Skip to content

sql: refactor pg_builtin to use actual grant options #73129

Closed
Closed
sql: refactor pg_builtin to use actual grant options#73129
Assignees
ecwall
Labels
C-enhancementSolution expected to add code/behavior + preserve backward-compat (pg compat issues are exception)T-sql-foundationsSQL Foundations Team (formerly SQL Schema + SQL Sessions)
@jackcwu

Description

@jackcwu
jackcwu
opened on Nov 24, 2021

After #72123 is merged, change privilege inquiry functions like has_database_privilege, has_table_privilege, and pg_has_role in pkg/sql/sem/builtins/pg_builtins.go to use the newly-added grant option information. Currently, there is a workaround where grant options are determined for a certain privilege by checking if the user holds the GRANT privilege as well.

In addition to simplifying the code, GRANT will eventually be deprecated and removed so this change is necessary for these functions to work in the future.

For this issue:

  • Update the comment describing the old way of looking at the GRANT privilege.
  • Update the runSinglePrivilegeCheck so it doesn't look at the GRANT privilege directly.
    • The new logic should only be used if the new cluster version is active. See an example of a version gate here.
  • This might require changing planner.HasPrivilege so that it accepts a boolean parameter for withGrantOption; and the implementation should call planner.CheckGrantOption.
  • We likely don't need new tests. But for current tests to pass, step 2 of sql: deprecate "GRANT" privilege #73065 needs to be completed.

See #72512 (comment) for more context

Epic CRDB-2587

Metadata

Metadata

Assignees

Labels

C-enhancementSolution expected to add code/behavior + preserve backward-compat (pg compat issues are exception)T-sql-foundationsSQL Foundations Team (formerly SQL Schema + SQL Sessions)

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions