New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sql: support the USAGE
privilege on schemas
#53358
Conversation
First commit is #53344 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 16 of 16 files at r1.
Reviewable status: complete! 0 of 0 LGTMs obtained (waiting on @ajwerner, @lucy-zhang, @rohany, and @solongordon)
pkg/sql/logictest/testdata/logic_test/schema, line 293 at r2 (raw file):
statement ok CREATE TABLE privs.usage_tbl (x INT); CREATE TYPE privs.usage_typ AS ENUM ('usage');
Would it make this test stronger if you also granted SELECT on the table and USAGE on the type?
I don't think so, as Postgres(and we now) check the schema permissions first before the object permissions. I'm asserting that I get a schema permission error as well, so we know that we're getting the right error |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 3 of 4 files at r2.
Reviewable status: complete! 1 of 0 LGTMs obtained (waiting on @lucy-zhang, @rohany, and @solongordon)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
speaking of @solongordon's question, do we properly deal with the USAGE
privilege on enums?
Reviewable status: complete! 1 of 0 LGTMs obtained (waiting on @lucy-zhang, @rohany, and @solongordon)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 14 of 16 files at r1, 4 of 4 files at r2.
Reviewable status: complete! 1 of 0 LGTMs obtained (waiting on @rohany)
pkg/sql/grant_revoke.go, line 231 at r2 (raw file):
} case *schemadesc.Mutable: if err := p.writeSchemaDescChange(
Don't have to change anything right now, but I think eventually we should be doing all these writes in the same batch.
No, the usage privilege on enums is a bit different. |
Just so we're clear, what you mean is if you have
|
Yes, thats what I meant. I was trying to say that having usage or not doesn't affect this particular test case. |
Fixes cockroachdb#50879. This commit adds support for the `GRANT ... ON SCHEMA ... TO ...` command and adds the necessary permissions checks that were missing. Note that the `USAGE` permission is not implemented and will be done as a follow up (cockroachdb#53342). Release note (sql change): Add support for the `GRANT ... ON SCHEMA command`.
bors r+ |
bors r- looks like this is broken on CI |
Canceled. |
hmmmm |
Fixes cockroachdb#53342. This commit adds the `USAGE` privilege to schemas. The `USAGE` privilege allows a user to resolve objects under a schema. Release note (sql change): Support the `USAGE` privelege on schemas.
bors r+ |
Build succeeded: |
Fixes #53342.
This commit adds the
USAGE
privilege to schemas. TheUSAGE
privilegeallows a user to resolve objects under a schema.
Release note (sql change): Support the
USAGE
privelege on schemas.