Skip to content

sql: add validating privileges after version upgrades #65011

Closed
#67375
Closed
sql: add validating privileges after version upgrades#65011
#67375
Assignees
RichardJCai
Labels
A-sql-privilegesSQL privilege handling and permission checks.C-enhancementSolution expected to add code/behavior + preserve backward-compat (pg compat issues are exception)T-sql-foundationsSQL Foundations Team (formerly SQL Schema + SQL Sessions)
@RichardJCai

Description

@RichardJCai
RichardJCai
opened on May 11, 2021

In 20.2, USAGE privilege was added incorrectly by displacing ZONECONFIG's bitfield value.

Not realizing Kind was a bitfield, I added USAGE above ZONECONFIG here:
https://github.com/cockroachdb/cockroach/pull/51622/files#diff-d4927b542ad295710e97b3e1adff3f107e31eb9dbd75a8adfbae4bdb4929a705R41

Thus after upgrading from 20.1 to 20.2, USAGE privilege would become ZONECONFIG. Very very fortunately, ZONECONFIG was only valid on tables/dbs whereas USAGE was not so we were able to tell which privilege the bit should be referring to and fix it.

Fix here:
#65010

We should introduce a test that ensures privileges stay consistent after upgrades.

Could do some sort of versionupgrade test.
https://github.com/cockroachdb/cockroach/blob/master/pkg/cmd/roachtest/versionupgrade.go

Epic CRDB-2586

Metadata

Metadata

Assignees

Labels

A-sql-privilegesSQL privilege handling and permission checks.C-enhancementSolution expected to add code/behavior + preserve backward-compat (pg compat issues are exception)T-sql-foundationsSQL Foundations Team (formerly SQL Schema + SQL Sessions)

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions