-
Notifications
You must be signed in to change notification settings - Fork 451
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Updated permissions doc for CONFIGURE ZONE #5609
Conversation
3ab6974
to
1b8bdd3
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey Eric, can you please get an engineering review for this first? I tried reading the related CRDB PR but didn't immediately understand how this doc update connects with that PR, so I'd be more comfortable looking at this after a technical review.
Sure thing! @rohany Can you look over this PR for technical accuracy? |
@solongordon is a better reviewer for this one -- handing it off. |
@solongordon Friendly reminder to review :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status:
complete! 0 of 0 LGTMs obtained (waiting on @ericharmeling, @rohany, and @solongordon)
v19.2/configure-zone.md, line 43 at r1 (raw file):
## Required privileges If the target is a [`system`](show-databases.html#preloaded-databases) range, the `system` database, or a table in the `system` database, the user must be an [`admin`](authorization.html#create-and-manage-roles). For all other databases and tables, the user must have the [CREATE](grant.html#supported-privileges) privilege on the target database or table.
I think the link you have on the system range should actually be used for the system database. For the system range it would be better to link to #create-a-replication-zone-for-a-system-range
.
v19.2/configure-zone.md, line 46 at r1 (raw file):
{{site.data.alerts.callout_info}} Required privileges for `CONFIGURE ZONE` statements in CockroachDB v19.2 may be backward-incompatible for users running scripted statements with restricted permissions in versions earlier than v19.1.<br/>To add the necessary permissions, use [`GRANT` <privileges>](../v19.2/grant.html) or [`GRANT` <roles>](../v19.2/grant-roles.html) as a user with an admin role. For example, to grant a user the admin role, run `GRANT admin TO <user>`. To grant the `CREATE` privilege on a database or table, run `GRANT CREATE ON [DATABASE | TABLE] <name> TO <user>`.
Rather than "versions earlier than v19.1", I think it should say "v19.1 and earlier" or just "earlier versions."
1b8bdd3
to
e865465
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status:
complete! 0 of 0 LGTMs obtained (waiting on @rohany and @solongordon)
v19.2/configure-zone.md, line 43 at r1 (raw file):
Previously, solongordon (Solon) wrote…
I think the link you have on the system range should actually be used for the system database. For the system range it would be better to link to
#create-a-replication-zone-for-a-system-range
.
Done.
v19.2/configure-zone.md, line 46 at r1 (raw file):
Previously, solongordon (Solon) wrote…
Rather than "versions earlier than v19.1", I think it should say "v19.1 and earlier" or just "earlier versions."
Done.
@rmloveland This should be ready for you to review. Per @solongordon's advice, I'm going to open a separate PR to update example output of the |
v19.2/configure-zone.md
Outdated
If the target is a [`system` range](#create-a-replication-zone-for-a-system-range), the [`system` database](show-databases.html#preloaded-databases), or a table in the `system` database, the user must be an [`admin`](authorization.html#create-and-manage-roles). For all other databases and tables, the user must have the [CREATE](grant.html#supported-privileges) privilege on the target database or table. | ||
|
||
{{site.data.alerts.callout_info}} | ||
Required privileges for `CONFIGURE ZONE` statements in CockroachDB v19.2 may be backward-incompatible for users running scripted statements with restricted permissions in v19.1 and earlier.<br/>To add the necessary permissions, use [`GRANT` <privileges>](../v19.2/grant.html) or [`GRANT` <roles>](../v19.2/grant-roles.html) as a user with an admin role. For example, to grant a user the admin role, run `GRANT admin TO <user>`. To grant the `CREATE` privilege on a database or table, run `GRANT CREATE ON [DATABASE | TABLE] <name> TO <user>`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
~I think this should be a red box since this is potentially a breaking change
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's a tad awkward to have all this inside a blue box, but I agree with the choice. Suggest adding line breaks before "For example" and again before "To grant the CREATE privilege" to make it easier to scan (since those lines are each separate tasks for the user).
e865465
to
cf34e24
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status:
complete! 0 of 0 LGTMs obtained (waiting on @rmloveland and @solongordon)
v19.2/configure-zone.md, line 46 at r2 (raw file):
Previously, rmloveland (Rich Loveland) wrote…
It's a tad awkward to have all this inside a blue box, but I agree with the choice. Suggest adding line breaks before "For example" and again before "To grant the CREATE privilege" to make it easier to scan (since those lines are each separate tasks for the user).
Done.
Fixes #5511.