Skip to content

Enable getRowFilter to be column aware #26582

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

Enable getRowFilter to be column aware #26582

wants to merge 1 commit into from

Conversation

huw0
Copy link
Member

@huw0 huw0 commented Sep 8, 2025
edited
Loading

Description

Summary

Enable getRowFilter to be column aware.

Detail

Presently the access control interfaces provide getRowFilter with the security context, catalog name and schema name.

This works well when adding the row filter based on a restricted list of rules (FileBasedAccessControl) or where the metadata is known elsewhere (OPA or Ranger).

However this does not allow for filters to be dynamically added based on the columns.

For example - whenever a table has a security_group column, add a filter to enable row-level security against the user's current groups.

To enable this use case, this PR modifies the getRowFilter so that the List<ColumnSchema> is also passed in as a parameter, matching getColumnMasks.

Implementation Notes

  • Backwards Compatibility - everything in trino-main calls the new method. However the old method is deprecated but called by the default implementation of the new method within the interfaces. Hopefully this preserves backwards compatibility?
  • Testing - where is best to add coverage of this functionality?
  • FileBasedAccessControl - I propose a follow on PR to make use of this functionality within FileBasedAccessControl and associated documentation.

Additional context and related issues

#1480 - original implementation of row filtering
#21046 - a question around this functionality

Release notes

( ) This is not user-visible or is docs only, and no release notes are required.
( ) Release notes are required. Please propose a release note for me.
(x) Release notes are required, with the following suggested text:

## SPI
* Enable row filtering to be column aware ({issue}`issuenumber`)

@cla-bot cla-bot bot added the cla-signed label Sep 8, 2025
@github-actions github-actions bot added the hive Hive connector label Sep 8, 2025
@huw0 huw0 changed the title Passthrough table columns to getRowFilter Enable getRowFilter to be column aware. Sep 8, 2025
@huw0 huw0 changed the title Enable getRowFilter to be column aware. Enable getRowFilter to be column aware Sep 8, 2025
@huw0 huw0 force-pushed the getrowfilter-support-columns branch 2 times, most recently from 3af4649 to b8133c2 Compare September 8, 2025 18:25
@huw0 huw0 removed the hive Hive connector label Sep 8, 2025
@huw0 huw0 force-pushed the getrowfilter-support-columns branch from b8133c2 to 057642d Compare September 8, 2025 18:32
@github-actions github-actions bot added the hive Hive connector label Sep 8, 2025
@huw0 huw0 force-pushed the getrowfilter-support-columns branch 5 times, most recently from 132e23c to 6548b58 Compare September 8, 2025 20:37
@huw0 huw0 force-pushed the getrowfilter-support-columns branch from 6548b58 to ae44025 Compare September 8, 2025 21:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
cla-signed hive Hive connector
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@huw0