.google.com/document/d/14nmuxxfzQsYo59o0Fbpb-pxOlzS6bVtduL8P8pwKZ6U/edit?tab=t.0#heading=h.irh2zymohx17>, > with the goal of enabling fine-grained access control (FGAC) through view > redirection, rather than requiring engines to directly integrate with > policy stores or evaluators. > > The core idea is simple: instead of returning a table in response to > loadTable, the catalog can return a secure view—dynamically constructed > based on the caller's access policies and context. This allows engines like > Trino or Spark to enforce row/column-level governance without policy > evaluation logic baked into the engine itself. Several organizations > already use similar techniques in production, such as LinkedIn (ViewShift > <https://trino.io/assets/blog/trino-summit-2024/trino-summit-2024-linkedin-policy.pdf>), > Amazon. > > We’ve documented the E2E design details here [OSS] Secure Views for > dynamic policy enforcement > <https://docs.google.com/document/d/13roTQxVkaLSZq9iKL7v9ur9wR47K8QWQzjiArrP7vx4/edit?tab=t.0#heading=h.857wopjfxe7n>. > This outlines how the approach works without any IRC spec changes and > with close to zero engine changes, Importantly, this now means cross > engine FGAC by a centrally managed IRC catalog, can work seamlessly even > with an engine version released years ago as long as they support IRC. > > > We have also outlined a phased support plan, including how this approach > can evolve alongside upcoming Iceberg features like UDFs. > > Thanks to Kevin Liu and Roy Hasson from Microsoft, and Laurent and JB > from Dremio, for being co-conspirators in shaping this proposal and for > their invaluable feedback and support in making it a reality. > > Please let us know your thoughts, questions, or concerns. Looking forward > to the discussion! > > > *cc Iceberg community, as this approach leverages iceberg views and > expects further enhancements via Iceberg Expressions expansion and Iceberg > UDF's.* > Best, > Prashant Singh & Russell Spitzer >
