changefeedccl: impossible privilege requirements

[ajwerner]

Describe the problem

Changefeeds seem to require the SELECT privilege on user-defined types, but as of #53086, types cannot carry that privileges. Our testing today does not capture usages of users which are not root or do not own the type in question.

The privilege checking happens indiscriminately here:

cockroach/pkg/ccl/changefeedccl/changefeed_stmt.go

Lines 194 to 198 in 270601e

	for _, desc := range targetDescs {
	if err := p.CheckPrivilege(ctx, desc, privilege.SELECT); err != nil {
	return err
	}
	}

What's worse is that I believe we may also need the SELECT privilege on the database which only makes sense for very bad reasons

To Reproduce
As root:

create database test;
\c test
create type type_a as enum ('a');
create table table_a (id int, type type_a);
create user cf_user with controlchangefeed;
grant select on database test to cf_user;
grant select on table table_a to cf_user;

Then connect to test as cf_user and run:

experimental changefeed for table_a;

And get:

ERROR:  42501: user cf_user does not have SELECT privilege on type type_a
LOCATION:  CheckPrivilegeForUser, authorization.go:128

Which is a weird message since select isn't a valid privilege for a type:

grant select on type type_a to cf_user;
ERROR:  0LP01: invalid privilege type SELECT for type
LOCATION:  ValidatePrivileges, privilege.go:201

[ajwerner]

It appears from the postgres docs that we should not be requiring any privileges on a type to see its values. I suspect we're doing this incorrectly elsewhere but here it is egregious. We should just skip the privilege check for types.

Note that this privilege does not control all “usage” of the type, such as values of the type appearing in queries. It only prevents objects from being created that depend on the type.

https://www.postgresql.org/docs/13/ddl-priv.html