Add table manage structure

Author: travis-bowen

polaris-core/src/main/java/org/apache/polaris/core/auth/PolarisAuthorizerImpl.java

@@ -96,6 +96,7 @@
 import static org.apache.polaris.core.entity.PolarisPrivilege.TABLE_LIST;
 import static org.apache.polaris.core.entity.PolarisPrivilege.TABLE_LIST_GRANTS;
 import static org.apache.polaris.core.entity.PolarisPrivilege.TABLE_MANAGE_GRANTS_ON_SECURABLE;
+import static org.apache.polaris.core.entity.PolarisPrivilege.TABLE_MANAGE_STRUCTURE;
 import static org.apache.polaris.core.entity.PolarisPrivilege.TABLE_READ_DATA;
 import static org.apache.polaris.core.entity.PolarisPrivilege.TABLE_READ_PROPERTIES;
 import static org.apache.polaris.core.entity.PolarisPrivilege.TABLE_REMOVE_PARTITION_SPECS;
@@ -273,6 +274,7 @@ public class PolarisAuthorizerImpl implements PolarisAuthorizer {
             TABLE_FULL_METADATA,
             TABLE_WRITE_DATA,
             TABLE_WRITE_PROPERTIES,
+            TABLE_MANAGE_STRUCTURE,
             TABLE_ASSIGN_UUID));
     SUPER_PRIVILEGES.putAll(
         TABLE_UPGRADE_FORMAT_VERSION,
@@ -282,6 +284,7 @@ public class PolarisAuthorizerImpl implements PolarisAuthorizer {
             TABLE_FULL_METADATA,
             TABLE_WRITE_DATA,
             TABLE_WRITE_PROPERTIES,
+            TABLE_MANAGE_STRUCTURE,
             TABLE_UPGRADE_FORMAT_VERSION));
     SUPER_PRIVILEGES.putAll(
         TABLE_ADD_SCHEMA,
@@ -291,6 +294,7 @@ public class PolarisAuthorizerImpl implements PolarisAuthorizer {
             TABLE_FULL_METADATA,
             TABLE_WRITE_DATA,
             TABLE_WRITE_PROPERTIES,
+            TABLE_MANAGE_STRUCTURE,
             TABLE_ADD_SCHEMA));
     SUPER_PRIVILEGES.putAll(
         TABLE_SET_CURRENT_SCHEMA,
@@ -300,6 +304,7 @@ public class PolarisAuthorizerImpl implements PolarisAuthorizer {
             TABLE_FULL_METADATA,
             TABLE_WRITE_DATA,
             TABLE_WRITE_PROPERTIES,
+            TABLE_MANAGE_STRUCTURE,
             TABLE_SET_CURRENT_SCHEMA));
     SUPER_PRIVILEGES.putAll(
         TABLE_ADD_PARTITION_SPEC,
@@ -309,6 +314,7 @@ public class PolarisAuthorizerImpl implements PolarisAuthorizer {
             TABLE_FULL_METADATA,
             TABLE_WRITE_DATA,
             TABLE_WRITE_PROPERTIES,
+            TABLE_MANAGE_STRUCTURE,
             TABLE_ADD_PARTITION_SPEC));
     SUPER_PRIVILEGES.putAll(
         TABLE_ADD_SORT_ORDER,
@@ -318,6 +324,7 @@ public class PolarisAuthorizerImpl implements PolarisAuthorizer {
             TABLE_FULL_METADATA,
             TABLE_WRITE_DATA,
             TABLE_WRITE_PROPERTIES,
+            TABLE_MANAGE_STRUCTURE,
             TABLE_ADD_SORT_ORDER));
     SUPER_PRIVILEGES.putAll(
         TABLE_SET_DEFAULT_SORT_ORDER,
@@ -327,6 +334,7 @@ public class PolarisAuthorizerImpl implements PolarisAuthorizer {
             TABLE_FULL_METADATA,
             TABLE_WRITE_DATA,
             TABLE_WRITE_PROPERTIES,
+            TABLE_MANAGE_STRUCTURE,
             TABLE_SET_DEFAULT_SORT_ORDER));
     SUPER_PRIVILEGES.putAll(
         TABLE_ADD_SNAPSHOT,
@@ -354,6 +362,7 @@ public class PolarisAuthorizerImpl implements PolarisAuthorizer {
             TABLE_FULL_METADATA,
             TABLE_WRITE_DATA,
             TABLE_WRITE_PROPERTIES,
+            TABLE_MANAGE_STRUCTURE,
             TABLE_REMOVE_SNAPSHOTS));
     SUPER_PRIVILEGES.putAll(
         TABLE_REMOVE_SNAPSHOT_REF,
@@ -363,6 +372,7 @@ public class PolarisAuthorizerImpl implements PolarisAuthorizer {
             TABLE_FULL_METADATA,
             TABLE_WRITE_DATA,
             TABLE_WRITE_PROPERTIES,
+            TABLE_MANAGE_STRUCTURE,
             TABLE_REMOVE_SNAPSHOT_REF));
     SUPER_PRIVILEGES.putAll(
         TABLE_SET_LOCATION,
@@ -372,6 +382,7 @@ public class PolarisAuthorizerImpl implements PolarisAuthorizer {
             TABLE_FULL_METADATA,
             TABLE_WRITE_DATA,
             TABLE_WRITE_PROPERTIES,
+            TABLE_MANAGE_STRUCTURE,
             TABLE_SET_LOCATION));
     SUPER_PRIVILEGES.putAll(
         TABLE_SET_PROPERTIES,
@@ -381,6 +392,7 @@ public class PolarisAuthorizerImpl implements PolarisAuthorizer {
             TABLE_FULL_METADATA,
             TABLE_WRITE_DATA,
             TABLE_WRITE_PROPERTIES,
+            TABLE_MANAGE_STRUCTURE,
             TABLE_SET_PROPERTIES));
     SUPER_PRIVILEGES.putAll(
         TABLE_REMOVE_PROPERTIES,
@@ -390,6 +402,7 @@ public class PolarisAuthorizerImpl implements PolarisAuthorizer {
             TABLE_FULL_METADATA,
             TABLE_WRITE_DATA,
             TABLE_WRITE_PROPERTIES,
+            TABLE_MANAGE_STRUCTURE,
             TABLE_REMOVE_PROPERTIES));
     SUPER_PRIVILEGES.putAll(
         TABLE_SET_STATISTICS,
@@ -399,6 +412,7 @@ public class PolarisAuthorizerImpl implements PolarisAuthorizer {
             TABLE_FULL_METADATA,
             TABLE_WRITE_DATA,
             TABLE_WRITE_PROPERTIES,
+            TABLE_MANAGE_STRUCTURE,
             TABLE_SET_STATISTICS));
     SUPER_PRIVILEGES.putAll(
         TABLE_REMOVE_STATISTICS,
@@ -408,6 +422,7 @@ public class PolarisAuthorizerImpl implements PolarisAuthorizer {
             TABLE_FULL_METADATA,
             TABLE_WRITE_DATA,
             TABLE_WRITE_PROPERTIES,
+            TABLE_MANAGE_STRUCTURE,
             TABLE_REMOVE_STATISTICS));
     SUPER_PRIVILEGES.putAll(
         TABLE_REMOVE_PARTITION_SPECS,
@@ -417,7 +432,17 @@ public class PolarisAuthorizerImpl implements PolarisAuthorizer {
             TABLE_FULL_METADATA,
             TABLE_WRITE_DATA,
             TABLE_WRITE_PROPERTIES,
+            TABLE_MANAGE_STRUCTURE,
             TABLE_REMOVE_PARTITION_SPECS));
+    SUPER_PRIVILEGES.putAll(
+        TABLE_MANAGE_STRUCTURE,
+        List.of(
+            CATALOG_MANAGE_CONTENT,
+            CATALOG_MANAGE_METADATA,
+            TABLE_FULL_METADATA,
+            TABLE_WRITE_DATA,
+            TABLE_WRITE_PROPERTIES,
+            TABLE_MANAGE_STRUCTURE));
     SUPER_PRIVILEGES.putAll(
         VIEW_WRITE_PROPERTIES,
         List.of(

polaris-core/src/main/java/org/apache/polaris/core/entity/PolarisPrivilege.java

@@ -240,6 +240,11 @@ public enum PolarisPrivilege {
       PolarisEntityType.TABLE_LIKE,
       List.of(PolarisEntitySubType.ICEBERG_TABLE, PolarisEntitySubType.GENERIC_TABLE),
       PolarisEntityType.CATALOG_ROLE),
+  TABLE_MANAGE_STRUCTURE(
+      102,
+      PolarisEntityType.TABLE_LIKE,
+      List.of(PolarisEntitySubType.ICEBERG_TABLE, PolarisEntitySubType.GENERIC_TABLE),
+      PolarisEntityType.CATALOG_ROLE),
   ;
 
   /**

runtime/service/src/test/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogHandlerFineGrainedAuthzTest.java

@@ -208,6 +208,62 @@ public void testUpdateTableWithFineGrainedPrivileges_MultipleUpdatesInsufficient
         () -> newWrapper().updateTable(TABLE_NS1A_2, request));
   }
 
+  @Test
+  public void testUpdateTableWithFineGrainedPrivileges_TableManageStructureSuperPrivilege() {
+    // Test that TABLE_MANAGE_STRUCTURE works as a super privilege for structural operations
+    // (but NOT for snapshot operations like TABLE_ADD_SNAPSHOT)
+
+    // Test structural operations that should work with TABLE_MANAGE_STRUCTURE
+    UpdateTableRequest structuralRequest =
+        UpdateTableRequest.create(
+            TABLE_NS1A_2,
+            List.of(), // no requirements
+            List.of(
+                new MetadataUpdate.AssignUUID(UUID.randomUUID().toString()),
+                new MetadataUpdate.UpgradeFormatVersion(2),
+                new MetadataUpdate.SetProperties(Map.of("test.property", "test.value")),
+                new MetadataUpdate.RemoveProperties(Set.of("property.to.remove"))));
+
+    doTestSufficientPrivileges(
+        List.of(
+            PolarisPrivilege.TABLE_MANAGE_STRUCTURE, // Should work for all structural operations
+            PolarisPrivilege.TABLE_WRITE_PROPERTIES, // Should also work with broader privilege
+            PolarisPrivilege.TABLE_FULL_METADATA,
+            PolarisPrivilege.CATALOG_MANAGE_CONTENT),
+        () -> newWrapper().updateTable(TABLE_NS1A_2, structuralRequest),
+        null /* cleanupAction */);
+  }
+
+  @Test
+  public void
+      testUpdateTableWithFineGrainedPrivileges_TableManageStructureDoesNotIncludeSnapshots() {
+    // Verify that TABLE_MANAGE_STRUCTURE does NOT grant access to snapshot operations
+    // This test verifies that TABLE_ADD_SNAPSHOT and TABLE_SET_SNAPSHOT_REF were correctly
+    // excluded from the TABLE_MANAGE_STRUCTURE super privilege mapping
+
+    // Test that TABLE_MANAGE_STRUCTURE works for non-snapshot structural operations
+    UpdateTableRequest nonSnapshotRequest =
+        UpdateTableRequest.create(
+            TABLE_NS1A_2,
+            List.of(), // no requirements
+            List.of(
+                new MetadataUpdate.AssignUUID(UUID.randomUUID().toString()),
+                new MetadataUpdate.SetProperties(Map.of("structure.test", "value"))));
+
+    doTestSufficientPrivileges(
+        List.of(PolarisPrivilege.TABLE_MANAGE_STRUCTURE),
+        () -> newWrapper().updateTable(TABLE_NS1A_2, nonSnapshotRequest),
+        null /* cleanupAction */);
+
+    // Test that TABLE_MANAGE_STRUCTURE is insufficient for operations that require
+    // different privilege categories (like read operations)
+    doTestInsufficientPrivileges(
+        List.of(PolarisPrivilege.TABLE_MANAGE_STRUCTURE),
+        () ->
+            newWrapper()
+                .loadTable(TABLE_NS1A_2, "all")); // Load table requires different privileges
+  }
+
   /**
    * Override the "feature disabled" test from the parent class since it's not applicable when the
    * fine-grained authorization feature is enabled in this test class.

spec/polaris-management-service.yml

@@ -1569,6 +1569,7 @@ components:
         - TABLE_SET_STATISTICS
         - TABLE_REMOVE_STATISTICS
         - TABLE_REMOVE_PARTITION_SPECS
+        - TABLE_MANAGE_STRUCTURE
 
     AddGrantRequest:
       type: object