release-26.1: backup: clear default privileges on database and schema descriptors during restore#166182
Merged
rafiss merged 2 commits intocockroachdb:release-26.1from Mar 19, 2026
Conversation
During non-cluster restore, default privileges on database descriptors were carried over verbatim from the backup, potentially referencing users that don't exist on the target cluster. Clear them alongside regular privileges, which are already reset to defaults. Closes cockroachdb#164961 Epic: none Release note (bug fix): Fixed a bug where restoring a database backup containing default privileges referencing non-existent users would leave dangling user references in the restored database descriptor. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…store Extend the previous fix to also clear default privileges on schema descriptors during non-cluster restore. Schemas can also carry default privileges referencing users that don't exist on the target cluster. Release note: None Epic: none Co-Authored-By: roachdev-claude <roachdev-claude-bot@cockroachlabs.com>
blathers-crl
bot
added
blathers-backport
|
Thanks for opening a backport. Before merging, please confirm that the change does not break backwards compatibility and otherwise complies with the backport policy. Include a brief release justification in the PR description explaining why the backport is appropriate. All backports must be reviewed by the TL for the owning area. While the stricter LTS policy does not yet apply, please exercise judgment and consider gating non-critical changes behind a disabled-by-default feature flag when appropriate. |
blathers-crl
bot
added
backport
Member
|
This change is |
rafiss
approved these changes
Mar 19, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backport 2/2 commits from #165997 on behalf of @spilchen.
During non-cluster restore, default privileges on database descriptors were carried over verbatim from the backup, potentially referencing users that don't exist on the target cluster. Clear them alongside regular privileges, which are already reset to defaults.
The second commit extends the first fix to also clear default privileges on schema
descriptors during non-cluster restore. Schemas can also carry default
privileges referencing users that don't exist on the target cluster.
Closes #164961
Epic: none
Release note (bug fix): Fixed a bug where restoring a database backup containing default privileges referencing non-existent users would leave dangling user references in the restored database descriptor.
Release justification: fix bug observed in production that causes descriptor corruption