Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sql: crdb_internal.leases should be placed behind VIEWCLUSTERMETADATA #119440

Closed
fqazi opened this issue Feb 21, 2024 · 0 comments · Fixed by #120014
Closed

sql: crdb_internal.leases should be placed behind VIEWCLUSTERMETADATA #119440

fqazi opened this issue Feb 21, 2024 · 0 comments · Fixed by #120014
Assignees
@fqazi
Labels
C-bug Code not up to spec/doc, specs & docs deemed correct. Solution expected to change code/behavior. T-sql-foundations SQL Foundations Team (formerly SQL Schema + SQL Sessions)
Projects
SQL Foundations

Comments

@fqazi
Copy link
Collaborator

fqazi commented Feb 21, 2024
edited by cockroach-jira-scripts

Previously, the internal table crdb_internal.leases was accessible by all users. This was unnecessary, as the table can potentially incur heavy overhead due to its intensive locking requirements. Limiting user access to the VIEWCLUSTERMETADATA permission is a more sensible approach, and would have also helped to mitigate
#119253

Jira issue: CRDB-36196
@fqazi fqazi added C-bug Code not up to spec/doc, specs & docs deemed correct. Solution expected to change code/behavior. T-sql-foundations SQL Foundations Team (formerly SQL Schema + SQL Sessions) labels Feb 21, 2024
@fqazi fqazi self-assigned this Feb 21, 2024
@blathers-crl blathers-crl bot added this to Triage in SQL Foundations Feb 21, 2024
@fqazi fqazi mentioned this issue Mar 6, 2024
Merged
craig bot pushed a commit that referenced this issue Mar 11, 2024
@fqazi
Merge #120006 #120014
67ba65c 
120006: sqlinstance: ensure that session expiration is up to date r=fqazi a=fqazi

Previously, during some tests, sessions could expire while retrying transactions within the sqlinstance code for row generation. This resulted in intermittent failures in TestColdStartLatency, preventing transactions from writing due to stale deadlines. To address this, this patch now passes full sqlliveness.Session objects to ensure up-to-date expiry times.

Fixes: #119631

Release note: None

120014: sql: crdb_internal.leases should be placed behind VIEWCLUSTERMETADATA r=fqazi a=fqazi

Previously, all users could access the internal table crdb_internal.leases. This was unnecessary, as the table's intensive locking requirements can potentially cause heavy overhead. Limiting user access to the VIEWCLUSTERMETADATA privilege is a more sensible approach. This patch will place crdb_internal.leases behind the VIEWCLUSTERMETADATA privilege, which would also help mitigate previous issues (#119253).

Fixes: #119440
Release note (sql change): crdb_internal.leases is now behind the VIEWCLUSTERMETADATA privilege.

Co-authored-by: Faizan Qazi <faizan@cockroachlabs.com>
@craig craig bot closed this as completed in b9f5c2c Mar 12, 2024
SQL Foundations automation moved this from Triage to Done Mar 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fqazi fqazi

Labels
C-bug Code not up to spec/doc, specs & docs deemed correct. Solution expected to change code/behavior. T-sql-foundations SQL Foundations Team (formerly SQL Schema + SQL Sessions)
Projects
SQL Foundations
  
Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

sql: crdb_internal.leases should be placed behind VIEWCLUSTERMETADATA fqazi/cockroach
1 participant
@fqazi