jobs: add VIEWJOB global privilege, remove role option#97860
jobs: add VIEWJOB global privilege, remove role option#97860craig[bot] merged 1 commit intocockroachdb:masterfrom
Conversation
|
It looks like your PR touches SQL parser code but doesn't add or edit parser tests. Please make sure you add or edit parser tests if you edit the parser. 🦉 Hoot! I am a Blathers, a bot for CockroachDB. My owner is dev-inf. |
|
This change is |
3ce252f to
700abe3
Compare
5d59c41 to
694a3d5
Compare
rafiss
left a comment
There was a problem hiding this comment.
awesome, thanks for doing this change. just had a very small nit
Reviewable status:
complete! 0 of 0 LGTMs obtained (waiting on @jayshrivastava)
-- commits line 8 at r1:
nit: for cases like this, where the commit is changing something that never appeared in any release, it's best to not include a release note. the reason being, someone reading our public docs would likely just end up more confused after reading this, since it is impossible for them to have been affected.
the info here is still great for the commit message though, just no need for a release note.
-- commits line 19 at r1:
looks like this should resolve https://cockroachlabs.atlassian.net/browse/CRDB-10082 as well
pkg/jobs/jobsauth/authorization.go line 62 at r1 (raw file):
// HasPrivilege mirrors sql.AuthorizationAccessor. HasPrivilege(ctx context.Context, privilegeObject privilege.Object, privilege privilege.Kind, user username.SQLUsername) (bool, error)
nice, thanks! i've been meaning to add this function to this interface
pkg/sql/roleoption/role_option.go line 37 at r1 (raw file):
// KindList of role options. // // NOTE: Before adding a role option (especially a non-postgres one), consider
+1 thanks for adding this note too!
694a3d5 to
fe5c64a
Compare
jayshrivastava
left a comment
There was a problem hiding this comment.
TYFR!
Reviewable status:
Previously, rafiss (Rafi Shamim) wrote…
nit: for cases like this, where the commit is changing something that never appeared in any release, it's best to not include a release note. the reason being, someone reading our public docs would likely just end up more confused after reading this, since it is impossible for them to have been affected.
the info here is still great for the commit message though, just no need for a release note.
ack!
29a3b93 to
f61eba9
Compare
This change updates `VIEWJOB` to be a global privilege instead of a role option so that it can be inherited from roles to their members. Previously, `VIEWJOB` was a role option which could be granted to users. Now, `VIEWJOB` is a global privilege. Granting this privilege to a user or role has the syntax `GRANT SYSTEM VIEWJOB TO user`. Using `VIEWJOB` as a role option is deprecated. Note that the `VIEWJOB` role option was not included in any release so far. It was queued up to be released in 23.1, but was not. This change is also being queued for 23.1, so there should not be any backwards compatibility issues. Informs: cockroachdb#96382 Epic: none Release note: None
f61eba9 to
17d5da4
Compare
|
bors r+ |
|
Build succeeded: |
This change updates
VIEWJOBto be a global privilege instead of a role option so that it can be inherited from roles to their members.Previously,
VIEWJOBwas a role option which could be granted to users. Now,VIEWJOBis a global privilege. Granting this privilege to a user or role has the syntaxGRANT SYSTEM VIEWJOB TO user. UsingVIEWJOBas a role option is deprecated.Note that the
VIEWJOBrole option was not included in any release so far. It was queued up to be released in 23.1, but was not. This change is also being queued for 23.1, so there should not be any backwards compatibility issues.Informs: #96382
Epic: None
Release Note: None