[FLINK-38848] [table] Supports to pass the required privilege when catalog manager gets the table #27389
+98
−7
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jerqi
changed the title
jerqi
changed the title
jerqi
changed the title
Collaborator
jerqi
force-pushed
the
FLINK-38848
branch
3 times, most recently
from
036e08f to
f85b2e8
Compare
jerqi
changed the title
davidradl
reviewed
Jan 7, 2026
| resolveCatalogBaseTable(temporaryTable); | ||
| return Optional.of(ContextResolvedTable.temporary(objectIdentifier, resolvedTable)); | ||
| } else { | ||
| return getPermanentTable(objectIdentifier, null); |
Contributor
There was a problem hiding this comment.
I think this is an exciting addition, I think it is big enough to warrant a Flip.
Author
There was a problem hiding this comment.
This pull request includes all the required code. It doesn't have many changes. FLIP may need many code changes in my opinion.
If you think that we should start a discussion thread in the dev mail list, I can start the discussion in the dev mail list.
Contributor
There was a problem hiding this comment.
@jerqi Thankyou I suggest starting a discussion on the dev list to see if it warrants a Flip.
github-actions
bot
added
the
community-reviewed
…nager loads the table
Author
|
@flinkbot run azure |
Author
|
@twalthr Could u help me review this pull request? |
davidradl
reviewed
Jan 9, 2026
| tableEnvironment.getParser().parseIdentifier(tablePath); | ||
| ObjectIdentifier objectIdentifier = | ||
| tableEnvironment.getCatalogManager().qualifyIdentifier(unresolvedIdentifier); | ||
| Set<TableWritePrivilege> privileges = Sets.newHashSet(TableWritePrivilege.INSERT); |
Contributor
There was a problem hiding this comment.
this needs to have junit tests added to drive the new code paths
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What is the purpose of the change
For custom catalogs that have access control, read and write permissions can be different. However, currently Flink always call Catalog#getTable to look up the table, no matter it's for read or write.
This PR adds a variant of getTable that indicates the required write privileges. All the write commands will call this new method to look up tables instead. This new method has a default implementation that just calls getTable, so there is no breaking change.
Apache Spark also has similar interfaces. It helps catalog to implementation access control feature better.
More details, you can see apache/spark#47772
Brief change log
I added interfaces getTable with required privileges for
CatalogManagerandCatalog.I added TableWritePrivileges, include insert, update, delete.
I passed the write privileges in the
TableImpl.javaandSqlNodeToOperationConversion.java.Verifying this change
Run the existing tests to verify that this change won't break compatibility.
I also run the
flink-sql-clientto verify the sqlinsert,update,deleteusing a custom catalog service (Apache Gravitino). It takes effect.Does this pull request potentially affect one of the following parts:
@Public(Evolving): Yes, I added the enumTableWritePrivilegesand modified someCataloginterfaces. They are compatible changes.Documentation