changefeedccl: impossible privilege requirements #61006
Labels
A-cdc
Change Data Capture
C-bug
Code not up to spec/doc, specs & docs deemed correct. Solution expected to change code/behavior.
O-community
Originated from the community
T-cdc
Projects
Describe the problem
Changefeeds seem to require the
SELECT
privilege on user-defined types, but as of #53086, types cannot carry that privileges. Our testing today does not capture usages of users which are not root or do not own the type in question.The privilege checking happens indiscriminately here:
cockroach/pkg/ccl/changefeedccl/changefeed_stmt.go
Lines 194 to 198 in 270601e
What's worse is that I believe we may also need the
SELECT
privilege on the database which only makes sense for very bad reasonsTo Reproduce
As root:
Then connect to test as cf_user and run:
And get:
Which is a weird message since select isn't a valid privilege for a type:
The text was updated successfully, but these errors were encountered: