diff --git a/pkg/sql/alter_table.go b/pkg/sql/alter_table.go index 3758d38c0dec..fa972cead8a8 100644 --- a/pkg/sql/alter_table.go +++ b/pkg/sql/alter_table.go @@ -17,6 +17,7 @@ import ( "fmt" "github.com/cockroachdb/cockroach/pkg/keys" + "github.com/cockroachdb/cockroach/pkg/security" "github.com/cockroachdb/cockroach/pkg/server/telemetry" "github.com/cockroachdb/cockroach/pkg/settings/cluster" "github.com/cockroachdb/cockroach/pkg/sql/pgwire/pgcode" @@ -1028,10 +1029,11 @@ func injectTableStats( func (p *planner) removeColumnComment( ctx context.Context, tableID sqlbase.ID, columnID sqlbase.ColumnID, ) error { - _, err := p.ExtendedEvalContext().ExecCfg.InternalExecutor.Exec( + _, err := p.ExtendedEvalContext().ExecCfg.InternalExecutor.ExecWithUser( ctx, "delete-column-comment", p.txn, + security.RootUser, "DELETE FROM system.comments WHERE type=$1 AND object_id=$2 AND sub_id=$3", keys.ColumnCommentType, tableID, diff --git a/pkg/sql/comment_on_column.go b/pkg/sql/comment_on_column.go index 592c1b568e22..4c854dc9a6e1 100644 --- a/pkg/sql/comment_on_column.go +++ b/pkg/sql/comment_on_column.go @@ -14,6 +14,7 @@ import ( "context" "github.com/cockroachdb/cockroach/pkg/keys" + "github.com/cockroachdb/cockroach/pkg/security" "github.com/cockroachdb/cockroach/pkg/sql/privilege" "github.com/cockroachdb/cockroach/pkg/sql/sem/tree" ) @@ -49,10 +50,11 @@ func (n *commentOnColumnNode) startExec(params runParams) error { } if n.n.Comment != nil { - _, err := params.p.extendedEvalCtx.ExecCfg.InternalExecutor.Exec( + _, err := params.p.extendedEvalCtx.ExecCfg.InternalExecutor.ExecWithUser( params.ctx, "set-column-comment", params.p.Txn(), + security.RootUser, "UPSERT INTO system.comments VALUES ($1, $2, $3, $4)", keys.ColumnCommentType, n.tableDesc.ID, @@ -62,10 +64,11 @@ func (n *commentOnColumnNode) startExec(params runParams) error { return err } } else { - _, err := params.p.extendedEvalCtx.ExecCfg.InternalExecutor.Exec( + _, err := params.p.extendedEvalCtx.ExecCfg.InternalExecutor.ExecWithUser( params.ctx, "delete-column-comment", params.p.Txn(), + security.RootUser, "DELETE FROM system.comments WHERE type=$1 AND object_id=$2 AND sub_id=$3", keys.ColumnCommentType, n.tableDesc.ID, diff --git a/pkg/sql/comment_on_database.go b/pkg/sql/comment_on_database.go index 924abfaeef92..2acf3b455c1d 100644 --- a/pkg/sql/comment_on_database.go +++ b/pkg/sql/comment_on_database.go @@ -14,6 +14,7 @@ import ( "context" "github.com/cockroachdb/cockroach/pkg/keys" + "github.com/cockroachdb/cockroach/pkg/security" "github.com/cockroachdb/cockroach/pkg/sql/privilege" "github.com/cockroachdb/cockroach/pkg/sql/sem/tree" "github.com/cockroachdb/cockroach/pkg/sql/sqlbase" @@ -44,10 +45,11 @@ func (p *planner) CommentOnDatabase( func (n *commentOnDatabaseNode) startExec(params runParams) error { if n.n.Comment != nil { - _, err := params.p.extendedEvalCtx.ExecCfg.InternalExecutor.Exec( + _, err := params.p.extendedEvalCtx.ExecCfg.InternalExecutor.ExecWithUser( params.ctx, "set-db-comment", params.p.Txn(), + security.RootUser, "UPSERT INTO system.comments VALUES ($1, $2, 0, $3)", keys.DatabaseCommentType, n.dbDesc.ID, @@ -56,10 +58,11 @@ func (n *commentOnDatabaseNode) startExec(params runParams) error { return err } } else { - _, err := params.p.extendedEvalCtx.ExecCfg.InternalExecutor.Exec( + _, err := params.p.extendedEvalCtx.ExecCfg.InternalExecutor.ExecWithUser( params.ctx, "delete-db-comment", params.p.Txn(), + security.RootUser, "DELETE FROM system.comments WHERE type=$1 AND object_id=$2 AND sub_id=0", keys.DatabaseCommentType, n.dbDesc.ID) diff --git a/pkg/sql/comment_on_table.go b/pkg/sql/comment_on_table.go index 0e10d9ca4c0e..278920d58d15 100644 --- a/pkg/sql/comment_on_table.go +++ b/pkg/sql/comment_on_table.go @@ -14,6 +14,7 @@ import ( "context" "github.com/cockroachdb/cockroach/pkg/keys" + "github.com/cockroachdb/cockroach/pkg/security" "github.com/cockroachdb/cockroach/pkg/sql/privilege" "github.com/cockroachdb/cockroach/pkg/sql/sem/tree" ) @@ -42,10 +43,11 @@ func (p *planner) CommentOnTable(ctx context.Context, n *tree.CommentOnTable) (p func (n *commentOnTableNode) startExec(params runParams) error { if n.n.Comment != nil { - _, err := params.p.extendedEvalCtx.ExecCfg.InternalExecutor.Exec( + _, err := params.p.extendedEvalCtx.ExecCfg.InternalExecutor.ExecWithUser( params.ctx, "set-table-comment", params.p.Txn(), + security.RootUser, "UPSERT INTO system.comments VALUES ($1, $2, 0, $3)", keys.TableCommentType, n.tableDesc.ID, @@ -54,10 +56,11 @@ func (n *commentOnTableNode) startExec(params runParams) error { return err } } else { - _, err := params.p.extendedEvalCtx.ExecCfg.InternalExecutor.Exec( + _, err := params.p.extendedEvalCtx.ExecCfg.InternalExecutor.ExecWithUser( params.ctx, "delete-table-comment", params.p.Txn(), + security.RootUser, "DELETE FROM system.comments WHERE type=$1 AND object_id=$2 AND sub_id=0", keys.TableCommentType, n.tableDesc.ID) diff --git a/pkg/sql/drop_database.go b/pkg/sql/drop_database.go index 8be0190d8839..72e9cf9e4619 100644 --- a/pkg/sql/drop_database.go +++ b/pkg/sql/drop_database.go @@ -17,6 +17,7 @@ import ( "github.com/cockroachdb/cockroach/pkg/internal/client" "github.com/cockroachdb/cockroach/pkg/jobs/jobspb" "github.com/cockroachdb/cockroach/pkg/keys" + "github.com/cockroachdb/cockroach/pkg/security" "github.com/cockroachdb/cockroach/pkg/sql/pgwire/pgcode" "github.com/cockroachdb/cockroach/pkg/sql/pgwire/pgerror" "github.com/cockroachdb/cockroach/pkg/sql/privilege" @@ -251,10 +252,11 @@ func (p *planner) accumulateDependentTables( } func (p *planner) removeDbComment(ctx context.Context, dbID sqlbase.ID) error { - _, err := p.ExtendedEvalContext().ExecCfg.InternalExecutor.Exec( + _, err := p.ExtendedEvalContext().ExecCfg.InternalExecutor.ExecWithUser( ctx, "delete-db-comment", p.txn, + security.RootUser, "DELETE FROM system.comments WHERE type=$1 AND object_id=$2 AND sub_id=0", keys.DatabaseCommentType, dbID) diff --git a/pkg/sql/drop_table.go b/pkg/sql/drop_table.go index a7925ad66d0a..0a62ad5dbe0a 100644 --- a/pkg/sql/drop_table.go +++ b/pkg/sql/drop_table.go @@ -19,6 +19,7 @@ import ( "github.com/cockroachdb/cockroach/pkg/jobs/jobspb" "github.com/cockroachdb/cockroach/pkg/keys" "github.com/cockroachdb/cockroach/pkg/roachpb" + "github.com/cockroachdb/cockroach/pkg/security" "github.com/cockroachdb/cockroach/pkg/sql/privilege" "github.com/cockroachdb/cockroach/pkg/sql/sem/tree" "github.com/cockroachdb/cockroach/pkg/sql/sqlbase" @@ -569,10 +570,11 @@ func removeMatchingReferences( func (p *planner) removeTableComment( ctx context.Context, tableDesc *sqlbase.MutableTableDescriptor, ) error { - _, err := p.ExtendedEvalContext().ExecCfg.InternalExecutor.Exec( + _, err := p.ExtendedEvalContext().ExecCfg.InternalExecutor.ExecWithUser( ctx, "delete-table-comment", p.txn, + security.RootUser, "DELETE FROM system.comments WHERE type=$1 AND object_id=$2 AND sub_id=0", keys.TableCommentType, tableDesc.ID) @@ -580,10 +582,11 @@ func (p *planner) removeTableComment( return err } - _, err = p.ExtendedEvalContext().ExecCfg.InternalExecutor.Exec( + _, err = p.ExtendedEvalContext().ExecCfg.InternalExecutor.ExecWithUser( ctx, "delete-comment", p.txn, + security.RootUser, "DELETE FROM system.comments WHERE type=$1 AND object_id=$2", keys.ColumnCommentType, tableDesc.ID) diff --git a/pkg/sql/logictest/testdata/logic_test/grant_table b/pkg/sql/logictest/testdata/logic_test/grant_table index 53f6a554e97e..635e3f54cb13 100644 --- a/pkg/sql/logictest/testdata/logic_test/grant_table +++ b/pkg/sql/logictest/testdata/logic_test/grant_table @@ -159,204 +159,201 @@ SET DATABASE = '' query TTTTT colnames,rowsort SELECT * FROM [SHOW GRANTS] WHERE schema_name NOT IN ('crdb_internal', 'pg_catalog', 'information_schema') +ORDER BY 1,2,3 ---- database_name schema_name table_name grantee privilege_type -system public NULL admin GRANT -system public NULL admin SELECT -system public NULL root GRANT -system public NULL root SELECT -defaultdb public NULL admin ALL -defaultdb public NULL root ALL -postgres public NULL admin ALL -postgres public NULL root ALL -test public NULL admin ALL -test public NULL root ALL a public NULL admin ALL a public NULL readwrite ALL a public NULL root ALL -system public namespace admin GRANT -system public namespace admin SELECT -system public namespace root GRANT -system public namespace root SELECT -system public descriptor admin GRANT +defaultdb public NULL admin ALL +defaultdb public NULL root ALL +postgres public NULL root ALL +postgres public NULL admin ALL +system public NULL admin GRANT +system public NULL root SELECT +system public NULL root GRANT +system public NULL admin SELECT +system public comments root INSERT +system public comments root UPDATE +system public comments public SELECT +system public comments root DELETE +system public comments root GRANT +system public comments admin INSERT +system public comments admin GRANT +system public comments admin DELETE +system public comments admin SELECT +system public comments admin UPDATE +system public comments root SELECT +system public descriptor root SELECT system public descriptor admin SELECT +system public descriptor admin GRANT system public descriptor root GRANT -system public descriptor root SELECT -system public users admin DELETE -system public users admin GRANT -system public users admin INSERT -system public users admin SELECT -system public users admin UPDATE -system public users root DELETE -system public users root GRANT -system public users root INSERT -system public users root SELECT -system public users root UPDATE -system public zones admin DELETE -system public zones admin GRANT -system public zones admin INSERT -system public zones admin SELECT -system public zones admin UPDATE -system public zones root DELETE -system public zones root GRANT -system public zones root INSERT -system public zones root SELECT -system public zones root UPDATE -system public settings admin DELETE -system public settings admin GRANT -system public settings admin INSERT -system public settings admin SELECT -system public settings admin UPDATE -system public settings root DELETE -system public settings root GRANT -system public settings root INSERT -system public settings root SELECT -system public settings root UPDATE -system public lease admin DELETE -system public lease admin GRANT -system public lease admin INSERT -system public lease admin SELECT -system public lease admin UPDATE -system public lease root DELETE -system public lease root GRANT -system public lease root INSERT -system public lease root SELECT -system public lease root UPDATE -system public eventlog admin DELETE -system public eventlog admin GRANT +system public eventlog root SELECT +system public eventlog root INSERT system public eventlog admin INSERT system public eventlog admin SELECT +system public eventlog root GRANT +system public eventlog admin DELETE system public eventlog admin UPDATE system public eventlog root DELETE -system public eventlog root GRANT -system public eventlog root INSERT -system public eventlog root SELECT system public eventlog root UPDATE -system public rangelog admin DELETE -system public rangelog admin GRANT -system public rangelog admin INSERT -system public rangelog admin SELECT -system public rangelog admin UPDATE -system public rangelog root DELETE -system public rangelog root GRANT -system public rangelog root INSERT -system public rangelog root SELECT -system public rangelog root UPDATE -system public ui admin DELETE -system public ui admin GRANT -system public ui admin INSERT -system public ui admin SELECT -system public ui admin UPDATE -system public ui root DELETE -system public ui root GRANT -system public ui root INSERT -system public ui root SELECT -system public ui root UPDATE +system public eventlog admin GRANT system public jobs admin DELETE -system public jobs admin GRANT system public jobs admin INSERT system public jobs admin SELECT -system public jobs admin UPDATE system public jobs root DELETE system public jobs root GRANT system public jobs root INSERT system public jobs root SELECT system public jobs root UPDATE -system public web_sessions admin DELETE -system public web_sessions admin GRANT -system public web_sessions admin INSERT -system public web_sessions admin SELECT -system public web_sessions admin UPDATE -system public web_sessions root DELETE -system public web_sessions root GRANT -system public web_sessions root INSERT -system public web_sessions root SELECT -system public web_sessions root UPDATE -system public table_statistics admin DELETE -system public table_statistics admin GRANT -system public table_statistics admin INSERT -system public table_statistics admin SELECT -system public table_statistics admin UPDATE -system public table_statistics root DELETE -system public table_statistics root GRANT -system public table_statistics root INSERT -system public table_statistics root SELECT -system public table_statistics root UPDATE -system public locations admin DELETE -system public locations admin GRANT -system public locations admin INSERT +system public jobs admin GRANT +system public jobs admin UPDATE +system public lease root SELECT +system public lease root UPDATE +system public lease root INSERT +system public lease root GRANT +system public lease root DELETE +system public lease admin UPDATE +system public lease admin GRANT +system public lease admin DELETE +system public lease admin INSERT +system public lease admin SELECT system public locations admin SELECT +system public locations admin INSERT system public locations admin UPDATE -system public locations root DELETE -system public locations root GRANT system public locations root INSERT +system public locations admin DELETE +system public locations admin GRANT system public locations root SELECT system public locations root UPDATE -system public role_members admin DELETE -system public role_members admin GRANT -system public role_members admin INSERT -system public role_members admin SELECT -system public role_members admin UPDATE -system public role_members root DELETE -system public role_members root GRANT -system public role_members root INSERT -system public role_members root SELECT -system public role_members root UPDATE -system public comments admin DELETE -system public comments admin GRANT -system public comments admin INSERT -system public comments admin SELECT -system public comments admin UPDATE -system public comments public DELETE -system public comments public GRANT -system public comments public INSERT -system public comments public SELECT -system public comments public UPDATE -system public comments root DELETE -system public comments root GRANT -system public comments root INSERT -system public comments root SELECT -system public comments root UPDATE +system public locations root GRANT +system public locations root DELETE +system public namespace root SELECT +system public namespace admin SELECT +system public namespace root GRANT +system public namespace admin GRANT +system public rangelog root GRANT +system public rangelog root UPDATE +system public rangelog root SELECT +system public rangelog root DELETE +system public rangelog admin UPDATE +system public rangelog admin SELECT +system public rangelog admin INSERT +system public rangelog admin GRANT +system public rangelog admin DELETE +system public rangelog root INSERT +system public replication_constraint_stats root GRANT system public replication_constraint_stats admin DELETE -system public replication_constraint_stats admin GRANT system public replication_constraint_stats admin INSERT system public replication_constraint_stats admin SELECT -system public replication_constraint_stats admin UPDATE system public replication_constraint_stats root DELETE -system public replication_constraint_stats root GRANT system public replication_constraint_stats root INSERT system public replication_constraint_stats root SELECT system public replication_constraint_stats root UPDATE -system public replication_critical_localities admin DELETE -system public replication_critical_localities admin GRANT +system public replication_constraint_stats admin UPDATE +system public replication_constraint_stats admin GRANT +system public replication_critical_localities root UPDATE system public replication_critical_localities admin INSERT +system public replication_critical_localities admin DELETE system public replication_critical_localities admin SELECT system public replication_critical_localities admin UPDATE system public replication_critical_localities root DELETE system public replication_critical_localities root GRANT system public replication_critical_localities root INSERT system public replication_critical_localities root SELECT -system public replication_critical_localities root UPDATE +system public replication_critical_localities admin GRANT system public replication_stats admin DELETE system public replication_stats admin GRANT system public replication_stats admin INSERT +system public replication_stats root UPDATE system public replication_stats admin SELECT -system public replication_stats admin UPDATE -system public replication_stats root DELETE -system public replication_stats root GRANT system public replication_stats root INSERT +system public replication_stats root GRANT +system public replication_stats root DELETE +system public replication_stats admin UPDATE system public replication_stats root SELECT -system public replication_stats root UPDATE system public reports_meta admin DELETE -system public reports_meta admin GRANT -system public reports_meta admin INSERT system public reports_meta admin SELECT system public reports_meta admin UPDATE system public reports_meta root DELETE -system public reports_meta root GRANT system public reports_meta root INSERT system public reports_meta root SELECT +system public reports_meta admin GRANT system public reports_meta root UPDATE +system public reports_meta admin INSERT +system public reports_meta root GRANT +system public role_members admin DELETE +system public role_members admin SELECT +system public role_members admin INSERT +system public role_members root DELETE +system public role_members admin UPDATE +system public role_members root INSERT +system public role_members root SELECT +system public role_members root UPDATE +system public role_members admin GRANT +system public role_members root GRANT +system public settings admin DELETE +system public settings root SELECT +system public settings root INSERT +system public settings root GRANT +system public settings admin GRANT +system public settings root DELETE +system public settings admin UPDATE +system public settings admin SELECT +system public settings root UPDATE +system public settings admin INSERT +system public table_statistics root UPDATE +system public table_statistics root SELECT +system public table_statistics root INSERT +system public table_statistics admin DELETE +system public table_statistics root GRANT +system public table_statistics admin SELECT +system public table_statistics root DELETE +system public table_statistics admin UPDATE +system public table_statistics admin INSERT +system public table_statistics admin GRANT +system public ui admin DELETE +system public ui root INSERT +system public ui admin GRANT +system public ui admin INSERT +system public ui admin SELECT +system public ui root DELETE +system public ui root GRANT +system public ui root UPDATE +system public ui root SELECT +system public ui admin UPDATE +system public users root SELECT +system public users admin DELETE +system public users admin GRANT +system public users admin INSERT +system public users admin SELECT +system public users admin UPDATE +system public users root DELETE +system public users root GRANT +system public users root INSERT +system public users root UPDATE +system public web_sessions root UPDATE +system public web_sessions admin DELETE +system public web_sessions admin GRANT +system public web_sessions admin INSERT +system public web_sessions admin SELECT +system public web_sessions admin UPDATE +system public web_sessions root DELETE +system public web_sessions root GRANT +system public web_sessions root INSERT +system public web_sessions root SELECT +system public zones admin DELETE +system public zones root INSERT +system public zones admin GRANT +system public zones admin INSERT +system public zones admin SELECT +system public zones admin UPDATE +system public zones root DELETE +system public zones root SELECT +system public zones root UPDATE +system public zones root GRANT +test public NULL root ALL +test public NULL admin ALL query TTTTT colnames SHOW GRANTS FOR root diff --git a/pkg/sql/logictest/testdata/logic_test/information_schema b/pkg/sql/logictest/testdata/logic_test/information_schema index 6007f31ed4c0..9e5340a42cae 100644 --- a/pkg/sql/logictest/testdata/logic_test/information_schema +++ b/pkg/sql/logictest/testdata/logic_test/information_schema @@ -613,7 +613,7 @@ system public web_sessions BASE TABLE system public table_statistics BASE TABLE YES 1 system public locations BASE TABLE YES 1 system public role_members BASE TABLE YES 1 -system public comments BASE TABLE YES 1 +system public comments BASE TABLE YES 5 system public replication_constraint_stats BASE TABLE YES 1 system public replication_critical_localities BASE TABLE YES 1 system public replication_stats BASE TABLE YES 1 @@ -623,7 +623,9 @@ statement ok ALTER TABLE other_db.xyz ADD COLUMN j INT query TTI colnames -SELECT TABLE_CATALOG, TABLE_NAME, VERSION FROM "".information_schema.tables WHERE version > 1 AND TABLE_SCHEMA = 'public' ORDER BY 1,2 +SELECT table_catalog, table_name, version + FROM "".information_schema.tables + WHERE table_catalog != 'system' AND version > 1 AND table_schema = 'public' ORDER BY 1,2 ---- table_catalog table_name version other_db xyz 6 @@ -1405,11 +1407,7 @@ NULL admin system public comments NULL admin system public comments INSERT NULL NO NULL admin system public comments SELECT NULL YES NULL admin system public comments UPDATE NULL NO -NULL public system public comments DELETE NULL NO -NULL public system public comments GRANT NULL NO -NULL public system public comments INSERT NULL NO NULL public system public comments SELECT NULL YES -NULL public system public comments UPDATE NULL NO NULL root system public comments DELETE NULL NO NULL root system public comments GRANT NULL NO NULL root system public comments INSERT NULL NO @@ -1824,11 +1822,7 @@ NULL admin system public comments NULL admin system public comments INSERT NULL NO NULL admin system public comments SELECT NULL YES NULL admin system public comments UPDATE NULL NO -NULL public system public comments DELETE NULL NO -NULL public system public comments GRANT NULL NO -NULL public system public comments INSERT NULL NO NULL public system public comments SELECT NULL YES -NULL public system public comments UPDATE NULL NO NULL root system public comments DELETE NULL NO NULL root system public comments GRANT NULL NO NULL root system public comments INSERT NULL NO diff --git a/pkg/sql/logictest/testdata/logic_test/privileges_comments b/pkg/sql/logictest/testdata/logic_test/privileges_comments new file mode 100644 index 000000000000..e5d83f5567be --- /dev/null +++ b/pkg/sql/logictest/testdata/logic_test/privileges_comments @@ -0,0 +1,69 @@ +# Disable automatic stats to avoid flakiness. +statement ok +SET CLUSTER SETTING sql.stats.automatic_collection.enabled = false + +subtest regression45707 + +user root + +statement ok +CREATE DATABASE d45707; CREATE TABLE d45707.t45707(x INT); + GRANT SELECT ON DATABASE d45707 TO testuser; + GRANT SELECT ON d45707.t45707 TO testuser + +statement ok +COMMENT ON DATABASE d45707 IS 'd45707'; +COMMENT ON TABLE d45707.t45707 IS 't45707'; +COMMENT ON COLUMN d45707.t45707.x IS 'x45707'; + +user testuser + +statement ok +SET DATABASE = d45707 + +# Verify the user cannot modify the comments + +statement error user testuser does not have CREATE privilege on database d45707 +COMMENT ON DATABASE d45707 IS 'd45707' + +statement error user testuser does not have CREATE privilege on relation t45707 +COMMENT ON TABLE d45707.t45707 IS 't45707' + +statement error user testuser does not have CREATE privilege on relation t45707 +COMMENT ON COLUMN d45707.t45707.x IS 'x45707' + +# Verify that the user can view the comments + +query T +SELECT shobj_description(oid, 'pg_database') + FROM pg_database + WHERE datname = 'd45707' +---- +d45707 + +query T +SELECT col_description(attrelid, attnum) + FROM pg_attribute + WHERE attrelid = 't45707'::regclass AND attname = 'x' +---- +x45707 + +query T +SELECT obj_description('t45707'::REGCLASS) +---- +t45707 + +# Verify that the user can modify the comments. + +user root + +statement ok +GRANT ALL ON DATABASE d45707 TO testuser; + GRANT ALL ON TABLE d45707.t45707 TO testuser + +user testuser + +statement ok +COMMENT ON DATABASE d45707 IS 'd45707_2'; +COMMENT ON TABLE d45707.t45707 IS 't45707_2'; +COMMENT ON COLUMN d45707.t45707.x IS 'x45707_2'; diff --git a/pkg/sql/logictest/testdata/logic_test/system b/pkg/sql/logictest/testdata/logic_test/system index 8d16c2070549..b8d82f0d93e0 100644 --- a/pkg/sql/logictest/testdata/logic_test/system +++ b/pkg/sql/logictest/testdata/logic_test/system @@ -201,189 +201,185 @@ system public root SELECT query TTTTT SHOW GRANTS ON system.* ---- -system public comments admin DELETE -system public comments admin GRANT -system public comments admin INSERT -system public comments admin SELECT -system public comments admin UPDATE -system public comments public DELETE -system public comments public GRANT -system public comments public INSERT -system public comments public SELECT -system public comments public UPDATE -system public comments root DELETE -system public comments root GRANT -system public comments root INSERT -system public comments root SELECT -system public comments root UPDATE -system public descriptor admin GRANT -system public descriptor admin SELECT -system public descriptor root GRANT -system public descriptor root SELECT -system public eventlog admin DELETE -system public eventlog admin GRANT -system public eventlog admin INSERT -system public eventlog admin SELECT -system public eventlog admin UPDATE -system public eventlog root DELETE -system public eventlog root GRANT -system public eventlog root INSERT -system public eventlog root SELECT -system public eventlog root UPDATE -system public jobs admin DELETE -system public jobs admin GRANT -system public jobs admin INSERT -system public jobs admin SELECT -system public jobs admin UPDATE -system public jobs root DELETE -system public jobs root GRANT -system public jobs root INSERT -system public jobs root SELECT -system public jobs root UPDATE -system public lease admin DELETE -system public lease admin GRANT -system public lease admin INSERT -system public lease admin SELECT -system public lease admin UPDATE -system public lease root DELETE -system public lease root GRANT -system public lease root INSERT -system public lease root SELECT -system public lease root UPDATE -system public locations admin DELETE -system public locations admin GRANT -system public locations admin INSERT -system public locations admin SELECT -system public locations admin UPDATE -system public locations root DELETE -system public locations root GRANT -system public locations root INSERT -system public locations root SELECT -system public locations root UPDATE -system public namespace admin GRANT -system public namespace admin SELECT -system public namespace root GRANT -system public namespace root SELECT -system public rangelog admin DELETE -system public rangelog admin GRANT -system public rangelog admin INSERT -system public rangelog admin SELECT -system public rangelog admin UPDATE -system public rangelog root DELETE -system public rangelog root GRANT -system public rangelog root INSERT -system public rangelog root SELECT -system public rangelog root UPDATE -system public replication_constraint_stats admin DELETE -system public replication_constraint_stats admin GRANT -system public replication_constraint_stats admin INSERT -system public replication_constraint_stats admin SELECT -system public replication_constraint_stats admin UPDATE -system public replication_constraint_stats root DELETE -system public replication_constraint_stats root GRANT -system public replication_constraint_stats root INSERT -system public replication_constraint_stats root SELECT -system public replication_constraint_stats root UPDATE -system public replication_critical_localities admin DELETE -system public replication_critical_localities admin GRANT -system public replication_critical_localities admin INSERT -system public replication_critical_localities admin SELECT -system public replication_critical_localities admin UPDATE -system public replication_critical_localities root DELETE -system public replication_critical_localities root GRANT -system public replication_critical_localities root INSERT -system public replication_critical_localities root SELECT -system public replication_critical_localities root UPDATE -system public replication_stats admin DELETE -system public replication_stats admin GRANT -system public replication_stats admin INSERT -system public replication_stats admin SELECT -system public replication_stats admin UPDATE -system public replication_stats root DELETE -system public replication_stats root GRANT -system public replication_stats root INSERT -system public replication_stats root SELECT -system public replication_stats root UPDATE -system public reports_meta admin DELETE -system public reports_meta admin GRANT -system public reports_meta admin INSERT -system public reports_meta admin SELECT -system public reports_meta admin UPDATE -system public reports_meta root DELETE -system public reports_meta root GRANT -system public reports_meta root INSERT -system public reports_meta root SELECT -system public reports_meta root UPDATE -system public role_members admin DELETE -system public role_members admin GRANT -system public role_members admin INSERT -system public role_members admin SELECT -system public role_members admin UPDATE -system public role_members root DELETE -system public role_members root GRANT -system public role_members root INSERT -system public role_members root SELECT -system public role_members root UPDATE -system public settings admin DELETE -system public settings admin GRANT -system public settings admin INSERT -system public settings admin SELECT -system public settings admin UPDATE -system public settings root DELETE -system public settings root GRANT -system public settings root INSERT -system public settings root SELECT -system public settings root UPDATE -system public table_statistics admin DELETE -system public table_statistics admin GRANT -system public table_statistics admin INSERT -system public table_statistics admin SELECT -system public table_statistics admin UPDATE -system public table_statistics root DELETE -system public table_statistics root GRANT -system public table_statistics root INSERT -system public table_statistics root SELECT -system public table_statistics root UPDATE -system public ui admin DELETE -system public ui admin GRANT -system public ui admin INSERT -system public ui admin SELECT -system public ui admin UPDATE -system public ui root DELETE -system public ui root GRANT -system public ui root INSERT -system public ui root SELECT -system public ui root UPDATE -system public users admin DELETE -system public users admin GRANT -system public users admin INSERT -system public users admin SELECT -system public users admin UPDATE -system public users root DELETE -system public users root GRANT -system public users root INSERT -system public users root SELECT -system public users root UPDATE -system public web_sessions admin DELETE -system public web_sessions admin GRANT -system public web_sessions admin INSERT -system public web_sessions admin SELECT -system public web_sessions admin UPDATE -system public web_sessions root DELETE -system public web_sessions root GRANT -system public web_sessions root INSERT -system public web_sessions root SELECT -system public web_sessions root UPDATE -system public zones admin DELETE -system public zones admin GRANT -system public zones admin INSERT -system public zones admin SELECT -system public zones admin UPDATE -system public zones root DELETE -system public zones root GRANT -system public zones root INSERT -system public zones root SELECT -system public zones root UPDATE +system public comments admin DELETE +system public comments admin GRANT +system public comments admin INSERT +system public comments admin SELECT +system public comments admin UPDATE +system public comments public SELECT +system public comments root DELETE +system public comments root GRANT +system public comments root INSERT +system public comments root SELECT +system public comments root UPDATE +system public descriptor admin GRANT +system public descriptor admin SELECT +system public descriptor root GRANT +system public descriptor root SELECT +system public eventlog admin DELETE +system public eventlog admin GRANT +system public eventlog admin INSERT +system public eventlog admin SELECT +system public eventlog admin UPDATE +system public eventlog root DELETE +system public eventlog root GRANT +system public eventlog root INSERT +system public eventlog root SELECT +system public eventlog root UPDATE +system public jobs admin DELETE +system public jobs admin GRANT +system public jobs admin INSERT +system public jobs admin SELECT +system public jobs admin UPDATE +system public jobs root DELETE +system public jobs root GRANT +system public jobs root INSERT +system public jobs root SELECT +system public jobs root UPDATE +system public lease admin DELETE +system public lease admin GRANT +system public lease admin INSERT +system public lease admin SELECT +system public lease admin UPDATE +system public lease root DELETE +system public lease root GRANT +system public lease root INSERT +system public lease root SELECT +system public lease root UPDATE +system public locations admin DELETE +system public locations admin GRANT +system public locations admin INSERT +system public locations admin SELECT +system public locations admin UPDATE +system public locations root DELETE +system public locations root GRANT +system public locations root INSERT +system public locations root SELECT +system public locations root UPDATE +system public namespace admin GRANT +system public namespace admin SELECT +system public namespace root GRANT +system public namespace root SELECT +system public rangelog admin DELETE +system public rangelog admin GRANT +system public rangelog admin INSERT +system public rangelog admin SELECT +system public rangelog admin UPDATE +system public rangelog root DELETE +system public rangelog root GRANT +system public rangelog root INSERT +system public rangelog root SELECT +system public rangelog root UPDATE +system public replication_constraint_stats admin DELETE +system public replication_constraint_stats admin GRANT +system public replication_constraint_stats admin INSERT +system public replication_constraint_stats admin SELECT +system public replication_constraint_stats admin UPDATE +system public replication_constraint_stats root DELETE +system public replication_constraint_stats root GRANT +system public replication_constraint_stats root INSERT +system public replication_constraint_stats root SELECT +system public replication_constraint_stats root UPDATE +system public replication_critical_localities admin DELETE +system public replication_critical_localities admin GRANT +system public replication_critical_localities admin INSERT +system public replication_critical_localities admin SELECT +system public replication_critical_localities admin UPDATE +system public replication_critical_localities root DELETE +system public replication_critical_localities root GRANT +system public replication_critical_localities root INSERT +system public replication_critical_localities root SELECT +system public replication_critical_localities root UPDATE +system public replication_stats admin DELETE +system public replication_stats admin GRANT +system public replication_stats admin INSERT +system public replication_stats admin SELECT +system public replication_stats admin UPDATE +system public replication_stats root DELETE +system public replication_stats root GRANT +system public replication_stats root INSERT +system public replication_stats root SELECT +system public replication_stats root UPDATE +system public reports_meta admin DELETE +system public reports_meta admin GRANT +system public reports_meta admin INSERT +system public reports_meta admin SELECT +system public reports_meta admin UPDATE +system public reports_meta root DELETE +system public reports_meta root GRANT +system public reports_meta root INSERT +system public reports_meta root SELECT +system public reports_meta root UPDATE +system public role_members admin DELETE +system public role_members admin GRANT +system public role_members admin INSERT +system public role_members admin SELECT +system public role_members admin UPDATE +system public role_members root DELETE +system public role_members root GRANT +system public role_members root INSERT +system public role_members root SELECT +system public role_members root UPDATE +system public settings admin DELETE +system public settings admin GRANT +system public settings admin INSERT +system public settings admin SELECT +system public settings admin UPDATE +system public settings root DELETE +system public settings root GRANT +system public settings root INSERT +system public settings root SELECT +system public settings root UPDATE +system public table_statistics admin DELETE +system public table_statistics admin GRANT +system public table_statistics admin INSERT +system public table_statistics admin SELECT +system public table_statistics admin UPDATE +system public table_statistics root DELETE +system public table_statistics root GRANT +system public table_statistics root INSERT +system public table_statistics root SELECT +system public table_statistics root UPDATE +system public ui admin DELETE +system public ui admin GRANT +system public ui admin INSERT +system public ui admin SELECT +system public ui admin UPDATE +system public ui root DELETE +system public ui root GRANT +system public ui root INSERT +system public ui root SELECT +system public ui root UPDATE +system public users admin DELETE +system public users admin GRANT +system public users admin INSERT +system public users admin SELECT +system public users admin UPDATE +system public users root DELETE +system public users root GRANT +system public users root INSERT +system public users root SELECT +system public users root UPDATE +system public web_sessions admin DELETE +system public web_sessions admin GRANT +system public web_sessions admin INSERT +system public web_sessions admin SELECT +system public web_sessions admin UPDATE +system public web_sessions root DELETE +system public web_sessions root GRANT +system public web_sessions root INSERT +system public web_sessions root SELECT +system public web_sessions root UPDATE +system public zones admin DELETE +system public zones admin GRANT +system public zones admin INSERT +system public zones admin SELECT +system public zones admin UPDATE +system public zones root DELETE +system public zones root GRANT +system public zones root INSERT +system public zones root SELECT +system public zones root UPDATE statement error user root does not have DROP privilege on database system ALTER DATABASE system RENAME TO not_system diff --git a/pkg/sql/sem/builtins/pg_builtins.go b/pkg/sql/sem/builtins/pg_builtins.go index 58d82618dafe..9f4768e25fe3 100644 --- a/pkg/sql/sem/builtins/pg_builtins.go +++ b/pkg/sql/sem/builtins/pg_builtins.go @@ -818,9 +818,17 @@ var pgBuiltins = map[string]builtinDefinition{ // below to pick up the table comment by accident. return tree.DNull, nil } + // Note: the following is equivalent to: + // + // SELECT description FROM pg_catalog.pg_description + // WHERE objoid=$1 AND objsubid=$2 LIMIT 1 + // + // TODO(jordanlewis): Really we'd like to query this directly + // on pg_description and let predicate push-down do its job. r, err := ctx.InternalExecutor.QueryRow( ctx.Ctx(), "pg_get_coldesc", - ctx.Txn, ` + ctx.Txn, + ` SELECT COALESCE(c.comment, pc.comment) FROM system.comments c FULL OUTER JOIN crdb_internal.predefined_comments pc ON pc.object_id=c.object_id AND pc.sub_id=c.sub_id AND pc.type = c.type diff --git a/pkg/sql/sqlbase/system.go b/pkg/sql/sqlbase/system.go index 397582b44d02..3a4c22d7b203 100644 --- a/pkg/sql/sqlbase/system.go +++ b/pkg/sql/sqlbase/system.go @@ -1162,6 +1162,7 @@ func IsReservedID(id ID) bool { // newCommentPrivilegeDescriptor returns a privilege descriptor for comment table func newCommentPrivilegeDescriptor(priv privilege.List) *PrivilegeDescriptor { + selectPriv := privilege.List{privilege.SELECT} return &PrivilegeDescriptor{ Users: []UserPrivileges{ { @@ -1170,7 +1171,7 @@ func newCommentPrivilegeDescriptor(priv privilege.List) *PrivilegeDescriptor { }, { User: PublicRole, - Privileges: priv.ToBitField(), + Privileges: selectPriv.ToBitField(), }, { User: security.RootUser, diff --git a/pkg/sql/truncate.go b/pkg/sql/truncate.go index 108c2f68bd03..19294d661361 100644 --- a/pkg/sql/truncate.go +++ b/pkg/sql/truncate.go @@ -17,6 +17,7 @@ import ( "github.com/cockroachdb/cockroach/pkg/internal/client" "github.com/cockroachdb/cockroach/pkg/jobs/jobspb" "github.com/cockroachdb/cockroach/pkg/roachpb" + "github.com/cockroachdb/cockroach/pkg/security" "github.com/cockroachdb/cockroach/pkg/sql/privilege" "github.com/cockroachdb/cockroach/pkg/sql/row" "github.com/cockroachdb/cockroach/pkg/sql/sem/tree" @@ -386,10 +387,11 @@ func reassignReferencedTables( func reassignComments( ctx context.Context, p *planner, oldTableDesc, newTableDesc *sqlbase.MutableTableDescriptor, ) error { - _, err := p.ExtendedEvalContext().ExecCfg.InternalExecutor.Exec( + _, err := p.ExtendedEvalContext().ExecCfg.InternalExecutor.ExecWithUser( ctx, "update-table-comments", p.txn, + security.RootUser, `UPDATE system.comments SET object_id=$1 WHERE object_id=$2`, newTableDesc.ID, oldTableDesc.ID, diff --git a/pkg/sqlmigrations/migrations.go b/pkg/sqlmigrations/migrations.go index eeebd36d7034..4d85c9a74a26 100644 --- a/pkg/sqlmigrations/migrations.go +++ b/pkg/sqlmigrations/migrations.go @@ -255,6 +255,11 @@ var backwardCompatibleMigrations = []migrationDescriptor{ return nil }, }, + { + // Introduced in v20.1. + name: "remove public permissions on system.comments", + workFn: depublicizeSystemComments, + }, } func staticIDs(ids ...sqlbase.ID) func(ctx context.Context, db db) ([]sqlbase.ID, error) { @@ -892,3 +897,19 @@ func updateSystemLocationData(ctx context.Context, r runner) error { } return nil } + +func depublicizeSystemComments(ctx context.Context, r runner) error { + // At some point in time, system.comments was mistakenly created + // with all privileges granted to the "public" role (i.e. everyone). + // This migration cleans this up. + + for _, priv := range []string{"GRANT", "INSERT", "DELETE", "UPDATE"} { + stmt := fmt.Sprintf(`REVOKE %s ON TABLE system.comments FROM public`, priv) + // REVOKE should never fail here -- it's always possible for root + // to revoke a privilege even if it's not currently granted. + if _, err := r.sqlExecutor.Exec(ctx, "depublicize-system-comments", nil, stmt); err != nil { + return err + } + } + return nil +}