-
Notifications
You must be signed in to change notification settings - Fork 3.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sql: check privileges in CONFIGURE ZONE commands #40879
Conversation
Previously, any user could apply zone configurations to any object. This commit enforces that users must have appropriate privileges to run a CONFIGURE ZONE command. For system ranges, the system database, and tables in that database, the user must be an admin. For other databases and tables, the user must have CREATE privileges on the object. Release note (backward-incompatible change): CONFIGURE ZONE commands now fail if the user does not have sufficient privileges. If the target is a system range, the "system" database, or a table in that database, the user must be an admin. For all other databases and tables, the user must have the CREATE privilege on the target database or table. Note that this change may be backward-incompatible for users who run scripted CONFIGURE ZONE commands via a user with restricted permissions. To add the necessary permissions, use the GRANT command via an admin user. To grant the admin role to a user, run `GRANT admin TO <user>`. To grant the CREATE privilege on a database or table, run `GRANT CREATE ON [DATABASE | TABLE] <name> TO <user>`. Release justification: Fix for high-priority bug in existing functionality. Fixes cockroachdb#40693
@awoods187 Would you please review the privileges logic as described in the commit message? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Code LGTM
Reviewable status: complete! 0 of 0 LGTMs obtained (waiting on @awoods187 and @rohany)
LGTM if @awoods187 is happy with this. If you'd prefer to be more conservative with this change it would be fine with me if we continued to require the admin role in 19.2, and then made this more granular in 20.1. |
In a way this is more conservative than requiring admin, since the status quo is that any user can configure zones. So it's a less drastic change to continue allowing non-admins to configure zones, as long as they have the CREATE privilege. bors r+ |
sgtm |
bors r+ |
40879: sql: check privileges in CONFIGURE ZONE commands r=solongordon a=solongordon Previously, any user could apply zone configurations to any object. This commit enforces that users must have appropriate privileges to run a CONFIGURE ZONE command. For system ranges, the system database, and tables in that database, the user must be an admin. For other databases and tables, the user must have CREATE privileges on the object. Release note (backward-incompatible change): CONFIGURE ZONE commands now fail if the user does not have sufficient privileges. If the target is a system range, the "system" database, or a table in that database, the user must be an admin. For all other databases and tables, the user must have the CREATE privilege on the target database or table. Note that this change may be backward-incompatible for users who run scripted CONFIGURE ZONE commands via a user with restricted permissions. To add the necessary permissions, use the GRANT command via an admin user. To grant the admin role to a user, run `GRANT admin TO <user>`. To grant the CREATE privilege on a database or table, run `GRANT CREATE ON [DATABASE | TABLE] <name> TO <user>`. Release justification: Fix for high-priority bug in existing functionality. Fixes #40693 Co-authored-by: Solon Gordon <solon@cockroachlabs.com>
Build succeeded |
Previously, any user could apply zone configurations to any object. This
commit enforces that users must have appropriate privileges to run a
CONFIGURE ZONE command. For system ranges, the system database, and
tables in that database, the user must be an admin. For other databases
and tables, the user must have CREATE privileges on the object.
Release note (backward-incompatible change): CONFIGURE ZONE commands
now fail if the user does not have sufficient privileges. If the target
is a system range, the "system" database, or a table in that database,
the user must be an admin. For all other databases and tables, the user
must have the CREATE privilege on the target database or table.
Note that this change may be backward-incompatible for users who run
scripted CONFIGURE ZONE commands via a user with restricted permissions.
To add the necessary permissions, use the GRANT command via an admin
user. To grant the admin role to a user, run
GRANT admin TO <user>
. Togrant the CREATE privilege on a database or table, run
GRANT CREATE ON [DATABASE | TABLE] <name> TO <user>
.Release justification: Fix for high-priority bug in existing
functionality.
Fixes #40693