Access controls for attaching lakes #185
-
|
My goal is to attach separate lakes for separate teams, identified by some unique identifier. Multiple teams would be querying data, and I want to make sure they can't query each other's data. For example, Is there an alternative or is something like this planned? warehouse_connection_string = "ducklake:postgres:host={host} port={port} dbname={dbname} user={dbuser}".format(
host=settings.METADATA_DATABASE_HOST,
port=settings.METADATA_DATABASE_PORT,
dbname=settings.METADATA_DATABASE_NAME,
dbuser=settings.METADATA_DATABASE_USER,
)
duck.sql(f"""
ATTACH IF NOT EXISTS '{warehouse_connection_string}'
AS lake (DATA_PATH 's3://{settings.AWS_S3_WAREHOUSE_BUCKET_NAME}/team/{self.team_id}');
USE lake;
""")One idea would be to add columns to the schema DuckLake creates in the catalog such that separate lakes can be attached and operated on in object storage, for example. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
I suspect you're looking for this for the "different schema names" option: #112 (comment) my understanding is you'd implement security boundaries at the Postgres level, using different users and authentication that have access to different database/schemas as needed |
Beta Was this translation helpful? Give feedback.
I suspect you're looking for this for the "different schema names" option: #112 (comment)
my understanding is you'd implement security boundaries at the Postgres level, using different users and authentication that have access to different database/schemas as needed