Re: [I] Implement authorization in DataFusion [datafusion]
adriangb commented on issue #15192:
URL: https://github.com/apache/datafusion/issues/15192#issuecomment-2777223602
We do something along these lines. Not for security per-se so I'm not going
to vouch for it being secure but I think in principle it is:
```rust
fn register_filtered_view(
&self,
ctx: &SessionContext,
kind_field: Option<&str>,
table_name: &str,
provider: Arc,
) -> DataFusionResult<()> {
let mut df = ctx.read_table(provider)?;
df = apply_filters(ctx, df, &self.filters, table_name)?;
ctx.register_table(table_name, df.into_view())?;
Ok(())
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscr...@datafusion.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: github-unsubscr...@datafusion.apache.org
For additional commands, e-mail: github-h...@datafusion.apache.org
Re: [I] Implement authorization in DataFusion [datafusion]
shohamyamin commented on issue #15192: URL: https://github.com/apache/datafusion/issues/15192#issuecomment-2720394584 In catalog you can have only table level authorization(you have access to a table or not) but you cant have row level as it required to do some compute on the data(filter it for row level or masking the data for column mask .etc) the best case and there where things are going the catalog will return the authorization logic and the compute engine(need to be a trusted compute engine) will do the authorization logic based on the returned logic from the catalog. But still the engine will need to have a way to do the authorization logic. Here is a link to a proposal for Support for Row Filtering and Column Masking in REST Specification so the catalog will returned the row level and the column masking expression: https://docs.google.com/document/d/1NHr32sMwr8TH_dUJjQLcbEv8bAVbuJCn5pHqe1I_xIE/edit?tab=t.0 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: github-unsubscr...@datafusion.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: github-unsubscr...@datafusion.apache.org For additional commands, e-mail: github-h...@datafusion.apache.org
Re: [I] Implement authorization in DataFusion [datafusion]
jayzhan211 commented on issue #15192: URL: https://github.com/apache/datafusion/issues/15192#issuecomment-2719452814 Isn't authorization Catalog's role? What would it be like to have authorization logic in query engine? 🤔 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: github-unsubscr...@datafusion.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: github-unsubscr...@datafusion.apache.org For additional commands, e-mail: github-h...@datafusion.apache.org
