Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ALTER DEFAULT PRIVILEGES for tablegroups #5160

Closed
vvkgopalan opened this issue Jul 20, 2020 · 0 comments
Closed

ALTER DEFAULT PRIVILEGES for tablegroups #5160

vvkgopalan opened this issue Jul 20, 2020 · 0 comments
Assignees
@vvkgopalan

Comments

@vvkgopalan
Copy link
Contributor

Once tablegroups are implemented, we should be able to, at a database level, change the default privileges for a user on all future tablegroups.
vvkgopalan added a commit that referenced this issue Jul 30, 2020
@vvkgopalan
[#5087, #5160][YSQL] GRANT/REVOKE/ALTER DEFAULT PRIVILEGES for tableg…
b4505ac 
…roups

Summary:
For grant/revoke:
Implemented GRANT / REVOKE for tablegroups. The following rights are available for
tablegroups: (ACL_CREATE). When a user has create rights on a tablegroup, they are able to create
tables within that tablegroup. Alternatively, they can do so by default if they are the owner of
that tablegroup or are a superuser. Usage is as follows:

```
GRANT { CREATE | ALL [PRIVILEGES] } ON TABLEGROUP tablegroup_name TO grant_role_spec [WITH GRANT
OPTION]

REVOKE [GRANT OPTION FOR] { CREATE | ALL [PRIVILEGES] } ON TABLEGROUP tablegroup_name FROM { [GROUP]
role_name | PUBLIC } [CASCADE | RESTRICT]
```

For alter default privileges:
At a per-database level (not per-schema as tablegroups can contain tables from multiple
schemas), a user (with sufficient privs) can define the default access privileges for all future
tablegroups and grant it to a user / role. The default access privs for non-superuser / non-owner of
a tablegroup are ACL_NO_RIGHTS. Users/roles can be granted ACL_CREATE on tablegroups which allows
them to create tables / indexes on tables they own in that tablegroup.

Usage is as follows:

```
ALTER DEFAULT PRIVILEGES GRANT { CREATE | ALL [PRIVILEGES] } ON TABLEGROUPS TO grant_role_spec [WITH
GRANT OPTION]

ALTER DEFAULT PRIVILEGSE REVOKE { CREATE | ALL [PRIVILEGES] } ON TABLEGROUPS FROM grant_role_spec
[CASCADE | RESTRICT]
```

Test Plan:
Updated the yb_tablegroup_permissions test as part of the tablegroup test suite. Can be run as
follows:
```
./yb_build.sh --java-test org.yb.pgsql.TestPgRegressTablegroup
```

Reviewers: jason, nicolas, neha

Reviewed By: neha

Subscribers: neha, yql

Differential Revision: https://phabricator.dev.yugabyte.com/D8958
@vvkgopalan vvkgopalan self-assigned this Jul 30, 2020
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vvkgopalan vvkgopalan

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@vvkgopalan