New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hide Diagnostics Bundle info on console for sql user with role VIEWACTIVITYREDACTED #74817
Labels
C-enhancement
Solution expected to add code/behavior + preserve backward-compat (pg compat issues are exception)
Comments
maryliag
added
C-enhancement
Solution expected to add code/behavior + preserve backward-compat (pg compat issues are exception)
T-sql-observability
labels
Jan 13, 2022
maryliag
added a commit
to maryliag/cockroach
that referenced
this issue
Jan 18, 2022
The commit creates a new endpoint `/sqlroles` that returns a list of roles of the SQL user logged in. Partially addresses cockroachdb#74817 Release note (api change): Creation of new endpoint `/sqlroles` that returns a list of the SQL roles for the SQL user logged in.
maryliag
added a commit
to maryliag/cockroach
that referenced
this issue
Jan 18, 2022
The commit creates a new endpoint `/sqlroles` that returns a list of roles of the SQL user logged in. Partially addresses cockroachdb#74817 Release note (api change): Creation of new endpoint `/sqlroles` that returns a list of the SQL roles for the SQL user logged in.
maryliag
added a commit
to maryliag/cockroach
that referenced
this issue
Jan 19, 2022
The commit creates a new endpoint `/sqlroles` that returns a list of roles of the SQL user logged in. Partially addresses cockroachdb#74817 Release note (api change): Creation of new endpoint `/sqlroles` that returns a list of the SQL roles for the SQL user logged in.
maryliag
added a commit
to maryliag/cockroach
that referenced
this issue
Jan 19, 2022
The commit creates a new endpoint `/sqlroles` that returns a list of roles of the SQL user logged in. Partially addresses cockroachdb#74817 Release note (api change): Creation of new endpoint `/sqlroles` that returns a list of the SQL roles for the SQL user logged in.
craig bot
pushed a commit
that referenced
this issue
Jan 19, 2022
74920: server: create new endpoint that return the roles of the sql user r=maryliag a=maryliag The commit creates a new endpoint `/sqlroles` that returns a list of roles of the SQL user logged in. Partially addresses #74817 Release note (api change): Creation of new endpoint `/sqlroles` that returns a list of the SQL roles for the SQL user logged in. 75088: sql: migrate has_sequence_privilege from evalPrivilegeCheck to ctx.Pl… r=otan a=ecwall …anner.HasPrivilege refs #66173 Migrate has_sequence_privilege from evalPrivilegeCheck to ctx.Planner.HasPrivilege. Release note: None 75116: bazel: update comments in `BUILD.bazel`, include reference to `dev -h` r=irfansharif a=rickystewart Most of this stuff is out-of-date at this point. Release note: None 75145: sql: deflake TestTelemetry r=rytaft a=rytaft This commit deflakes `TestTelemetry` by adding a more precise `feature-allowlist`. Fixes #75138 Release note: None 75149: cloud: close Reader before resetting in ResumingReader r=knz a=adityamaru This change `Close()`s the Reader before resetting it when we encounter a resumable error in the ResumingReader. This is particularly important for the http external storage provide, since forgetting to call Close() results in goroutine leaks from go1.17.6 onwards. See: golang/go#50652 Fixes: #75143 Release note: None Co-authored-by: Marylia Gutierrez <marylia@cockroachlabs.com> Co-authored-by: Evan Wall <wall@cockroachlabs.com> Co-authored-by: Ricky Stewart <ricky@cockroachlabs.com> Co-authored-by: Rebecca Taft <becca@cockroachlabs.com> Co-authored-by: Aditya Maru <adityamaru@gmail.com>
maryliag
added a commit
to maryliag/cockroach
that referenced
this issue
Jan 19, 2022
The commit creates a new endpoint `/sqlroles` that returns a list of roles of the SQL user logged in. Partially addresses cockroachdb#74817 Release note (api change): Creation of new endpoint `/sqlroles` that returns a list of the SQL roles for the SQL user logged in.
This was referenced Jan 21, 2022
maryliag
added a commit
to maryliag/cockroach
that referenced
this issue
Jan 21, 2022
Previously, the `/sqlroles` api was querying directly the `system.role_options` table to return all the role options for a user. This worked normally for users who had `SELECT` privilege to that table, but it would fail for all other users. This commits changes the api to use a privilege checker that uses the `crdb_internal.has_role_option` built in instead, that can be used by all users, independent of their permission. Partially addresses cockroachdb#74817 Release note: None
maryliag
added a commit
to maryliag/cockroach
that referenced
this issue
Jan 21, 2022
When the sql user has the role VIEWACTIVITYREDACTED, all the information about Statement Diagnostics Bundle will be hidden. That happens on: Statement - diagnostics column Statement Details - diagnostics tab Advanced Debug - diagnostics history Fixes cockroachdb#74817 Release note (ui change): If the user has the role VIEWACTIVITYREDACTED, we hide the Statement Diagnostics bundle info on Statement page (diagnostics column), Statement Details page (diagnostics tab) and Advanced Debug page (diagnostics history).
maryliag
added a commit
to maryliag/cockroach
that referenced
this issue
Jan 21, 2022
Previously, the `/sqlroles` api was querying directly the `system.role_options` table to return all the role options for a user. This worked normally for users who had `SELECT` privilege to that table, but it would fail for all other users. This commits changes the api to use a privilege checker that uses the `crdb_internal.has_role_option` built in instead, that can be used by all users, independent of their permission. Partially addresses cockroachdb#74817 Release note: None
maryliag
added a commit
to maryliag/cockroach
that referenced
this issue
Jan 21, 2022
When the sql user has the role VIEWACTIVITYREDACTED, all the information about Statement Diagnostics Bundle will be hidden. That happens on: Statement - diagnostics column Statement Details - diagnostics tab Advanced Debug - diagnostics history Fixes cockroachdb#74817 Release note (ui change): If the user has the role VIEWACTIVITYREDACTED, we hide the Statement Diagnostics bundle info on Statement page (diagnostics column), Statement Details page (diagnostics tab) and Advanced Debug page (diagnostics history).
maryliag
added a commit
to maryliag/cockroach
that referenced
this issue
Jan 24, 2022
When the sql user has the role VIEWACTIVITYREDACTED, all the information about Statement Diagnostics Bundle will be hidden. That happens on: Statement - diagnostics column Statement Details - diagnostics tab Advanced Debug - diagnostics history Fixes cockroachdb#74817 Release note (ui change): If the user has the role VIEWACTIVITYREDACTED, we hide the Statement Diagnostics bundle info on Statement page (diagnostics column), Statement Details page (diagnostics tab) and Advanced Debug page (diagnostics history).
gtr
pushed a commit
to gtr/cockroach
that referenced
this issue
Jan 24, 2022
The commit creates a new endpoint `/sqlroles` that returns a list of roles of the SQL user logged in. Partially addresses cockroachdb#74817 Release note (api change): Creation of new endpoint `/sqlroles` that returns a list of the SQL roles for the SQL user logged in.
maryliag
added a commit
to maryliag/cockroach
that referenced
this issue
Jan 24, 2022
When the sql user has the role VIEWACTIVITYREDACTED, all the information about Statement Diagnostics Bundle will be hidden. That happens on: Statement - diagnostics column Statement Details - diagnostics tab Advanced Debug - diagnostics history Fixes cockroachdb#74817 Release note (ui change): If the user has the role VIEWACTIVITYREDACTED, we hide the Statement Diagnostics bundle info on Statement page (diagnostics column), Statement Details page (diagnostics tab) and Advanced Debug page (diagnostics history).
maryliag
added a commit
to maryliag/cockroach
that referenced
this issue
Jan 25, 2022
Previously, the `/sqlroles` api was querying directly the `system.role_options` table to return all the role options for a user. This worked normally for users who had `SELECT` privilege to that table, but it would fail for all other users. This commits changes the api to use a privilege checker that uses the `crdb_internal.has_role_option` built in instead, that can be used by all users, independent of their permission. Partially addresses cockroachdb#74817 Release note: None
maryliag
added a commit
to maryliag/cockroach
that referenced
this issue
Jan 25, 2022
Previously, the `/sqlroles` api was querying directly the `system.role_options` table to return all the role options for a user. This worked normally for users who had `SELECT` privilege to that table, but it would fail for all other users. This commits changes the api to use a privilege checker that uses the `crdb_internal.has_role_option` built in instead, that can be used by all users, independent of their permission. Partially addresses cockroachdb#74817 Release note: None
craig bot
pushed a commit
that referenced
this issue
Jan 25, 2022
75231: sql: support hash sharded index default bucket count r=chengxiong-ruan a=chengxiong-ruan Fixes #74739 Release not (sql change): We used to always create hash sharded index by specifying a bucket count. With this change, user does not need to do that anymore. Hash index can be created with just `USING HASH` instead of `USING HASH WITH BUCKET_COUNT = xxx`. A default bucket count 8 will be used. 75273: server: change sqlroles api to use builtin r=maryliag a=maryliag Previously, the `/sqlroles` api was querying directly the `system.role_options` table to return all the role options for a user. This worked normally for users who had `SELECT` privilege to that table, but it would fail for all other users. This commits changes the api to use a privilege checker that uses the `crdb_internal.has_role_option` built in instead, that can be used by all users, independent of their permission. Partially addresses #74817 Release note: None Co-authored-by: Chengxiong Ruan <chengxiongruan@gmail.com> Co-authored-by: Marylia Gutierrez <marylia@cockroachlabs.com>
maryliag
added a commit
to maryliag/cockroach
that referenced
this issue
Jan 25, 2022
When the sql user has the role VIEWACTIVITYREDACTED, all the information about Statement Diagnostics Bundle will be hidden. That happens on: Statement - diagnostics column Statement Details - diagnostics tab Advanced Debug - diagnostics history Fixes cockroachdb#74817 Release note (ui change): If the user has the role VIEWACTIVITYREDACTED, we hide the Statement Diagnostics bundle info on Statement page (diagnostics column), Statement Details page (diagnostics tab) and Advanced Debug page (diagnostics history).
maryliag
added a commit
to maryliag/cockroach
that referenced
this issue
Jan 25, 2022
Previously, the `/sqlroles` api was querying directly the `system.role_options` table to return all the role options for a user. This worked normally for users who had `SELECT` privilege to that table, but it would fail for all other users. This commits changes the api to use a privilege checker that uses the `crdb_internal.has_role_option` built in instead, that can be used by all users, independent of their permission. Partially addresses cockroachdb#74817 Release note: None
maryliag
added a commit
to maryliag/cockroach
that referenced
this issue
Jan 25, 2022
Previously, the `/sqlroles` api was querying directly the `system.role_options` table to return all the role options for a user. This worked normally for users who had `SELECT` privilege to that table, but it would fail for all other users. This commits changes the api to use a privilege checker that uses the `crdb_internal.has_role_option` built in instead, that can be used by all users, independent of their permission. Partially addresses cockroachdb#74817 Release note: None
craig bot
pushed a commit
that referenced
this issue
Jan 25, 2022
75274: ui: hide statement diagnostics when role VIEWACTIVITYREDACTED r=maryliag a=maryliag When the sql user has the role VIEWACTIVITYREDACTED, all the information about Statement Diagnostics Bundle will be hidden. That happens on: Statement - diagnostics column Statement Details - diagnostics tab Advanced Debug - diagnostics history Fixes #74817 Note: Can only be merged after #75271 and #75273 Release note (ui change): If the user has the role VIEWACTIVITYREDACTED, we hide the Statement Diagnostics bundle info on Statement page (diagnostics column), Statement Details page (diagnostics tab) and Advanced Debug page (diagnostics history). 75479: colflow: finish the span after closing the batch flow coordinator r=yuzefovich a=yuzefovich Previously, the coordinator would be closed after the tracing span is finished. However, this is incorrect in some cases where some components might use the span up until they are closed. This is now fixed by closing the coordinator before finishing the span. Fixes: #75425. Release note: None 75493: backupccl: give each restore goroutine its own rewriter r=dt a=dt Release note: none. 75506: migrations: bump size of `migrations` test r=rail a=rickystewart Release note: None Co-authored-by: Marylia Gutierrez <marylia@cockroachlabs.com> Co-authored-by: Yahor Yuzefovich <yahor@cockroachlabs.com> Co-authored-by: David Taylor <tinystatemachine@gmail.com> Co-authored-by: Ricky Stewart <ricky@cockroachlabs.com>
maryliag
added a commit
to maryliag/cockroach
that referenced
this issue
Jan 25, 2022
When the sql user has the role VIEWACTIVITYREDACTED, all the information about Statement Diagnostics Bundle will be hidden. That happens on: Statement - diagnostics column Statement Details - diagnostics tab Advanced Debug - diagnostics history Fixes cockroachdb#74817 Release note (ui change): If the user has the role VIEWACTIVITYREDACTED, we hide the Statement Diagnostics bundle info on Statement page (diagnostics column), Statement Details page (diagnostics tab) and Advanced Debug page (diagnostics history).
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
C-enhancement
Solution expected to add code/behavior + preserve backward-compat (pg compat issues are exception)
Follow up from #74716
When the sql user logged in to the Console (DB/CC) has role
VIEWACTIVITYREDACTED
, hide:Epic: CRDB-12103
The text was updated successfully, but these errors were encountered: