Skip to content

Commit

Permalink
sql: Add multi-role grant/revoke privilege stmt (#19171)
Browse files Browse the repository at this point in the history 
This commit adds the ability to specify multiple roles in a GRANT/REVOKE
privilege statement.

Resolves #18972
  • Loading branch information
@jkosh44
jkosh44 committed May 9, 2023
1 parent 677e418 commit 0e5efd4
Show file tree
Hide file tree
Showing 12 changed files with 418 additions and 156 deletions.
44 changes: 26 additions & 18 deletions doc/user/layouts/partials/sql-grammar/grant-privilege.svg
View file
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
114 changes: 61 additions & 53 deletions doc/user/layouts/partials/sql-grammar/revoke-privilege.svg
View file
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
4 changes: 2 additions & 2 deletions doc/user/sql-grammar/sql-grammar.bnf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -214,7 +214,7 @@ format_spec ::=
'TEXT' |
'BYTES'
grant_privilege ::=
'GRANT' privilege (',' privilege)* ON ('TABLE'? | 'TYPE' | 'SECRET' | 'CONNECTION' | 'DATABASE' | 'SCHEMA' | 'CLUSTER') object_name 'TO' 'GROUP'? role_name
'GRANT' privilege (',' privilege)* ON ('TABLE'? | 'TYPE' | 'SECRET' | 'CONNECTION' | 'DATABASE' | 'SCHEMA' | 'CLUSTER') object_name 'TO' 'GROUP'? role_name ( ',' role_name )*
grant_role ::=
'GRANT' role_name 'TO' 'GROUP'? member_name ( ',' member_name )*
key_strat ::=
Expand Down Expand Up @@ -288,7 +288,7 @@ privilege ::=
reset_session_variable ::=
'RESET' variable_name
revoke_privilege ::=
'REVOKE' privilege (',' privilege)* ON ('TABLE'? | 'TYPE' | 'SECRET' | 'CONNECTION' | 'DATABASE' | 'SCHEMA' | 'CLUSTER') object_name 'FROM' 'GROUP'? role_name
'REVOKE' privilege (',' privilege)* ON ('TABLE'? | 'TYPE' | 'SECRET' | 'CONNECTION' | 'DATABASE' | 'SCHEMA' | 'CLUSTER') object_name 'FROM' 'GROUP'? role_name ( ',' role_name )*
revoke_role ::=
'REVOKE' role_name 'FROM' 'GROUP'? member_name ( ',' member_name )*
rollback ::=
Expand Down
11 changes: 10 additions & 1 deletion src/adapter/src/catalog.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ use crate::config::{SynchronizedParameters, SystemParameterFrontend};
use crate::coord::{TargetCluster, DEFAULT_LOGICAL_COMPACTION_WINDOW};
use crate::session::{PreparedStatement, Session, DEFAULT_DATABASE_NAME};
use crate::util::{index_sql, ResultExt};
use crate::{rbac, AdapterError, DUMMY_AVAILABILITY_ZONE};
use crate::{rbac, AdapterError, ExecuteResponse, DUMMY_AVAILABILITY_ZONE};

use self::builtin::{BuiltinCluster, BuiltinSource};

Expand Down Expand Up @@ -6862,6 +6862,15 @@ pub enum UpdatePrivilegeVariant {
Revoke,
}

impl From<UpdatePrivilegeVariant> for ExecuteResponse {
fn from(variant: UpdatePrivilegeVariant) -> Self {
match variant {
UpdatePrivilegeVariant::Grant => ExecuteResponse::GrantedPrivilege,
UpdatePrivilegeVariant::Revoke => ExecuteResponse::RevokedPrivilege,
}
}
}

#[derive(Debug, Clone)]
pub enum Op {
AlterSink {
Expand Down

0 comments on commit 0e5efd4

Please sign in to comment.