Hi Arslan,

I think, it depends on the complexity of data accesses to your data lakehouse.

In chango, there are many data access points like spark, trino gateway, chango data ingestion component, chango data import and export component, etc. to chango storage. When I have implemented RBAC for chango storage, I noticed that using rest catalog is better to control data access to iceberg tables in chango than using hive metastore, so I have replaced hive metastore with rest catalog in chango. And because chango uses trino gateway concept, in order to check the privileges of user's trino queries, I needed to parse incoming trino queries in trino gateway before routing them to the backends trino clusters.

These two points helped me to implement RBAC for my chango storage security.

- Kidong.