release-2.1: server,sql: allow admin UI to view table details for non-admins #44194
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Added `crdb_internal.get_zone_config` and `crdb_internal.get_namespace_id`, which executes queries to system tables and checks permissions afterwards. This is needed for speedy point lookups for the admin UI. * Modified the EvalContext with a PrivilegedAccessor, containing any accessors that requires privileged access to view data. * Modified the admin UI to use the new crdb_internal queries. Release note (admin ui change, security update, bug fix): We previously introduced a fix on the admin UI to prevent non-admin users from executing queries - however, this accidentally made certain pages requiring table details not to display. This PR allows the table details to be displayed in its former glory.
|
This change is |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport 1/1 commits from #44167.
/cc @cockroachdb/release
Resolves #44033
crdb_internal.get_zone_configandcrdb_internal.get_namespace_id, which executes queries to systemtables and checks permissions afterwards. This is needed for speedy
point lookups for the admin UI.
any accessors that requires privileged access to view data.
Release note (admin ui change, security update, bug fix): We previously
introduced a fix on the admin UI to prevent non-admin users from
executing queries - however, this accidentally made certain pages
requiring table details not to display. This PR allows the table details
to be displayed in its former glory.