Skip to content

release-25.2: sql/opt: treat privilege errors as stale memos during dependency checks#169294

Merged
trunk-io[bot] merged 1 commit intocockroachdb:release-25.2from
michae2:backport25.2-169190
Apr 28, 2026
Merged

release-25.2: sql/opt: treat privilege errors as stale memos during dependency checks#169294
trunk-io[bot] merged 1 commit intocockroachdb:release-25.2from
michae2:backport25.2-169190

Conversation

@michae2
Copy link
Copy Markdown
Collaborator

@michae2 michae2 commented Apr 28, 2026

Backport 1/1 commits from #169190.

/cc @cockroachdb/release

Previously, when the query cache's CheckDependencies re-resolved data sources from a cached memo and encountered a privilege error (e.g. because the memo referenced objects in a different database context), the error was propagated to the user. This caused unqualified function calls to fail with USAGE privilege errors referencing schemas from the wrong database when two databases had identically-named functions in custom schemas.

Now, maybeSwallowMetadataResolveErr also swallows pgcode.InsufficientPrivilege errors, treating them as indicators that the memo is stale. The memo is evicted and replanned in the correct user/database context, where genuine privilege errors will surface during planning.

Fixes: #168992

Release note (bug fix): Fixed a bug where unqualified function calls could fail with incorrect privilege errors when two databases on the same cluster had identically-named functions in custom schemas. The query cache could serve a memo from one database context to another, causing USAGE privilege errors referencing schemas from the wrong database.

Release justification: one-line low-risk fix for customer incident.

@michae2 @roachdev-claude
sql/opt: treat privilege errors as stale memos during dependency checks
a315b60 
Previously, when the query cache's `CheckDependencies` re-resolved data
sources from a cached memo and encountered a privilege error
(e.g. because the memo referenced objects in a different database
context), the error was propagated to the user. This caused unqualified
function calls to fail with USAGE privilege errors referencing schemas
from the wrong database when two databases had identically-named
functions in custom schemas.

Now, `maybeSwallowMetadataResolveErr` also swallows
`pgcode.InsufficientPrivilege` errors, treating them as indicators that
the memo is stale. The memo is evicted and replanned in the correct
user/database context, where genuine privilege errors will surface
during planning.

Fixes: cockroachdb#168992

Release note (bug fix): Fixed a bug where unqualified function calls
could fail with incorrect privilege errors when two databases on the
same cluster had identically-named functions in custom schemas. The
query cache could serve a memo from one database context to another,
causing USAGE privilege errors referencing schemas from the wrong
database.

Co-Authored-By: roachdev-claude <roachdev-claude-bot@cockroachlabs.com>
@michae2 michae2 requested review from a team and mw5h April 28, 2026 22:13
@blathers-crl
Copy link
Copy Markdown

blathers-crl Bot commented Apr 28, 2026

Thanks for opening a backport.

Before merging, please confirm that it falls into one of the following categories (select one):

  • Non-production code changes OR fixes for serious issues. Non-production includes test-only changes, build system changes, etc. Serious issues are defined in the policy as correctness, stability, or security issues, data corruption/loss, significant performance regressions, breaking working and widely used functionality, or an inability to detect and debug production issues.
  • Other approved changes. These changes must be gated behind a disabled-by-default feature flag unless there is a strong justification not to. Reference the approved ENGREQ ticket in the PR body (e.g., "Fixes ENGREQ-123").

Add a brief release justification to the PR description explaining your selection.

Also, confirm that the change does not break backward compatibility and complies with all aspects of the backport policy.

All backports must be reviewed by the TL and EM for the owning area.

@trunk-io
Copy link
Copy Markdown
Contributor

trunk-io Bot commented Apr 28, 2026
edited
Loading

😎 Merged successfully - details.

@blathers-crl blathers-crl Bot added backport Label PR's that are backports to older release branches T-sql-queries SQL Queries Team labels Apr 28, 2026
@cockroach-teamcity
Copy link
Copy Markdown
Member

cockroach-teamcity commented Apr 28, 2026

This change is Reviewable

@michae2
Copy link
Copy Markdown
Collaborator Author

michae2 commented Apr 28, 2026

/trunk merge

@trunk-io trunk-io Bot merged commit 0bce347 into cockroachdb:release-25.2 Apr 28, 2026
19 checks passed
@michae2 michae2 deleted the backport25.2-169190 branch April 29, 2026 15:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mw5h mw5h mw5h approved these changes

Assignees

No one assigned

Labels

backport Label PR's that are backports to older release branches T-sql-queries SQL Queries Team target-release-25.2.19

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@michae2 @cockroach-teamcity @mw5h