diff --git a/pkg/ccl/backupccl/testdata/backup-restore/backup-permissions b/pkg/ccl/backupccl/testdata/backup-restore/backup-permissions index 47155cc44967..b1cfc85b5872 100644 --- a/pkg/ccl/backupccl/testdata/backup-restore/backup-permissions +++ b/pkg/ccl/backupccl/testdata/backup-restore/backup-permissions @@ -295,8 +295,7 @@ BACKUP INTO 'userfile:///test-nonroot-cluster'; exec-sql user=testuser BACKUP DATABASE d_test_fn INTO 'userfile:///test-nonroot-db'; ---- -pq: user testuser does not have EXECUTE privilege on function f -HINT: The existing privileges are being deprecated in favour of a fine-grained privilege model explained here https://www.cockroachlabs.com/docs/stable/backup.html#required-privileges. In a future release, to run BACKUP DATABASE, user testuser will exclusively require the BACKUP privilege on database d_test_fn. +NOTICE: The existing privileges are being deprecated in favour of a fine-grained privilege model explained here https://www.cockroachlabs.com/docs/stable/backup.html#required-privileges. In a future release, to run BACKUP DATABASE, user testuser will exclusively require the BACKUP privilege on database d_test_fn. exec-sql REVOKE SYSTEM BACKUP FROM testuser; diff --git a/pkg/sql/catalog/catpb/default_privilege.go b/pkg/sql/catalog/catpb/default_privilege.go index a6c51af9ac5e..ea31d0ea1afe 100644 --- a/pkg/sql/catalog/catpb/default_privilege.go +++ b/pkg/sql/catalog/catpb/default_privilege.go @@ -107,7 +107,8 @@ func InitDefaultPrivilegesForRole( if role.ForAllRoles { defaultPrivilegesRole = &DefaultPrivilegesForRole_ForAllRoles{ ForAllRoles: &DefaultPrivilegesForRole_ForAllRolesPseudoRole{ - PublicHasUsageOnTypes: true, + PublicHasUsageOnTypes: true, + PublicHasExecuteOnFunctions: true, }, } return DefaultPrivilegesForRole{ @@ -121,6 +122,7 @@ func InitDefaultPrivilegesForRole( ExplicitRole: &DefaultPrivilegesForRole_ExplicitRole{ UserProto: role.Role.EncodeProto(), PublicHasUsageOnTypes: true, + PublicHasExecuteOnFunctions: true, RoleHasAllPrivilegesOnTables: true, RoleHasAllPrivilegesOnSequences: true, RoleHasAllPrivilegesOnSchemas: true, diff --git a/pkg/sql/catalog/catpb/privilege.proto b/pkg/sql/catalog/catpb/privilege.proto index 88655a82baa5..3fd5de4aa303 100644 --- a/pkg/sql/catalog/catpb/privilege.proto +++ b/pkg/sql/catalog/catpb/privilege.proto @@ -67,6 +67,7 @@ message DefaultPrivilegesForRole { optional bool role_has_all_privileges_on_schemas = 7 [(gogoproto.nullable) = false]; optional bool role_has_all_privileges_on_types = 8 [(gogoproto.nullable) = false]; optional bool role_has_all_privileges_on_functions = 9 [(gogoproto.nullable) = false]; + optional bool public_has_execute_on_functions = 10 [(gogoproto.nullable) = false]; } // ForAllRoles represents when default privileges are defined // using FOR ALL ROLES. @@ -76,6 +77,7 @@ message DefaultPrivilegesForRole { // role has privileges on tables/sequences/schemas and types as // for_all_roles is not a real role and cannot have grants. optional bool public_has_usage_on_types = 11 [(gogoproto.nullable) = false]; + optional bool public_has_execute_on_functions = 12 [(gogoproto.nullable) = false]; } oneof role { ExplicitRole explicit_role = 12; diff --git a/pkg/sql/catalog/catprivilege/default_privilege.go b/pkg/sql/catalog/catprivilege/default_privilege.go index 4fa3bb365b9a..73fa7ed3680c 100644 --- a/pkg/sql/catalog/catprivilege/default_privilege.go +++ b/pkg/sql/catalog/catprivilege/default_privilege.go @@ -157,8 +157,9 @@ func (d *Mutable) RevokeDefaultPrivileges( (!GetRoleHasAllPrivilegesOnTargetObject(defaultPrivilegesForRole, privilege.Tables) || !GetRoleHasAllPrivilegesOnTargetObject(defaultPrivilegesForRole, privilege.Sequences) || !GetRoleHasAllPrivilegesOnTargetObject(defaultPrivilegesForRole, privilege.Types) || - !GetRoleHasAllPrivilegesOnTargetObject(defaultPrivilegesForRole, privilege.Schemas)) || - !GetPublicHasUsageOnTypes(defaultPrivilegesForRole) { + !GetRoleHasAllPrivilegesOnTargetObject(defaultPrivilegesForRole, privilege.Schemas) || + !GetPublicHasUsageOnTypes(defaultPrivilegesForRole) || + !GetPublicHasExecuteOnFunctions(defaultPrivilegesForRole)) { return nil } @@ -334,6 +335,19 @@ func foldPrivileges( return err } } + if targetObject == privilege.Functions && + privileges.CheckPrivilege(username.PublicRoleName(), privilege.EXECUTE) { + setPublicHasExecuteOnFunctions(defaultPrivilegesForRole, true) + if err := privileges.Revoke( + username.PublicRoleName(), + privilege.List{privilege.EXECUTE}, + privilege.Function, + false, /* grantOptionFor */ + ); err != nil { + return err + } + } + // ForAllRoles cannot be a grantee, nothing left to do. if role.ForAllRoles { return nil @@ -368,6 +382,10 @@ func expandPrivileges( privileges.Grant(username.PublicRoleName(), privilege.List{privilege.USAGE}, false /* withGrantOption */) setPublicHasUsageOnTypes(defaultPrivilegesForRole, false) } + if targetObject == privilege.Functions && GetPublicHasExecuteOnFunctions(defaultPrivilegesForRole) { + privileges.Grant(username.PublicRoleName(), privilege.List{privilege.EXECUTE}, false /* withGrantOption */) + setPublicHasExecuteOnFunctions(defaultPrivilegesForRole, false) + } // ForAllRoles cannot be a grantee, nothing left to do. if role.ForAllRoles { return @@ -396,10 +414,16 @@ func GetUserPrivilegesForObject( Privileges: privilege.USAGE.Mask(), }) } + if GetPublicHasExecuteOnFunctions(&p) && targetObject == privilege.Functions { + userPrivileges = append(userPrivileges, catpb.UserPrivileges{ + UserProto: username.PublicRoleName().EncodeProto(), + Privileges: privilege.EXECUTE.Mask(), + }) + } return userPrivileges } -// GetPublicHasUsageOnTypes returns whether Public has Usage privilege on types. +// GetPublicHasUsageOnTypes returns whether Public has USAGE privilege on types. func GetPublicHasUsageOnTypes(defaultPrivilegesForRole *catpb.DefaultPrivilegesForRole) bool { if defaultPrivilegesForRole.IsExplicitRole() { return defaultPrivilegesForRole.GetExplicitRole().PublicHasUsageOnTypes @@ -407,6 +431,14 @@ func GetPublicHasUsageOnTypes(defaultPrivilegesForRole *catpb.DefaultPrivilegesF return defaultPrivilegesForRole.GetForAllRoles().PublicHasUsageOnTypes } +// GetPublicHasExecuteOnFunctions returns whether Public has EXECUTE privilege on functions. +func GetPublicHasExecuteOnFunctions(defaultPrivilegesForRole *catpb.DefaultPrivilegesForRole) bool { + if defaultPrivilegesForRole.IsExplicitRole() { + return defaultPrivilegesForRole.GetExplicitRole().PublicHasExecuteOnFunctions + } + return defaultPrivilegesForRole.GetForAllRoles().PublicHasExecuteOnFunctions +} + // GetRoleHasAllPrivilegesOnTargetObject returns whether the creator role // has all privileges on the default privileges target object. func GetRoleHasAllPrivilegesOnTargetObject( @@ -443,6 +475,17 @@ func setPublicHasUsageOnTypes( } } +// setPublicHasExecuteOnFunctions sets PublicHasExecuteOnFunctions to publicHasExecuteOnFunctions. +func setPublicHasExecuteOnFunctions( + defaultPrivilegesForRole *catpb.DefaultPrivilegesForRole, publicHasExecuteOnFunctions bool, +) { + if defaultPrivilegesForRole.IsExplicitRole() { + defaultPrivilegesForRole.GetExplicitRole().PublicHasExecuteOnFunctions = publicHasExecuteOnFunctions + } else { + defaultPrivilegesForRole.GetForAllRoles().PublicHasExecuteOnFunctions = publicHasExecuteOnFunctions + } +} + // applyDefaultPrivileges adds new privileges to this descriptor and new grant options which // could be different from the privileges. Unlike the normal grant, the privileges // and the grant options being granted could be different diff --git a/pkg/sql/catalog/catprivilege/default_privilege_test.go b/pkg/sql/catalog/catprivilege/default_privilege_test.go index 8e3bba30fec2..c4960cbe081e 100644 --- a/pkg/sql/catalog/catprivilege/default_privilege_test.go +++ b/pkg/sql/catalog/catprivilege/default_privilege_test.go @@ -844,6 +844,45 @@ func TestModifyDefaultDefaultPrivilegesForPublic(t *testing.T) { if GetPublicHasUsageOnTypes(defaultPrivilegesForCreator) { t.Errorf("expected public to not have USAGE privilege on types") } + + if err := defaultPrivileges.RevokeDefaultPrivileges( + catpb.DefaultPrivilegesRole{Role: creatorUser}, + privilege.List{privilege.EXECUTE}, + []username.SQLUsername{username.PublicRoleName()}, + privilege.Functions, + false, /* grantOptionFor */ + ); err != nil { + t.Fatal(err) + } + if GetPublicHasExecuteOnFunctions(defaultPrivilegesForCreator) { + t.Errorf("expected public to not have EXECUTE privilege on functions") + } + if err := defaultPrivileges.GrantDefaultPrivileges( + catpb.DefaultPrivilegesRole{Role: creatorUser}, + privilege.List{privilege.EXECUTE}, + []username.SQLUsername{username.PublicRoleName()}, + privilege.Functions, + false, /* withGrantOption */ + ); err != nil { + t.Fatal(err) + } + if !GetPublicHasExecuteOnFunctions(defaultPrivilegesForCreator) { + t.Errorf("expected public to have EXECUTE privilege on functions") + } + + // Test a complete revoke afterwards. + if err := defaultPrivileges.RevokeDefaultPrivileges( + catpb.DefaultPrivilegesRole{Role: creatorUser}, + privilege.List{privilege.EXECUTE}, + []username.SQLUsername{username.PublicRoleName()}, + privilege.Functions, + false, /* grantOptionFor */ + ); err != nil { + t.Fatal(err) + } + if GetPublicHasExecuteOnFunctions(defaultPrivilegesForCreator) { + t.Errorf("expected public to not have EXECUTE privilege on functions") + } } // TestApplyDefaultPrivileges tests whether granting potentially different privileges and grant options diff --git a/pkg/sql/crdb_internal.go b/pkg/sql/crdb_internal.go index 0d88accd2a55..3d9db50fb401 100644 --- a/pkg/sql/crdb_internal.go +++ b/pkg/sql/crdb_internal.go @@ -6361,6 +6361,20 @@ CREATE TABLE crdb_internal.default_privileges ( return err } } + if catprivilege.GetPublicHasExecuteOnFunctions(defaultPrivilegesForRole) { + if err := addRow( + database, // database_name + schema, // schema_name + role, // role + forAllRoles, // for_all_roles + tree.NewDString(privilege.Functions.String()), // object_type + tree.NewDString(username.PublicRoleName().Normalized()), // grantee + tree.NewDString(privilege.EXECUTE.String()), // privilege_type + tree.DBoolFalse, // is_grantable + ); err != nil { + return err + } + } } } return nil diff --git a/pkg/sql/information_schema.go b/pkg/sql/information_schema.go index db6de0cf268d..7e8e7f1973c7 100644 --- a/pkg/sql/information_schema.go +++ b/pkg/sql/information_schema.go @@ -1748,6 +1748,7 @@ var informationSchemaRoleRoutineGrantsTable = virtualSchemaTable{ dbNameStr := tree.NewDString(db.GetName()) exPriv := tree.NewDString(privilege.EXECUTE.String()) roleNameForBuiltins := []*tree.DString{ + tree.NewDString(username.AdminRole), tree.NewDString(username.RootUser), tree.NewDString(username.PublicRole), } @@ -1773,7 +1774,7 @@ var informationSchemaRoleRoutineGrantsTable = virtualSchemaTable{ _, overloads := builtinsregistry.GetBuiltinProperties(name) for _, o := range overloads { - fnSpecificName := tree.NewDString(fmt.Sprintf("%s_%d", fnNameStr, o.Oid)) + fnSpecificName := tree.NewDString(nameConcatOid(fnNameStr, o.Oid)) for _, grantee := range roleNameForBuiltins { if err := addRow( tree.DNull, // grantor @@ -1810,42 +1811,39 @@ var informationSchemaRoleRoutineGrantsTable = virtualSchemaTable{ if !canSeeDescriptor { return nil } - privs := fn.GetPrivileges() - scNameStr := tree.NewDString(sc.GetName()) - fnSpecificName := tree.NewDString(fmt.Sprintf("%s_%d", fn.GetName(), catid.FuncIDToOID(fn.GetID()))) - fnName := tree.NewDString(fn.GetName()) - // EXECUTE is the only privilege kind relevant to functions. - if err := addRow( - tree.DNull, // grantor - tree.NewDString(privs.Owner().Normalized()), // grantee - dbNameStr, // specific_catalog - scNameStr, // specific_schema - fnSpecificName, // specific_name - dbNameStr, // routine_catalog - scNameStr, // routine_schema - fnName, // routine_name - exPriv, // privilege_type - yesString, // is_grantable - ); err != nil { + privs, err := fn.GetPrivileges().Show(privilege.Function, true /* showImplicitOwnerPrivs */) + if err != nil { return err } - for _, user := range privs.Users { - if !privilege.EXECUTE.IsSetIn(user.Privileges) { - continue - } - if err := addRow( - tree.DNull, // grantor - tree.NewDString(user.User().Normalized()), // grantee - dbNameStr, // specific_catalog - scNameStr, // specific_schema - fnSpecificName, // specific_name - dbNameStr, // routine_catalog - scNameStr, // routine_schema - fnName, // routine_name - exPriv, // privilege_type - yesOrNoDatum(privilege.EXECUTE.IsSetIn(user.WithGrantOption)), // is_grantable - ); err != nil { - return err + scNameStr := tree.NewDString(sc.GetName()) + + fnSpecificName := tree.NewDString(nameConcatOid(fn.GetName(), catid.FuncIDToOID(fn.GetID()))) + fnName := tree.NewDString(fn.GetName()) + for _, u := range privs { + userNameStr := tree.NewDString(u.User.Normalized()) + for _, priv := range u.Privileges { + // We use this function to check for the grant option so that the + // object owner also gets is_grantable=true. + isGrantable, err := p.CheckGrantOptionsForUser( + ctx, fn.GetPrivileges(), sc, []privilege.Kind{priv.Kind}, u.User, + ) + if err != nil { + return err + } + if err := addRow( + tree.DNull, // grantor + userNameStr, // grantee + dbNameStr, // specific_catalog + scNameStr, // specific_schema + fnSpecificName, // specific_name + dbNameStr, // routine_catalog + scNameStr, // routine_schema + fnName, // routine_name + tree.NewDString(priv.Kind.String()), // privilege_type + yesOrNoDatum(isGrantable), // is_grantable + ); err != nil { + return err + } } } return nil @@ -2958,3 +2956,16 @@ func userCanSeeDescriptor( func descriptorIsVisible(desc catalog.Descriptor, allowAdding bool) bool { return desc.Public() || (allowAdding && desc.Adding()) } + +// nameConcatOid is a Go version of the nameconcatoid builtin function. The +// result is the same as fmt.Sprintf("%s_%d", s, o) except that, if it would not +// fit in 63 characters, we make it do so by truncating the name input (not the +// oid). +func nameConcatOid(s string, o oid.Oid) string { + const maxLen = 63 + oidStr := strconv.Itoa(int(o)) + if len(s)+1+len(oidStr) <= maxLen { + return s + "_" + oidStr + } + return s[:maxLen-1-len(oidStr)] + "_" + oidStr +} diff --git a/pkg/sql/logictest/testdata/logic_test/crdb_internal_catalog b/pkg/sql/logictest/testdata/logic_test/crdb_internal_catalog index 933f2addd649..008c7cbb821d 100644 --- a/pkg/sql/logictest/testdata/logic_test/crdb_internal_catalog +++ b/pkg/sql/logictest/testdata/logic_test/crdb_internal_catalog @@ -170,7 +170,7 @@ SELECT id, strip_volatile(descriptor) FROM crdb_internal.kv_catalog_descriptor O 110 {"type": {"alias": {"arrayContents": {"family": "EnumFamily", "oid": 100109, "udtMetadata": {"arrayTypeOid": 100110}}, "arrayElemType": "EnumFamily", "family": "ArrayFamily", "oid": 100110}, "id": 110, "kind": "ALIAS", "name": "_greeting", "parentId": 106, "parentSchemaId": 108, "privileges": {"ownerProto": "root", "users": [{"privileges": "2", "userProto": "admin", "withGrantOption": "2"}, {"privileges": "512", "userProto": "public"}, {"privileges": "2", "userProto": "root", "withGrantOption": "2"}], "version": 2}, "version": "1"}} 111 {"table": {"checks": [{"columnIds": [1], "constraintId": 2, "expr": "k > 0:::INT8", "name": "ck"}], "columns": [{"id": 1, "name": "k", "type": {"family": "IntFamily", "oid": 20, "width": 64}}, {"id": 2, "name": "v", "nullable": true, "type": {"family": "StringFamily", "oid": 25}}], "dependedOnBy": [{"columnIds": [1, 2], "id": 112}], "formatVersion": 3, "id": 111, "name": "kv", "nextColumnId": 3, "nextConstraintId": 3, "nextIndexId": 2, "nextMutationId": 1, "parentId": 106, "primaryIndex": {"constraintId": 1, "encodingType": 1, "foreignKey": {}, "geoConfig": {}, "id": 1, "interleave": {}, "keyColumnDirections": ["ASC"], "keyColumnIds": [1], "keyColumnNames": ["k"], "name": "kv_pkey", "partitioning": {}, "sharded": {}, "storeColumnIds": [2], "storeColumnNames": ["v"], "unique": true, "version": 4}, "privileges": {"ownerProto": "root", "users": [{"privileges": "2", "userProto": "admin", "withGrantOption": "2"}, {"privileges": "2", "userProto": "root", "withGrantOption": "2"}], "version": 2}, "replacementOf": {"time": {}}, "unexposedParentSchemaId": 107, "version": "4"}} 112 {"table": {"columns": [{"id": 1, "name": "k", "nullable": true, "type": {"family": "IntFamily", "oid": 20, "width": 64}}, {"id": 2, "name": "v", "nullable": true, "type": {"family": "StringFamily", "oid": 25}}, {"defaultExpr": "unique_rowid()", "hidden": true, "id": 3, "name": "rowid", "type": {"family": "IntFamily", "oid": 20, "width": 64}}], "dependsOn": [111], "formatVersion": 3, "id": 112, "indexes": [{"createdExplicitly": true, "foreignKey": {}, "geoConfig": {}, "id": 2, "interleave": {}, "keyColumnDirections": ["ASC"], "keyColumnIds": [2], "keyColumnNames": ["v"], "keySuffixColumnIds": [3], "name": "idx", "partitioning": {}, "sharded": {}, "version": 4}], "isMaterializedView": true, "name": "mv", "nextColumnId": 4, "nextConstraintId": 2, "nextIndexId": 4, "nextMutationId": 1, "parentId": 106, "primaryIndex": {"constraintId": 1, "encodingType": 1, "foreignKey": {}, "geoConfig": {}, "id": 1, "interleave": {}, "keyColumnDirections": ["ASC"], "keyColumnIds": [3], "keyColumnNames": ["rowid"], "name": "mv_pkey", "partitioning": {}, "sharded": {}, "storeColumnIds": [1, 2], "storeColumnNames": ["k", "v"], "unique": true, "version": 4}, "privileges": {"ownerProto": "root", "users": [{"privileges": "2", "userProto": "admin", "withGrantOption": "2"}, {"privileges": "2", "userProto": "root", "withGrantOption": "2"}], "version": 2}, "replacementOf": {"time": {}}, "unexposedParentSchemaId": 107, "version": "8", "viewQuery": "SELECT k, v FROM db.public.kv"}} -113 {"function": {"functionBody": "SELECT json_remove_path(json_remove_path(json_remove_path(json_remove_path(json_remove_path(json_remove_path(json_remove_path(json_remove_path(json_remove_path(json_remove_path(json_remove_path(json_remove_path(d, ARRAY['table':::STRING, 'families':::STRING]:::STRING[]), ARRAY['table':::STRING, 'nextFamilyId':::STRING]:::STRING[]), ARRAY['table':::STRING, 'indexes':::STRING, '0':::STRING, 'createdAtNanos':::STRING]:::STRING[]), ARRAY['table':::STRING, 'indexes':::STRING, '1':::STRING, 'createdAtNanos':::STRING]:::STRING[]), ARRAY['table':::STRING, 'indexes':::STRING, '2':::STRING, 'createdAtNanos':::STRING]:::STRING[]), ARRAY['table':::STRING, 'primaryIndex':::STRING, 'createdAtNanos':::STRING]:::STRING[]), ARRAY['table':::STRING, 'createAsOfTime':::STRING]:::STRING[]), ARRAY['table':::STRING, 'modificationTime':::STRING]:::STRING[]), ARRAY['function':::STRING, 'modificationTime':::STRING]:::STRING[]), ARRAY['type':::STRING, 'modificationTime':::STRING]:::STRING[]), ARRAY['schema':::STRING, 'modificationTime':::STRING]:::STRING[]), ARRAY['database':::STRING, 'modificationTime':::STRING]:::STRING[]);", "id": 113, "lang": "SQL", "name": "strip_volatile", "nullInputBehavior": "CALLED_ON_NULL_INPUT", "params": [{"class": "IN", "name": "d", "type": {"family": "JsonFamily", "oid": 3802}}], "parentId": 104, "parentSchemaId": 105, "privileges": {"ownerProto": "root", "users": [{"privileges": "2", "userProto": "admin", "withGrantOption": "2"}, {"privileges": "2", "userProto": "root", "withGrantOption": "2"}], "version": 2}, "returnType": {"type": {"family": "JsonFamily", "oid": 3802}}, "version": "1", "volatility": "STABLE"}} +113 {"function": {"functionBody": "SELECT json_remove_path(json_remove_path(json_remove_path(json_remove_path(json_remove_path(json_remove_path(json_remove_path(json_remove_path(json_remove_path(json_remove_path(json_remove_path(json_remove_path(d, ARRAY['table':::STRING, 'families':::STRING]:::STRING[]), ARRAY['table':::STRING, 'nextFamilyId':::STRING]:::STRING[]), ARRAY['table':::STRING, 'indexes':::STRING, '0':::STRING, 'createdAtNanos':::STRING]:::STRING[]), ARRAY['table':::STRING, 'indexes':::STRING, '1':::STRING, 'createdAtNanos':::STRING]:::STRING[]), ARRAY['table':::STRING, 'indexes':::STRING, '2':::STRING, 'createdAtNanos':::STRING]:::STRING[]), ARRAY['table':::STRING, 'primaryIndex':::STRING, 'createdAtNanos':::STRING]:::STRING[]), ARRAY['table':::STRING, 'createAsOfTime':::STRING]:::STRING[]), ARRAY['table':::STRING, 'modificationTime':::STRING]:::STRING[]), ARRAY['function':::STRING, 'modificationTime':::STRING]:::STRING[]), ARRAY['type':::STRING, 'modificationTime':::STRING]:::STRING[]), ARRAY['schema':::STRING, 'modificationTime':::STRING]:::STRING[]), ARRAY['database':::STRING, 'modificationTime':::STRING]:::STRING[]);", "id": 113, "lang": "SQL", "name": "strip_volatile", "nullInputBehavior": "CALLED_ON_NULL_INPUT", "params": [{"class": "IN", "name": "d", "type": {"family": "JsonFamily", "oid": 3802}}], "parentId": 104, "parentSchemaId": 105, "privileges": {"ownerProto": "root", "users": [{"privileges": "2", "userProto": "admin", "withGrantOption": "2"}, {"privileges": "1048576", "userProto": "public"}, {"privileges": "2", "userProto": "root", "withGrantOption": "2"}], "version": 2}, "returnType": {"type": {"family": "JsonFamily", "oid": 3802}}, "version": "1", "volatility": "STABLE"}} 4294966978 {"table": {"columns": [{"id": 1, "name": "srid", "nullable": true, "type": {"family": "IntFamily", "oid": 20, "width": 64}}, {"id": 2, "name": "auth_name", "nullable": true, "type": {"family": "StringFamily", "oid": 1043, "visibleType": 7, "width": 256}}, {"id": 3, "name": "auth_srid", "nullable": true, "type": {"family": "IntFamily", "oid": 20, "width": 64}}, {"id": 4, "name": "srtext", "nullable": true, "type": {"family": "StringFamily", "oid": 1043, "visibleType": 7, "width": 2048}}, {"id": 5, "name": "proj4text", "nullable": true, "type": {"family": "StringFamily", "oid": 1043, "visibleType": 7, "width": 2048}}], "formatVersion": 3, "id": 4294966978, "name": "spatial_ref_sys", "nextColumnId": 6, "nextConstraintId": 2, "nextIndexId": 2, "nextMutationId": 1, "primaryIndex": {"constraintId": 1, "foreignKey": {}, "geoConfig": {}, "id": 1, "interleave": {}, "partitioning": {}, "sharded": {}}, "privileges": {"ownerProto": "node", "users": [{"privileges": "32", "userProto": "public"}], "version": 2}, "replacementOf": {"time": {}}, "unexposedParentSchemaId": 4294966981, "version": "1"}} 4294966979 {"table": {"columns": [{"id": 1, "name": "f_table_catalog", "nullable": true, "type": {"family": 11, "oid": 19}}, {"id": 2, "name": "f_table_schema", "nullable": true, "type": {"family": 11, "oid": 19}}, {"id": 3, "name": "f_table_name", "nullable": true, "type": {"family": 11, "oid": 19}}, {"id": 4, "name": "f_geometry_column", "nullable": true, "type": {"family": 11, "oid": 19}}, {"id": 5, "name": "coord_dimension", "nullable": true, "type": {"family": "IntFamily", "oid": 20, "width": 64}}, {"id": 6, "name": "srid", "nullable": true, "type": {"family": "IntFamily", "oid": 20, "width": 64}}, {"id": 7, "name": "type", "nullable": true, "type": {"family": "StringFamily", "oid": 25}}], "formatVersion": 3, "id": 4294966979, "name": "geometry_columns", "nextColumnId": 8, "nextConstraintId": 2, "nextIndexId": 2, "nextMutationId": 1, "primaryIndex": {"constraintId": 1, "foreignKey": {}, "geoConfig": {}, "id": 1, "interleave": {}, "partitioning": {}, "sharded": {}}, "privileges": {"ownerProto": "node", "users": [{"privileges": "32", "userProto": "public"}], "version": 2}, "replacementOf": {"time": {}}, "unexposedParentSchemaId": 4294966981, "version": "1"}} 4294966980 {"table": {"columns": [{"id": 1, "name": "f_table_catalog", "nullable": true, "type": {"family": 11, "oid": 19}}, {"id": 2, "name": "f_table_schema", "nullable": true, "type": {"family": 11, "oid": 19}}, {"id": 3, "name": "f_table_name", "nullable": true, "type": {"family": 11, "oid": 19}}, {"id": 4, "name": "f_geography_column", "nullable": true, "type": {"family": 11, "oid": 19}}, {"id": 5, "name": "coord_dimension", "nullable": true, "type": {"family": "IntFamily", "oid": 20, "width": 64}}, {"id": 6, "name": "srid", "nullable": true, "type": {"family": "IntFamily", "oid": 20, "width": 64}}, {"id": 7, "name": "type", "nullable": true, "type": {"family": "StringFamily", "oid": 25}}], "formatVersion": 3, "id": 4294966980, "name": "geography_columns", "nextColumnId": 8, "nextConstraintId": 2, "nextIndexId": 2, "nextMutationId": 1, "primaryIndex": {"constraintId": 1, "foreignKey": {}, "geoConfig": {}, "id": 1, "interleave": {}, "partitioning": {}, "sharded": {}}, "privileges": {"ownerProto": "node", "users": [{"privileges": "32", "userProto": "public"}], "version": 2}, "replacementOf": {"time": {}}, "unexposedParentSchemaId": 4294966981, "version": "1"}} diff --git a/pkg/sql/logictest/testdata/logic_test/crdb_internal_default_privileges b/pkg/sql/logictest/testdata/logic_test/crdb_internal_default_privileges index 6f5befe41f99..7a77246906e7 100644 --- a/pkg/sql/logictest/testdata/logic_test/crdb_internal_default_privileges +++ b/pkg/sql/logictest/testdata/logic_test/crdb_internal_default_privileges @@ -14,79 +14,95 @@ defaultdb NULL admin false types admin ALL defaultdb NULL admin false schemas admin ALL true defaultdb NULL admin false functions admin ALL true defaultdb NULL admin false types public USAGE false +defaultdb NULL admin false functions public EXECUTE false defaultdb NULL root false tables root ALL true defaultdb NULL root false sequences root ALL true defaultdb NULL root false types root ALL true defaultdb NULL root false schemas root ALL true defaultdb NULL root false functions root ALL true defaultdb NULL root false types public USAGE false +defaultdb NULL root false functions public EXECUTE false defaultdb NULL testuser false tables testuser ALL true defaultdb NULL testuser false sequences testuser ALL true defaultdb NULL testuser false types testuser ALL true defaultdb NULL testuser false schemas testuser ALL true defaultdb NULL testuser false functions testuser ALL true defaultdb NULL testuser false types public USAGE false +defaultdb NULL testuser false functions public EXECUTE false defaultdb NULL NULL true types public USAGE false +defaultdb NULL NULL true functions public EXECUTE false postgres NULL admin false tables admin ALL true postgres NULL admin false sequences admin ALL true postgres NULL admin false types admin ALL true postgres NULL admin false schemas admin ALL true postgres NULL admin false functions admin ALL true postgres NULL admin false types public USAGE false +postgres NULL admin false functions public EXECUTE false postgres NULL root false tables root ALL true postgres NULL root false sequences root ALL true postgres NULL root false types root ALL true postgres NULL root false schemas root ALL true postgres NULL root false functions root ALL true postgres NULL root false types public USAGE false +postgres NULL root false functions public EXECUTE false postgres NULL testuser false tables testuser ALL true postgres NULL testuser false sequences testuser ALL true postgres NULL testuser false types testuser ALL true postgres NULL testuser false schemas testuser ALL true postgres NULL testuser false functions testuser ALL true postgres NULL testuser false types public USAGE false +postgres NULL testuser false functions public EXECUTE false postgres NULL NULL true types public USAGE false +postgres NULL NULL true functions public EXECUTE false system NULL admin false tables admin ALL true system NULL admin false sequences admin ALL true system NULL admin false types admin ALL true system NULL admin false schemas admin ALL true system NULL admin false functions admin ALL true system NULL admin false types public USAGE false +system NULL admin false functions public EXECUTE false system NULL root false tables root ALL true system NULL root false sequences root ALL true system NULL root false types root ALL true system NULL root false schemas root ALL true system NULL root false functions root ALL true system NULL root false types public USAGE false +system NULL root false functions public EXECUTE false system NULL testuser false tables testuser ALL true system NULL testuser false sequences testuser ALL true system NULL testuser false types testuser ALL true system NULL testuser false schemas testuser ALL true system NULL testuser false functions testuser ALL true system NULL testuser false types public USAGE false +system NULL testuser false functions public EXECUTE false system NULL NULL true types public USAGE false +system NULL NULL true functions public EXECUTE false test NULL admin false tables admin ALL true test NULL admin false sequences admin ALL true test NULL admin false types admin ALL true test NULL admin false schemas admin ALL true test NULL admin false functions admin ALL true test NULL admin false types public USAGE false +test NULL admin false functions public EXECUTE false +test NULL root false schemas public USAGE false test NULL root false tables public SELECT false test NULL root false sequences public SELECT false -test NULL root false schemas public USAGE false test NULL root false tables root ALL true test NULL root false sequences root ALL true test NULL root false types root ALL true test NULL root false schemas root ALL true test NULL root false functions root ALL true test NULL root false types public USAGE false +test NULL root false functions public EXECUTE false test NULL testuser false tables testuser ALL true test NULL testuser false sequences testuser ALL true test NULL testuser false types testuser ALL true test NULL testuser false schemas testuser ALL true test NULL testuser false functions testuser ALL true test NULL testuser false types public USAGE false +test NULL testuser false functions public EXECUTE false test NULL NULL true types public USAGE false +test NULL NULL true functions public EXECUTE false statement ok CREATE USER foo @@ -172,36 +188,42 @@ defaultdb NULL bar false types bar ALL defaultdb NULL bar false schemas bar ALL true defaultdb NULL bar false functions bar ALL true defaultdb NULL bar false types public USAGE false +defaultdb NULL bar false functions public EXECUTE false defaultdb NULL foo false tables foo ALL true defaultdb NULL foo false sequences foo ALL true defaultdb NULL foo false types foo ALL true defaultdb NULL foo false schemas foo ALL true defaultdb NULL foo false functions foo ALL true defaultdb NULL foo false types public USAGE false +defaultdb NULL foo false functions public EXECUTE false postgres NULL bar false tables bar ALL true postgres NULL bar false sequences bar ALL true postgres NULL bar false types bar ALL true postgres NULL bar false schemas bar ALL true postgres NULL bar false functions bar ALL true postgres NULL bar false types public USAGE false +postgres NULL bar false functions public EXECUTE false postgres NULL foo false tables foo ALL true postgres NULL foo false sequences foo ALL true postgres NULL foo false types foo ALL true postgres NULL foo false schemas foo ALL true postgres NULL foo false functions foo ALL true postgres NULL foo false types public USAGE false +postgres NULL foo false functions public EXECUTE false system NULL bar false tables bar ALL true system NULL bar false sequences bar ALL true system NULL bar false types bar ALL true system NULL bar false schemas bar ALL true system NULL bar false functions bar ALL true system NULL bar false types public USAGE false +system NULL bar false functions public EXECUTE false system NULL foo false tables foo ALL true system NULL foo false sequences foo ALL true system NULL foo false types foo ALL true system NULL foo false schemas foo ALL true system NULL foo false functions foo ALL true system NULL foo false types public USAGE false +system NULL foo false functions public EXECUTE false test NULL bar false tables foo ALL false test NULL bar false sequences foo ALL false test NULL bar false types foo ALL false @@ -212,6 +234,7 @@ test NULL bar false types bar ALL test NULL bar false schemas bar ALL true test NULL bar false functions bar ALL true test NULL bar false types public USAGE false +test NULL bar false functions public EXECUTE false test NULL foo false sequences bar ALL false test NULL foo false types bar ALL false test NULL foo false schemas bar ALL false @@ -222,6 +245,7 @@ test NULL foo false types foo ALL test NULL foo false schemas foo ALL true test NULL foo false functions foo ALL true test NULL foo false types public USAGE false +test NULL foo false functions public EXECUTE false statement ok ALTER DEFAULT PRIVILEGES FOR ROLE foo, bar REVOKE ALL ON TABLES FROM foo, bar; @@ -239,103 +263,127 @@ defaultdb NULL admin false types admin ALL defaultdb NULL admin false schemas admin ALL true defaultdb NULL admin false functions admin ALL true defaultdb NULL admin false types public USAGE false +defaultdb NULL admin false functions public EXECUTE false defaultdb NULL bar false tables bar ALL true defaultdb NULL bar false sequences bar ALL true defaultdb NULL bar false types bar ALL true defaultdb NULL bar false schemas bar ALL true defaultdb NULL bar false functions bar ALL true defaultdb NULL bar false types public USAGE false +defaultdb NULL bar false functions public EXECUTE false defaultdb NULL foo false tables foo ALL true defaultdb NULL foo false sequences foo ALL true defaultdb NULL foo false types foo ALL true defaultdb NULL foo false schemas foo ALL true defaultdb NULL foo false functions foo ALL true defaultdb NULL foo false types public USAGE false +defaultdb NULL foo false functions public EXECUTE false defaultdb NULL root false tables root ALL true defaultdb NULL root false sequences root ALL true defaultdb NULL root false types root ALL true defaultdb NULL root false schemas root ALL true defaultdb NULL root false functions root ALL true defaultdb NULL root false types public USAGE false +defaultdb NULL root false functions public EXECUTE false defaultdb NULL testuser false tables testuser ALL true defaultdb NULL testuser false sequences testuser ALL true defaultdb NULL testuser false types testuser ALL true defaultdb NULL testuser false schemas testuser ALL true defaultdb NULL testuser false functions testuser ALL true defaultdb NULL testuser false types public USAGE false +defaultdb NULL testuser false functions public EXECUTE false defaultdb NULL NULL true types public USAGE false +defaultdb NULL NULL true functions public EXECUTE false postgres NULL admin false tables admin ALL true postgres NULL admin false sequences admin ALL true postgres NULL admin false types admin ALL true postgres NULL admin false schemas admin ALL true postgres NULL admin false functions admin ALL true postgres NULL admin false types public USAGE false +postgres NULL admin false functions public EXECUTE false postgres NULL bar false tables bar ALL true postgres NULL bar false sequences bar ALL true postgres NULL bar false types bar ALL true postgres NULL bar false schemas bar ALL true postgres NULL bar false functions bar ALL true postgres NULL bar false types public USAGE false +postgres NULL bar false functions public EXECUTE false postgres NULL foo false tables foo ALL true postgres NULL foo false sequences foo ALL true postgres NULL foo false types foo ALL true postgres NULL foo false schemas foo ALL true postgres NULL foo false functions foo ALL true postgres NULL foo false types public USAGE false +postgres NULL foo false functions public EXECUTE false postgres NULL root false tables root ALL true postgres NULL root false sequences root ALL true postgres NULL root false types root ALL true postgres NULL root false schemas root ALL true postgres NULL root false functions root ALL true postgres NULL root false types public USAGE false +postgres NULL root false functions public EXECUTE false postgres NULL testuser false tables testuser ALL true postgres NULL testuser false sequences testuser ALL true postgres NULL testuser false types testuser ALL true postgres NULL testuser false schemas testuser ALL true postgres NULL testuser false functions testuser ALL true postgres NULL testuser false types public USAGE false +postgres NULL testuser false functions public EXECUTE false postgres NULL NULL true types public USAGE false +postgres NULL NULL true functions public EXECUTE false system NULL admin false tables admin ALL true system NULL admin false sequences admin ALL true system NULL admin false types admin ALL true system NULL admin false schemas admin ALL true system NULL admin false functions admin ALL true system NULL admin false types public USAGE false +system NULL admin false functions public EXECUTE false system NULL bar false tables bar ALL true system NULL bar false sequences bar ALL true system NULL bar false types bar ALL true system NULL bar false schemas bar ALL true system NULL bar false functions bar ALL true system NULL bar false types public USAGE false +system NULL bar false functions public EXECUTE false system NULL foo false tables foo ALL true system NULL foo false sequences foo ALL true system NULL foo false types foo ALL true system NULL foo false schemas foo ALL true system NULL foo false functions foo ALL true system NULL foo false types public USAGE false +system NULL foo false functions public EXECUTE false system NULL root false tables root ALL true system NULL root false sequences root ALL true system NULL root false types root ALL true system NULL root false schemas root ALL true system NULL root false functions root ALL true system NULL root false types public USAGE false +system NULL root false functions public EXECUTE false system NULL testuser false tables testuser ALL true system NULL testuser false sequences testuser ALL true system NULL testuser false types testuser ALL true system NULL testuser false schemas testuser ALL true system NULL testuser false functions testuser ALL true system NULL testuser false types public USAGE false +system NULL testuser false functions public EXECUTE false system NULL NULL true types public USAGE false +system NULL NULL true functions public EXECUTE false test NULL admin false tables admin ALL true test NULL admin false sequences admin ALL true test NULL admin false types admin ALL true test NULL admin false schemas admin ALL true test NULL admin false functions admin ALL true test NULL admin false types public USAGE false +test NULL admin false functions public EXECUTE false test NULL bar false functions bar ALL true test NULL bar false types public USAGE false +test NULL bar false functions public EXECUTE false test NULL foo false functions foo ALL true test NULL foo false types public USAGE false +test NULL foo false functions public EXECUTE false +test NULL root false schemas bar ALL false +test NULL root false schemas foo ALL false +test NULL root false schemas public USAGE false test NULL root false tables bar ALL false test NULL root false tables foo ALL false test NULL root false tables public SELECT false @@ -344,22 +392,22 @@ test NULL root false sequences foo ALL test NULL root false sequences public SELECT false test NULL root false types bar ALL false test NULL root false types foo ALL false -test NULL root false schemas bar ALL false -test NULL root false schemas foo ALL false -test NULL root false schemas public USAGE false test NULL root false tables root ALL true test NULL root false sequences root ALL true test NULL root false types root ALL true test NULL root false schemas root ALL true test NULL root false functions root ALL true test NULL root false types public USAGE false +test NULL root false functions public EXECUTE false test NULL testuser false tables testuser ALL true test NULL testuser false sequences testuser ALL true test NULL testuser false types testuser ALL true test NULL testuser false schemas testuser ALL true test NULL testuser false functions testuser ALL true test NULL testuser false types public USAGE false +test NULL testuser false functions public EXECUTE false test NULL NULL true types public USAGE false +test NULL NULL true functions public EXECUTE false statement ok ALTER DEFAULT PRIVILEGES REVOKE SELECT ON TABLES FROM foo, bar, public; @@ -377,103 +425,124 @@ defaultdb NULL admin false types admin ALL defaultdb NULL admin false schemas admin ALL true defaultdb NULL admin false functions admin ALL true defaultdb NULL admin false types public USAGE false +defaultdb NULL admin false functions public EXECUTE false defaultdb NULL bar false tables bar ALL true defaultdb NULL bar false sequences bar ALL true defaultdb NULL bar false types bar ALL true defaultdb NULL bar false schemas bar ALL true defaultdb NULL bar false functions bar ALL true defaultdb NULL bar false types public USAGE false +defaultdb NULL bar false functions public EXECUTE false defaultdb NULL foo false tables foo ALL true defaultdb NULL foo false sequences foo ALL true defaultdb NULL foo false types foo ALL true defaultdb NULL foo false schemas foo ALL true defaultdb NULL foo false functions foo ALL true defaultdb NULL foo false types public USAGE false +defaultdb NULL foo false functions public EXECUTE false defaultdb NULL root false tables root ALL true defaultdb NULL root false sequences root ALL true defaultdb NULL root false types root ALL true defaultdb NULL root false schemas root ALL true defaultdb NULL root false functions root ALL true defaultdb NULL root false types public USAGE false +defaultdb NULL root false functions public EXECUTE false defaultdb NULL testuser false tables testuser ALL true defaultdb NULL testuser false sequences testuser ALL true defaultdb NULL testuser false types testuser ALL true defaultdb NULL testuser false schemas testuser ALL true defaultdb NULL testuser false functions testuser ALL true defaultdb NULL testuser false types public USAGE false +defaultdb NULL testuser false functions public EXECUTE false defaultdb NULL NULL true types public USAGE false +defaultdb NULL NULL true functions public EXECUTE false postgres NULL admin false tables admin ALL true postgres NULL admin false sequences admin ALL true postgres NULL admin false types admin ALL true postgres NULL admin false schemas admin ALL true postgres NULL admin false functions admin ALL true postgres NULL admin false types public USAGE false +postgres NULL admin false functions public EXECUTE false postgres NULL bar false tables bar ALL true postgres NULL bar false sequences bar ALL true postgres NULL bar false types bar ALL true postgres NULL bar false schemas bar ALL true postgres NULL bar false functions bar ALL true postgres NULL bar false types public USAGE false +postgres NULL bar false functions public EXECUTE false postgres NULL foo false tables foo ALL true postgres NULL foo false sequences foo ALL true postgres NULL foo false types foo ALL true postgres NULL foo false schemas foo ALL true postgres NULL foo false functions foo ALL true postgres NULL foo false types public USAGE false +postgres NULL foo false functions public EXECUTE false postgres NULL root false tables root ALL true postgres NULL root false sequences root ALL true postgres NULL root false types root ALL true postgres NULL root false schemas root ALL true postgres NULL root false functions root ALL true postgres NULL root false types public USAGE false +postgres NULL root false functions public EXECUTE false postgres NULL testuser false tables testuser ALL true postgres NULL testuser false sequences testuser ALL true postgres NULL testuser false types testuser ALL true postgres NULL testuser false schemas testuser ALL true postgres NULL testuser false functions testuser ALL true postgres NULL testuser false types public USAGE false +postgres NULL testuser false functions public EXECUTE false postgres NULL NULL true types public USAGE false +postgres NULL NULL true functions public EXECUTE false system NULL admin false tables admin ALL true system NULL admin false sequences admin ALL true system NULL admin false types admin ALL true system NULL admin false schemas admin ALL true system NULL admin false functions admin ALL true system NULL admin false types public USAGE false +system NULL admin false functions public EXECUTE false system NULL bar false tables bar ALL true system NULL bar false sequences bar ALL true system NULL bar false types bar ALL true system NULL bar false schemas bar ALL true system NULL bar false functions bar ALL true system NULL bar false types public USAGE false +system NULL bar false functions public EXECUTE false system NULL foo false tables foo ALL true system NULL foo false sequences foo ALL true system NULL foo false types foo ALL true system NULL foo false schemas foo ALL true system NULL foo false functions foo ALL true system NULL foo false types public USAGE false +system NULL foo false functions public EXECUTE false system NULL root false tables root ALL true system NULL root false sequences root ALL true system NULL root false types root ALL true system NULL root false schemas root ALL true system NULL root false functions root ALL true system NULL root false types public USAGE false +system NULL root false functions public EXECUTE false system NULL testuser false tables testuser ALL true system NULL testuser false sequences testuser ALL true system NULL testuser false types testuser ALL true system NULL testuser false schemas testuser ALL true system NULL testuser false functions testuser ALL true system NULL testuser false types public USAGE false +system NULL testuser false functions public EXECUTE false system NULL NULL true types public USAGE false +system NULL NULL true functions public EXECUTE false test NULL admin false tables admin ALL true test NULL admin false sequences admin ALL true test NULL admin false types admin ALL true test NULL admin false schemas admin ALL true test NULL admin false functions admin ALL true test NULL admin false types public USAGE false +test NULL admin false functions public EXECUTE false test NULL bar false functions bar ALL true test NULL bar false types public USAGE false +test NULL bar false functions public EXECUTE false test NULL foo false functions foo ALL true test NULL foo false types public USAGE false +test NULL foo false functions public EXECUTE false test NULL root false tables bar BACKUP false test NULL root false tables bar CHANGEFEED false test NULL root false tables bar CREATE false @@ -495,13 +564,16 @@ test NULL root false sequences root ALL test NULL root false types root ALL true test NULL root false schemas root ALL true test NULL root false functions root ALL true +test NULL root false functions public EXECUTE false test NULL testuser false tables testuser ALL true test NULL testuser false sequences testuser ALL true test NULL testuser false types testuser ALL true test NULL testuser false schemas testuser ALL true test NULL testuser false functions testuser ALL true test NULL testuser false types public USAGE false +test NULL testuser false functions public EXECUTE false test NULL NULL true types public USAGE false +test NULL NULL true functions public EXECUTE false statement ok ALTER DEFAULT PRIVILEGES REVOKE ALL ON TABLES FROM foo, bar, public; @@ -517,103 +589,124 @@ defaultdb NULL admin false types admin ALL defaultdb NULL admin false schemas admin ALL true defaultdb NULL admin false functions admin ALL true defaultdb NULL admin false types public USAGE false +defaultdb NULL admin false functions public EXECUTE false defaultdb NULL bar false tables bar ALL true defaultdb NULL bar false sequences bar ALL true defaultdb NULL bar false types bar ALL true defaultdb NULL bar false schemas bar ALL true defaultdb NULL bar false functions bar ALL true defaultdb NULL bar false types public USAGE false +defaultdb NULL bar false functions public EXECUTE false defaultdb NULL foo false tables foo ALL true defaultdb NULL foo false sequences foo ALL true defaultdb NULL foo false types foo ALL true defaultdb NULL foo false schemas foo ALL true defaultdb NULL foo false functions foo ALL true defaultdb NULL foo false types public USAGE false +defaultdb NULL foo false functions public EXECUTE false defaultdb NULL root false tables root ALL true defaultdb NULL root false sequences root ALL true defaultdb NULL root false types root ALL true defaultdb NULL root false schemas root ALL true defaultdb NULL root false functions root ALL true defaultdb NULL root false types public USAGE false +defaultdb NULL root false functions public EXECUTE false defaultdb NULL testuser false tables testuser ALL true defaultdb NULL testuser false sequences testuser ALL true defaultdb NULL testuser false types testuser ALL true defaultdb NULL testuser false schemas testuser ALL true defaultdb NULL testuser false functions testuser ALL true defaultdb NULL testuser false types public USAGE false +defaultdb NULL testuser false functions public EXECUTE false defaultdb NULL NULL true types public USAGE false +defaultdb NULL NULL true functions public EXECUTE false postgres NULL admin false tables admin ALL true postgres NULL admin false sequences admin ALL true postgres NULL admin false types admin ALL true postgres NULL admin false schemas admin ALL true postgres NULL admin false functions admin ALL true postgres NULL admin false types public USAGE false +postgres NULL admin false functions public EXECUTE false postgres NULL bar false tables bar ALL true postgres NULL bar false sequences bar ALL true postgres NULL bar false types bar ALL true postgres NULL bar false schemas bar ALL true postgres NULL bar false functions bar ALL true postgres NULL bar false types public USAGE false +postgres NULL bar false functions public EXECUTE false postgres NULL foo false tables foo ALL true postgres NULL foo false sequences foo ALL true postgres NULL foo false types foo ALL true postgres NULL foo false schemas foo ALL true postgres NULL foo false functions foo ALL true postgres NULL foo false types public USAGE false +postgres NULL foo false functions public EXECUTE false postgres NULL root false tables root ALL true postgres NULL root false sequences root ALL true postgres NULL root false types root ALL true postgres NULL root false schemas root ALL true postgres NULL root false functions root ALL true postgres NULL root false types public USAGE false +postgres NULL root false functions public EXECUTE false postgres NULL testuser false tables testuser ALL true postgres NULL testuser false sequences testuser ALL true postgres NULL testuser false types testuser ALL true postgres NULL testuser false schemas testuser ALL true postgres NULL testuser false functions testuser ALL true postgres NULL testuser false types public USAGE false +postgres NULL testuser false functions public EXECUTE false postgres NULL NULL true types public USAGE false +postgres NULL NULL true functions public EXECUTE false system NULL admin false tables admin ALL true system NULL admin false sequences admin ALL true system NULL admin false types admin ALL true system NULL admin false schemas admin ALL true system NULL admin false functions admin ALL true system NULL admin false types public USAGE false +system NULL admin false functions public EXECUTE false system NULL bar false tables bar ALL true system NULL bar false sequences bar ALL true system NULL bar false types bar ALL true system NULL bar false schemas bar ALL true system NULL bar false functions bar ALL true system NULL bar false types public USAGE false +system NULL bar false functions public EXECUTE false system NULL foo false tables foo ALL true system NULL foo false sequences foo ALL true system NULL foo false types foo ALL true system NULL foo false schemas foo ALL true system NULL foo false functions foo ALL true system NULL foo false types public USAGE false +system NULL foo false functions public EXECUTE false system NULL root false tables root ALL true system NULL root false sequences root ALL true system NULL root false types root ALL true system NULL root false schemas root ALL true system NULL root false functions root ALL true system NULL root false types public USAGE false +system NULL root false functions public EXECUTE false system NULL testuser false tables testuser ALL true system NULL testuser false sequences testuser ALL true system NULL testuser false types testuser ALL true system NULL testuser false schemas testuser ALL true system NULL testuser false functions testuser ALL true system NULL testuser false types public USAGE false +system NULL testuser false functions public EXECUTE false system NULL NULL true types public USAGE false +system NULL NULL true functions public EXECUTE false test NULL admin false tables admin ALL true test NULL admin false sequences admin ALL true test NULL admin false types admin ALL true test NULL admin false schemas admin ALL true test NULL admin false functions admin ALL true test NULL admin false types public USAGE false +test NULL admin false functions public EXECUTE false test NULL bar false functions bar ALL true test NULL bar false types public USAGE false +test NULL bar false functions public EXECUTE false test NULL foo false functions foo ALL true test NULL foo false types public USAGE false +test NULL foo false functions public EXECUTE false test NULL root false tables foo DROP true test NULL root false tables foo ZONECONFIG true test NULL root false tables root ALL true @@ -621,13 +714,16 @@ test NULL root false sequences root ALL test NULL root false types root ALL true test NULL root false schemas root ALL true test NULL root false functions root ALL true +test NULL root false functions public EXECUTE false test NULL testuser false tables testuser ALL true test NULL testuser false sequences testuser ALL true test NULL testuser false types testuser ALL true test NULL testuser false schemas testuser ALL true test NULL testuser false functions testuser ALL true test NULL testuser false types public USAGE false +test NULL testuser false functions public EXECUTE false test NULL NULL true types public USAGE false +test NULL NULL true functions public EXECUTE false # Create a second database. statement ok @@ -647,103 +743,124 @@ defaultdb NULL admin false types admin ALL defaultdb NULL admin false schemas admin ALL true defaultdb NULL admin false functions admin ALL true defaultdb NULL admin false types public USAGE false +defaultdb NULL admin false functions public EXECUTE false defaultdb NULL bar false tables bar ALL true defaultdb NULL bar false sequences bar ALL true defaultdb NULL bar false types bar ALL true defaultdb NULL bar false schemas bar ALL true defaultdb NULL bar false functions bar ALL true defaultdb NULL bar false types public USAGE false +defaultdb NULL bar false functions public EXECUTE false defaultdb NULL foo false tables foo ALL true defaultdb NULL foo false sequences foo ALL true defaultdb NULL foo false types foo ALL true defaultdb NULL foo false schemas foo ALL true defaultdb NULL foo false functions foo ALL true defaultdb NULL foo false types public USAGE false +defaultdb NULL foo false functions public EXECUTE false defaultdb NULL root false tables root ALL true defaultdb NULL root false sequences root ALL true defaultdb NULL root false types root ALL true defaultdb NULL root false schemas root ALL true defaultdb NULL root false functions root ALL true defaultdb NULL root false types public USAGE false +defaultdb NULL root false functions public EXECUTE false defaultdb NULL testuser false tables testuser ALL true defaultdb NULL testuser false sequences testuser ALL true defaultdb NULL testuser false types testuser ALL true defaultdb NULL testuser false schemas testuser ALL true defaultdb NULL testuser false functions testuser ALL true defaultdb NULL testuser false types public USAGE false +defaultdb NULL testuser false functions public EXECUTE false defaultdb NULL NULL true types public USAGE false +defaultdb NULL NULL true functions public EXECUTE false postgres NULL admin false tables admin ALL true postgres NULL admin false sequences admin ALL true postgres NULL admin false types admin ALL true postgres NULL admin false schemas admin ALL true postgres NULL admin false functions admin ALL true postgres NULL admin false types public USAGE false +postgres NULL admin false functions public EXECUTE false postgres NULL bar false tables bar ALL true postgres NULL bar false sequences bar ALL true postgres NULL bar false types bar ALL true postgres NULL bar false schemas bar ALL true postgres NULL bar false functions bar ALL true postgres NULL bar false types public USAGE false +postgres NULL bar false functions public EXECUTE false postgres NULL foo false tables foo ALL true postgres NULL foo false sequences foo ALL true postgres NULL foo false types foo ALL true postgres NULL foo false schemas foo ALL true postgres NULL foo false functions foo ALL true postgres NULL foo false types public USAGE false +postgres NULL foo false functions public EXECUTE false postgres NULL root false tables root ALL true postgres NULL root false sequences root ALL true postgres NULL root false types root ALL true postgres NULL root false schemas root ALL true postgres NULL root false functions root ALL true postgres NULL root false types public USAGE false +postgres NULL root false functions public EXECUTE false postgres NULL testuser false tables testuser ALL true postgres NULL testuser false sequences testuser ALL true postgres NULL testuser false types testuser ALL true postgres NULL testuser false schemas testuser ALL true postgres NULL testuser false functions testuser ALL true postgres NULL testuser false types public USAGE false +postgres NULL testuser false functions public EXECUTE false postgres NULL NULL true types public USAGE false +postgres NULL NULL true functions public EXECUTE false system NULL admin false tables admin ALL true system NULL admin false sequences admin ALL true system NULL admin false types admin ALL true system NULL admin false schemas admin ALL true system NULL admin false functions admin ALL true system NULL admin false types public USAGE false +system NULL admin false functions public EXECUTE false system NULL bar false tables bar ALL true system NULL bar false sequences bar ALL true system NULL bar false types bar ALL true system NULL bar false schemas bar ALL true system NULL bar false functions bar ALL true system NULL bar false types public USAGE false +system NULL bar false functions public EXECUTE false system NULL foo false tables foo ALL true system NULL foo false sequences foo ALL true system NULL foo false types foo ALL true system NULL foo false schemas foo ALL true system NULL foo false functions foo ALL true system NULL foo false types public USAGE false +system NULL foo false functions public EXECUTE false system NULL root false tables root ALL true system NULL root false sequences root ALL true system NULL root false types root ALL true system NULL root false schemas root ALL true system NULL root false functions root ALL true system NULL root false types public USAGE false +system NULL root false functions public EXECUTE false system NULL testuser false tables testuser ALL true system NULL testuser false sequences testuser ALL true system NULL testuser false types testuser ALL true system NULL testuser false schemas testuser ALL true system NULL testuser false functions testuser ALL true system NULL testuser false types public USAGE false +system NULL testuser false functions public EXECUTE false system NULL NULL true types public USAGE false +system NULL NULL true functions public EXECUTE false test NULL admin false tables admin ALL true test NULL admin false sequences admin ALL true test NULL admin false types admin ALL true test NULL admin false schemas admin ALL true test NULL admin false functions admin ALL true test NULL admin false types public USAGE false +test NULL admin false functions public EXECUTE false test NULL bar false functions bar ALL true test NULL bar false types public USAGE false +test NULL bar false functions public EXECUTE false test NULL foo false functions foo ALL true test NULL foo false types public USAGE false +test NULL foo false functions public EXECUTE false test NULL root false tables foo DROP true test NULL root false tables foo ZONECONFIG true test NULL root false tables root ALL true @@ -751,31 +868,37 @@ test NULL root false sequences root ALL test NULL root false types root ALL true test NULL root false schemas root ALL true test NULL root false functions root ALL true +test NULL root false functions public EXECUTE false test NULL testuser false tables testuser ALL true test NULL testuser false sequences testuser ALL true test NULL testuser false types testuser ALL true test NULL testuser false schemas testuser ALL true test NULL testuser false functions testuser ALL true test NULL testuser false types public USAGE false +test NULL testuser false functions public EXECUTE false test NULL NULL true types public USAGE false +test NULL NULL true functions public EXECUTE false test2 NULL admin false tables admin ALL true test2 NULL admin false sequences admin ALL true test2 NULL admin false types admin ALL true test2 NULL admin false schemas admin ALL true test2 NULL admin false functions admin ALL true test2 NULL admin false types public USAGE false +test2 NULL admin false functions public EXECUTE false test2 NULL bar false tables bar ALL true test2 NULL bar false sequences bar ALL true test2 NULL bar false types bar ALL true test2 NULL bar false schemas bar ALL true test2 NULL bar false functions bar ALL true test2 NULL bar false types public USAGE false +test2 NULL bar false functions public EXECUTE false test2 NULL foo false tables foo ALL true test2 NULL foo false sequences foo ALL true test2 NULL foo false types foo ALL true test2 NULL foo false schemas foo ALL true test2 NULL foo false functions foo ALL true test2 NULL foo false types public USAGE false +test2 NULL foo false functions public EXECUTE false test2 NULL root false tables foo DROP true test2 NULL root false tables foo ZONECONFIG true test2 NULL root false tables root ALL true @@ -784,13 +907,16 @@ test2 NULL root false types root ALL test2 NULL root false schemas root ALL true test2 NULL root false functions root ALL true test2 NULL root false types public USAGE false +test2 NULL root false functions public EXECUTE false test2 NULL testuser false tables testuser ALL true test2 NULL testuser false sequences testuser ALL true test2 NULL testuser false types testuser ALL true test2 NULL testuser false schemas testuser ALL true test2 NULL testuser false functions testuser ALL true test2 NULL testuser false types public USAGE false +test2 NULL testuser false functions public EXECUTE false test2 NULL NULL true types public USAGE false +test2 NULL NULL true functions public EXECUTE false statement ok ALTER DEFAULT PRIVILEGES FOR ALL ROLES GRANT SELECT ON TABLES TO foo; @@ -805,103 +931,124 @@ defaultdb NULL admin false types admin ALL defaultdb NULL admin false schemas admin ALL true defaultdb NULL admin false functions admin ALL true defaultdb NULL admin false types public USAGE false +defaultdb NULL admin false functions public EXECUTE false defaultdb NULL bar false tables bar ALL true defaultdb NULL bar false sequences bar ALL true defaultdb NULL bar false types bar ALL true defaultdb NULL bar false schemas bar ALL true defaultdb NULL bar false functions bar ALL true defaultdb NULL bar false types public USAGE false +defaultdb NULL bar false functions public EXECUTE false defaultdb NULL foo false tables foo ALL true defaultdb NULL foo false sequences foo ALL true defaultdb NULL foo false types foo ALL true defaultdb NULL foo false schemas foo ALL true defaultdb NULL foo false functions foo ALL true defaultdb NULL foo false types public USAGE false +defaultdb NULL foo false functions public EXECUTE false defaultdb NULL root false tables root ALL true defaultdb NULL root false sequences root ALL true defaultdb NULL root false types root ALL true defaultdb NULL root false schemas root ALL true defaultdb NULL root false functions root ALL true defaultdb NULL root false types public USAGE false +defaultdb NULL root false functions public EXECUTE false defaultdb NULL testuser false tables testuser ALL true defaultdb NULL testuser false sequences testuser ALL true defaultdb NULL testuser false types testuser ALL true defaultdb NULL testuser false schemas testuser ALL true defaultdb NULL testuser false functions testuser ALL true defaultdb NULL testuser false types public USAGE false +defaultdb NULL testuser false functions public EXECUTE false defaultdb NULL NULL true types public USAGE false +defaultdb NULL NULL true functions public EXECUTE false postgres NULL admin false tables admin ALL true postgres NULL admin false sequences admin ALL true postgres NULL admin false types admin ALL true postgres NULL admin false schemas admin ALL true postgres NULL admin false functions admin ALL true postgres NULL admin false types public USAGE false +postgres NULL admin false functions public EXECUTE false postgres NULL bar false tables bar ALL true postgres NULL bar false sequences bar ALL true postgres NULL bar false types bar ALL true postgres NULL bar false schemas bar ALL true postgres NULL bar false functions bar ALL true postgres NULL bar false types public USAGE false +postgres NULL bar false functions public EXECUTE false postgres NULL foo false tables foo ALL true postgres NULL foo false sequences foo ALL true postgres NULL foo false types foo ALL true postgres NULL foo false schemas foo ALL true postgres NULL foo false functions foo ALL true postgres NULL foo false types public USAGE false +postgres NULL foo false functions public EXECUTE false postgres NULL root false tables root ALL true postgres NULL root false sequences root ALL true postgres NULL root false types root ALL true postgres NULL root false schemas root ALL true postgres NULL root false functions root ALL true postgres NULL root false types public USAGE false +postgres NULL root false functions public EXECUTE false postgres NULL testuser false tables testuser ALL true postgres NULL testuser false sequences testuser ALL true postgres NULL testuser false types testuser ALL true postgres NULL testuser false schemas testuser ALL true postgres NULL testuser false functions testuser ALL true postgres NULL testuser false types public USAGE false +postgres NULL testuser false functions public EXECUTE false postgres NULL NULL true types public USAGE false +postgres NULL NULL true functions public EXECUTE false system NULL admin false tables admin ALL true system NULL admin false sequences admin ALL true system NULL admin false types admin ALL true system NULL admin false schemas admin ALL true system NULL admin false functions admin ALL true system NULL admin false types public USAGE false +system NULL admin false functions public EXECUTE false system NULL bar false tables bar ALL true system NULL bar false sequences bar ALL true system NULL bar false types bar ALL true system NULL bar false schemas bar ALL true system NULL bar false functions bar ALL true system NULL bar false types public USAGE false +system NULL bar false functions public EXECUTE false system NULL foo false tables foo ALL true system NULL foo false sequences foo ALL true system NULL foo false types foo ALL true system NULL foo false schemas foo ALL true system NULL foo false functions foo ALL true system NULL foo false types public USAGE false +system NULL foo false functions public EXECUTE false system NULL root false tables root ALL true system NULL root false sequences root ALL true system NULL root false types root ALL true system NULL root false schemas root ALL true system NULL root false functions root ALL true system NULL root false types public USAGE false +system NULL root false functions public EXECUTE false system NULL testuser false tables testuser ALL true system NULL testuser false sequences testuser ALL true system NULL testuser false types testuser ALL true system NULL testuser false schemas testuser ALL true system NULL testuser false functions testuser ALL true system NULL testuser false types public USAGE false +system NULL testuser false functions public EXECUTE false system NULL NULL true types public USAGE false +system NULL NULL true functions public EXECUTE false test NULL admin false tables admin ALL true test NULL admin false sequences admin ALL true test NULL admin false types admin ALL true test NULL admin false schemas admin ALL true test NULL admin false functions admin ALL true test NULL admin false types public USAGE false +test NULL admin false functions public EXECUTE false test NULL bar false functions bar ALL true test NULL bar false types public USAGE false +test NULL bar false functions public EXECUTE false test NULL foo false functions foo ALL true test NULL foo false types public USAGE false +test NULL foo false functions public EXECUTE false test NULL root false tables foo DROP true test NULL root false tables foo ZONECONFIG true test NULL root false tables root ALL true @@ -909,31 +1056,37 @@ test NULL root false sequences root ALL test NULL root false types root ALL true test NULL root false schemas root ALL true test NULL root false functions root ALL true +test NULL root false functions public EXECUTE false test NULL testuser false tables testuser ALL true test NULL testuser false sequences testuser ALL true test NULL testuser false types testuser ALL true test NULL testuser false schemas testuser ALL true test NULL testuser false functions testuser ALL true test NULL testuser false types public USAGE false +test NULL testuser false functions public EXECUTE false test NULL NULL true types public USAGE false +test NULL NULL true functions public EXECUTE false test2 NULL admin false tables admin ALL true test2 NULL admin false sequences admin ALL true test2 NULL admin false types admin ALL true test2 NULL admin false schemas admin ALL true test2 NULL admin false functions admin ALL true test2 NULL admin false types public USAGE false +test2 NULL admin false functions public EXECUTE false test2 NULL bar false tables bar ALL true test2 NULL bar false sequences bar ALL true test2 NULL bar false types bar ALL true test2 NULL bar false schemas bar ALL true test2 NULL bar false functions bar ALL true test2 NULL bar false types public USAGE false +test2 NULL bar false functions public EXECUTE false test2 NULL foo false tables foo ALL true test2 NULL foo false sequences foo ALL true test2 NULL foo false types foo ALL true test2 NULL foo false schemas foo ALL true test2 NULL foo false functions foo ALL true test2 NULL foo false types public USAGE false +test2 NULL foo false functions public EXECUTE false test2 NULL root false tables foo DROP true test2 NULL root false tables foo ZONECONFIG true test2 NULL root false tables root ALL true @@ -942,11 +1095,14 @@ test2 NULL root false types root ALL test2 NULL root false schemas root ALL true test2 NULL root false functions root ALL true test2 NULL root false types public USAGE false +test2 NULL root false functions public EXECUTE false test2 NULL testuser false tables testuser ALL true test2 NULL testuser false sequences testuser ALL true test2 NULL testuser false types testuser ALL true test2 NULL testuser false schemas testuser ALL true test2 NULL testuser false functions testuser ALL true test2 NULL testuser false types public USAGE false +test2 NULL testuser false functions public EXECUTE false test2 NULL NULL true tables foo SELECT false test2 NULL NULL true types public USAGE false +test2 NULL NULL true functions public EXECUTE false diff --git a/pkg/sql/logictest/testdata/logic_test/information_schema b/pkg/sql/logictest/testdata/logic_test/information_schema index 80a76e257ae9..b015713c87c7 100644 --- a/pkg/sql/logictest/testdata/logic_test/information_schema +++ b/pkg/sql/logictest/testdata/logic_test/information_schema @@ -5757,101 +5757,152 @@ WHERE reverse(split_part(reverse(specific_name), '_', 1))::INT < 50 ORDER BY specific_name, grantee; ---- grantor grantee specific_catalog specific_schema specific_name routine_catalog routine_schema routine_name privilege_type is_grantable +NULL admin test pg_catalog array_agg_1 test pg_catalog array_agg EXECUTE NO NULL public test pg_catalog array_agg_1 test pg_catalog array_agg EXECUTE NO NULL root test pg_catalog array_agg_1 test pg_catalog array_agg EXECUTE NO +NULL admin test pg_catalog array_agg_10 test pg_catalog array_agg EXECUTE NO NULL public test pg_catalog array_agg_10 test pg_catalog array_agg EXECUTE NO NULL root test pg_catalog array_agg_10 test pg_catalog array_agg EXECUTE NO +NULL admin test pg_catalog array_agg_11 test pg_catalog array_agg EXECUTE NO NULL public test pg_catalog array_agg_11 test pg_catalog array_agg EXECUTE NO NULL root test pg_catalog array_agg_11 test pg_catalog array_agg EXECUTE NO +NULL admin test pg_catalog array_agg_12 test pg_catalog array_agg EXECUTE NO NULL public test pg_catalog array_agg_12 test pg_catalog array_agg EXECUTE NO NULL root test pg_catalog array_agg_12 test pg_catalog array_agg EXECUTE NO +NULL admin test pg_catalog array_agg_13 test pg_catalog array_agg EXECUTE NO NULL public test pg_catalog array_agg_13 test pg_catalog array_agg EXECUTE NO NULL root test pg_catalog array_agg_13 test pg_catalog array_agg EXECUTE NO +NULL admin test pg_catalog array_agg_14 test pg_catalog array_agg EXECUTE NO NULL public test pg_catalog array_agg_14 test pg_catalog array_agg EXECUTE NO NULL root test pg_catalog array_agg_14 test pg_catalog array_agg EXECUTE NO +NULL admin test pg_catalog array_agg_15 test pg_catalog array_agg EXECUTE NO NULL public test pg_catalog array_agg_15 test pg_catalog array_agg EXECUTE NO NULL root test pg_catalog array_agg_15 test pg_catalog array_agg EXECUTE NO +NULL admin test pg_catalog array_agg_16 test pg_catalog array_agg EXECUTE NO NULL public test pg_catalog array_agg_16 test pg_catalog array_agg EXECUTE NO NULL root test pg_catalog array_agg_16 test pg_catalog array_agg EXECUTE NO +NULL admin test pg_catalog array_agg_17 test pg_catalog array_agg EXECUTE NO NULL public test pg_catalog array_agg_17 test pg_catalog array_agg EXECUTE NO NULL root test pg_catalog array_agg_17 test pg_catalog array_agg EXECUTE NO +NULL admin test pg_catalog array_agg_18 test pg_catalog array_agg EXECUTE NO NULL public test pg_catalog array_agg_18 test pg_catalog array_agg EXECUTE NO NULL root test pg_catalog array_agg_18 test pg_catalog array_agg EXECUTE NO +NULL admin test pg_catalog array_agg_19 test pg_catalog array_agg EXECUTE NO NULL public test pg_catalog array_agg_19 test pg_catalog array_agg EXECUTE NO NULL root test pg_catalog array_agg_19 test pg_catalog array_agg EXECUTE NO +NULL admin test pg_catalog array_agg_2 test pg_catalog array_agg EXECUTE NO NULL public test pg_catalog array_agg_2 test pg_catalog array_agg EXECUTE NO NULL root test pg_catalog array_agg_2 test pg_catalog array_agg EXECUTE NO +NULL admin test pg_catalog array_agg_20 test pg_catalog array_agg EXECUTE NO NULL public test pg_catalog array_agg_20 test pg_catalog array_agg EXECUTE NO NULL root test pg_catalog array_agg_20 test pg_catalog array_agg EXECUTE NO +NULL admin test pg_catalog array_agg_21 test pg_catalog array_agg EXECUTE NO NULL public test pg_catalog array_agg_21 test pg_catalog array_agg EXECUTE NO NULL root test pg_catalog array_agg_21 test pg_catalog array_agg EXECUTE NO +NULL admin test pg_catalog array_agg_22 test pg_catalog array_agg EXECUTE NO NULL public test pg_catalog array_agg_22 test pg_catalog array_agg EXECUTE NO NULL root test pg_catalog array_agg_22 test pg_catalog array_agg EXECUTE NO +NULL admin test pg_catalog array_agg_3 test pg_catalog array_agg EXECUTE NO NULL public test pg_catalog array_agg_3 test pg_catalog array_agg EXECUTE NO NULL root test pg_catalog array_agg_3 test pg_catalog array_agg EXECUTE NO +NULL admin test pg_catalog array_agg_4 test pg_catalog array_agg EXECUTE NO NULL public test pg_catalog array_agg_4 test pg_catalog array_agg EXECUTE NO NULL root test pg_catalog array_agg_4 test pg_catalog array_agg EXECUTE NO +NULL admin test pg_catalog array_agg_5 test pg_catalog array_agg EXECUTE NO NULL public test pg_catalog array_agg_5 test pg_catalog array_agg EXECUTE NO NULL root test pg_catalog array_agg_5 test pg_catalog array_agg EXECUTE NO +NULL admin test pg_catalog array_agg_6 test pg_catalog array_agg EXECUTE NO NULL public test pg_catalog array_agg_6 test pg_catalog array_agg EXECUTE NO NULL root test pg_catalog array_agg_6 test pg_catalog array_agg EXECUTE NO +NULL admin test pg_catalog array_agg_7 test pg_catalog array_agg EXECUTE NO NULL public test pg_catalog array_agg_7 test pg_catalog array_agg EXECUTE NO NULL root test pg_catalog array_agg_7 test pg_catalog array_agg EXECUTE NO +NULL admin test pg_catalog array_agg_8 test pg_catalog array_agg EXECUTE NO NULL public test pg_catalog array_agg_8 test pg_catalog array_agg EXECUTE NO NULL root test pg_catalog array_agg_8 test pg_catalog array_agg EXECUTE NO +NULL admin test pg_catalog array_agg_9 test pg_catalog array_agg EXECUTE NO NULL public test pg_catalog array_agg_9 test pg_catalog array_agg EXECUTE NO NULL root test pg_catalog array_agg_9 test pg_catalog array_agg EXECUTE NO +NULL admin test pg_catalog avg_23 test pg_catalog avg EXECUTE NO NULL public test pg_catalog avg_23 test pg_catalog avg EXECUTE NO NULL root test pg_catalog avg_23 test pg_catalog avg EXECUTE NO +NULL admin test pg_catalog avg_24 test pg_catalog avg EXECUTE NO NULL public test pg_catalog avg_24 test pg_catalog avg EXECUTE NO NULL root test pg_catalog avg_24 test pg_catalog avg EXECUTE NO +NULL admin test pg_catalog avg_25 test pg_catalog avg EXECUTE NO NULL public test pg_catalog avg_25 test pg_catalog avg EXECUTE NO NULL root test pg_catalog avg_25 test pg_catalog avg EXECUTE NO +NULL admin test pg_catalog avg_26 test pg_catalog avg EXECUTE NO NULL public test pg_catalog avg_26 test pg_catalog avg EXECUTE NO NULL root test pg_catalog avg_26 test pg_catalog avg EXECUTE NO +NULL admin test pg_catalog bit_and_27 test pg_catalog bit_and EXECUTE NO NULL public test pg_catalog bit_and_27 test pg_catalog bit_and EXECUTE NO NULL root test pg_catalog bit_and_27 test pg_catalog bit_and EXECUTE NO +NULL admin test pg_catalog bit_and_28 test pg_catalog bit_and EXECUTE NO NULL public test pg_catalog bit_and_28 test pg_catalog bit_and EXECUTE NO NULL root test pg_catalog bit_and_28 test pg_catalog bit_and EXECUTE NO +NULL admin test pg_catalog bit_or_29 test pg_catalog bit_or EXECUTE NO NULL public test pg_catalog bit_or_29 test pg_catalog bit_or EXECUTE NO NULL root test pg_catalog bit_or_29 test pg_catalog bit_or EXECUTE NO +NULL admin test pg_catalog bit_or_30 test pg_catalog bit_or EXECUTE NO NULL public test pg_catalog bit_or_30 test pg_catalog bit_or EXECUTE NO NULL root test pg_catalog bit_or_30 test pg_catalog bit_or EXECUTE NO +NULL admin test pg_catalog bool_and_31 test pg_catalog bool_and EXECUTE NO NULL public test pg_catalog bool_and_31 test pg_catalog bool_and EXECUTE NO NULL root test pg_catalog bool_and_31 test pg_catalog bool_and EXECUTE NO +NULL admin test pg_catalog bool_or_32 test pg_catalog bool_or EXECUTE NO NULL public test pg_catalog bool_or_32 test pg_catalog bool_or EXECUTE NO NULL root test pg_catalog bool_or_32 test pg_catalog bool_or EXECUTE NO +NULL admin test pg_catalog concat_agg_33 test pg_catalog concat_agg EXECUTE NO NULL public test pg_catalog concat_agg_33 test pg_catalog concat_agg EXECUTE NO NULL root test pg_catalog concat_agg_33 test pg_catalog concat_agg EXECUTE NO +NULL admin test pg_catalog concat_agg_34 test pg_catalog concat_agg EXECUTE NO NULL public test pg_catalog concat_agg_34 test pg_catalog concat_agg EXECUTE NO NULL root test pg_catalog concat_agg_34 test pg_catalog concat_agg EXECUTE NO +NULL admin test pg_catalog corr_35 test pg_catalog corr EXECUTE NO NULL public test pg_catalog corr_35 test pg_catalog corr EXECUTE NO NULL root test pg_catalog corr_35 test pg_catalog corr EXECUTE NO +NULL admin test pg_catalog corr_36 test pg_catalog corr EXECUTE NO NULL public test pg_catalog corr_36 test pg_catalog corr EXECUTE NO NULL root test pg_catalog corr_36 test pg_catalog corr EXECUTE NO +NULL admin test pg_catalog corr_37 test pg_catalog corr EXECUTE NO NULL public test pg_catalog corr_37 test pg_catalog corr EXECUTE NO NULL root test pg_catalog corr_37 test pg_catalog corr EXECUTE NO +NULL admin test pg_catalog corr_38 test pg_catalog corr EXECUTE NO NULL public test pg_catalog corr_38 test pg_catalog corr EXECUTE NO NULL root test pg_catalog corr_38 test pg_catalog corr EXECUTE NO +NULL admin test pg_catalog corr_39 test pg_catalog corr EXECUTE NO NULL public test pg_catalog corr_39 test pg_catalog corr EXECUTE NO NULL root test pg_catalog corr_39 test pg_catalog corr EXECUTE NO +NULL admin test pg_catalog corr_40 test pg_catalog corr EXECUTE NO NULL public test pg_catalog corr_40 test pg_catalog corr EXECUTE NO NULL root test pg_catalog corr_40 test pg_catalog corr EXECUTE NO +NULL admin test pg_catalog corr_41 test pg_catalog corr EXECUTE NO NULL public test pg_catalog corr_41 test pg_catalog corr EXECUTE NO NULL root test pg_catalog corr_41 test pg_catalog corr EXECUTE NO +NULL admin test pg_catalog corr_42 test pg_catalog corr EXECUTE NO NULL public test pg_catalog corr_42 test pg_catalog corr EXECUTE NO NULL root test pg_catalog corr_42 test pg_catalog corr EXECUTE NO +NULL admin test pg_catalog corr_43 test pg_catalog corr EXECUTE NO NULL public test pg_catalog corr_43 test pg_catalog corr EXECUTE NO NULL root test pg_catalog corr_43 test pg_catalog corr EXECUTE NO +NULL admin test pg_catalog covar_pop_44 test pg_catalog covar_pop EXECUTE NO NULL public test pg_catalog covar_pop_44 test pg_catalog covar_pop EXECUTE NO NULL root test pg_catalog covar_pop_44 test pg_catalog covar_pop EXECUTE NO +NULL admin test pg_catalog covar_pop_45 test pg_catalog covar_pop EXECUTE NO NULL public test pg_catalog covar_pop_45 test pg_catalog covar_pop EXECUTE NO NULL root test pg_catalog covar_pop_45 test pg_catalog covar_pop EXECUTE NO +NULL admin test pg_catalog covar_pop_46 test pg_catalog covar_pop EXECUTE NO NULL public test pg_catalog covar_pop_46 test pg_catalog covar_pop EXECUTE NO NULL root test pg_catalog covar_pop_46 test pg_catalog covar_pop EXECUTE NO +NULL admin test pg_catalog covar_pop_47 test pg_catalog covar_pop EXECUTE NO NULL public test pg_catalog covar_pop_47 test pg_catalog covar_pop EXECUTE NO NULL root test pg_catalog covar_pop_47 test pg_catalog covar_pop EXECUTE NO +NULL admin test pg_catalog covar_pop_48 test pg_catalog covar_pop EXECUTE NO NULL public test pg_catalog covar_pop_48 test pg_catalog covar_pop EXECUTE NO NULL root test pg_catalog covar_pop_48 test pg_catalog covar_pop EXECUTE NO +NULL admin test pg_catalog covar_pop_49 test pg_catalog covar_pop EXECUTE NO NULL public test pg_catalog covar_pop_49 test pg_catalog covar_pop EXECUTE NO NULL root test pg_catalog covar_pop_49 test pg_catalog covar_pop EXECUTE NO + +subtest end diff --git a/pkg/sql/logictest/testdata/logic_test/pg_builtins b/pkg/sql/logictest/testdata/logic_test/pg_builtins index 9177db06ec4f..74d1658205e9 100644 --- a/pkg/sql/logictest/testdata/logic_test/pg_builtins +++ b/pkg/sql/logictest/testdata/logic_test/pg_builtins @@ -882,4 +882,9 @@ select nameconcatoid(repeat('a', 58) || 'bbbbbbbbbb', 2); ---- aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbb_2 +query TI +select nameconcatoid(repeat('a', 62), 2), length(nameconcatoid(repeat('a', 62), 2)) +---- +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa_2 63 + subtest end diff --git a/pkg/sql/logictest/testdata/logic_test/pg_catalog_pg_default_acl b/pkg/sql/logictest/testdata/logic_test/pg_catalog_pg_default_acl index 25702af4774e..5b3e7c804b33 100644 --- a/pkg/sql/logictest/testdata/logic_test/pg_catalog_pg_default_acl +++ b/pkg/sql/logictest/testdata/logic_test/pg_catalog_pg_default_acl @@ -2,7 +2,7 @@ statement ok ALTER DEFAULT PRIVILEGES GRANT SELECT ON TABLES TO PUBLIC; ALTER DEFAULT PRIVILEGES GRANT USAGE ON SCHEMAS TO PUBLIC; ALTER DEFAULT PRIVILEGES GRANT SELECT ON SEQUENCES TO PUBLIC; -ALTER DEFAULT PRIVILEGES GRANT EXECUTE ON FUNCTIONS TO PUBLIC; +ALTER DEFAULT PRIVILEGES REVOKE EXECUTE ON FUNCTIONS FROM PUBLIC; # Public should appear as an empty string with privileges. query OOOTT colnames,rowsort @@ -12,7 +12,10 @@ oid defaclrole defaclnamespace defaclobjtype defaclacl 1451375629 1546506610 0 r {=r/} 1451375629 1546506610 0 S {=r/} 1451375629 1546506610 0 n {=U/} -1451375629 1546506610 0 f {=X/} +1451375629 1546506610 0 f {root=X/} + +statement ok +ALTER DEFAULT PRIVILEGES GRANT EXECUTE ON FUNCTIONS TO PUBLIC; statement ok CREATE USER foo @@ -35,7 +38,7 @@ oid defaclrole defaclnamespace defaclobjtype defaclacl 1451375629 1546506610 0 S {bar=C*U*a*d*r*w*/,foo=C*U*a*d*r*w*/,=r/} 1451375629 1546506610 0 T {bar=U*/,foo=U*/} 1451375629 1546506610 0 n {bar=C*U*/,foo=C*U*/,=U/} -1451375629 1546506610 0 f {bar=X*/,foo=X*/,=X/} +1451375629 1546506610 0 f {bar=X*/,foo=X*/} statement ok GRANT foo, bar TO root; @@ -47,7 +50,7 @@ ALTER DEFAULT PRIVILEGES FOR ROLE foo, bar GRANT ALL ON SCHEMAS TO foo, bar WITH ALTER DEFAULT PRIVILEGES FOR ROLE foo, bar GRANT ALL ON SEQUENCES TO foo, bar WITH GRANT OPTION; ALTER DEFAULT PRIVILEGES FOR ROLE foo, bar GRANT ALL ON FUNCTIONS TO foo, bar WITH GRANT OPTION; -# 12 rows should exist, 4 for each role, root, foo and bar. +# 15 rows should exist, 5 for each of root, foo and bar. query OOOTT colnames,rowsort SELECT * FROM PG_CATALOG.PG_DEFAULT_ACL ---- @@ -56,17 +59,17 @@ oid defaclrole defaclnamespace defaclobjtype defaclacl 97389596 1791217281 0 S {bar=C*U*a*d*r*w*/,foo=C*U*a*d*r*w*/} 97389596 1791217281 0 T {bar=U*/,foo=U*/,=U/} 97389596 1791217281 0 n {bar=C*U*/,foo=C*U*/} -97389596 1791217281 0 f {bar=X*/,foo=X*/} +97389596 1791217281 0 f {bar=X*/,foo=X*/,=X/} 3755498903 2026795574 0 r {bar=C*a*d*r*w*/,foo=C*a*d*r*w*/} 3755498903 2026795574 0 S {bar=C*U*a*d*r*w*/,foo=C*U*a*d*r*w*/} 3755498903 2026795574 0 T {bar=U*/,foo=U*/,=U/} 3755498903 2026795574 0 n {bar=C*U*/,foo=C*U*/} -3755498903 2026795574 0 f {bar=X*/,foo=X*/} +3755498903 2026795574 0 f {bar=X*/,foo=X*/,=X/} 1451375629 1546506610 0 r {bar=C*a*d*r*w*/,foo=C*a*d*r*w*/,=r/} 1451375629 1546506610 0 S {bar=C*U*a*d*r*w*/,foo=C*U*a*d*r*w*/,=r/} 1451375629 1546506610 0 T {bar=U*/,foo=U*/} 1451375629 1546506610 0 n {bar=C*U*/,foo=C*U*/,=U/} -1451375629 1546506610 0 f {bar=X*/,foo=X*/,=X/} +1451375629 1546506610 0 f {bar=X*/,foo=X*/} statement ok ALTER DEFAULT PRIVILEGES FOR ROLE foo, bar REVOKE ALL ON TABLES FROM foo, bar; @@ -85,17 +88,17 @@ oid defaclrole defaclnamespace defaclobjtype defaclacl 97389596 1791217281 0 S {} 97389596 1791217281 0 T {=U/} 97389596 1791217281 0 n {} -97389596 1791217281 0 f {} +97389596 1791217281 0 f {=X/} 3755498903 2026795574 0 r {} 3755498903 2026795574 0 S {} 3755498903 2026795574 0 T {=U/} 3755498903 2026795574 0 n {} -3755498903 2026795574 0 f {} +3755498903 2026795574 0 f {=X/} 1451375629 1546506610 0 r {bar=C*a*d*r*w*/,foo=C*a*d*r*w*/,=r/} 1451375629 1546506610 0 S {bar=C*U*a*d*r*w*/,foo=C*U*a*d*r*w*/,=r/} 1451375629 1546506610 0 T {bar=U*/,foo=U*/} 1451375629 1546506610 0 n {bar=C*U*/,foo=C*U*/,=U/} -1451375629 1546506610 0 f {bar=X*/,foo=X*/,=X/} +1451375629 1546506610 0 f {bar=X*/,foo=X*/} statement ok ALTER DEFAULT PRIVILEGES FOR ROLE foo GRANT ALL ON TABLES TO foo WITH GRANT OPTION; @@ -119,17 +122,17 @@ oid defaclrole defaclnamespace defaclobjtype defaclacl 97389596 1791217281 0 S {bar=C*U*a*d*r*w*/} 97389596 1791217281 0 T {bar=U*/,=U/} 97389596 1791217281 0 n {bar=C*U*/} -97389596 1791217281 0 f {bar=X*/} +97389596 1791217281 0 f {bar=X*/,=X/} 3755498903 2026795574 0 r {foo=C*a*d*r*w*/} 3755498903 2026795574 0 S {foo=C*U*a*d*r*w*/} 3755498903 2026795574 0 T {foo=U*/,=U/} 3755498903 2026795574 0 n {foo=C*U*/} -3755498903 2026795574 0 f {foo=X*/} +3755498903 2026795574 0 f {foo=X*/,=X/} 1451375629 1546506610 0 r {bar=C*a*d*r*w*/,foo=C*a*d*r*w*/,=r/} 1451375629 1546506610 0 S {bar=C*U*a*d*r*w*/,foo=C*U*a*d*r*w*/,=r/} 1451375629 1546506610 0 T {bar=U*/,foo=U*/} 1451375629 1546506610 0 n {bar=C*U*/,foo=C*U*/,=U/} -1451375629 1546506610 0 f {bar=X*/,foo=X*/,=X/} +1451375629 1546506610 0 f {bar=X*/,foo=X*/} # Revoke SELECT from foo and GRANT it back with foo being the creator role. # Ensure revoking a single privilege reflects correctly. @@ -144,17 +147,17 @@ oid defaclrole defaclnamespace defaclobjtype defaclacl 97389596 1791217281 0 S {bar=C*U*a*d*r*w*/} 97389596 1791217281 0 T {bar=U*/,=U/} 97389596 1791217281 0 n {bar=C*U*/} -97389596 1791217281 0 f {bar=X*/} +97389596 1791217281 0 f {bar=X*/,=X/} 3755498903 2026795574 0 r {foo=C*a*d*w*/} 3755498903 2026795574 0 S {foo=C*U*a*d*r*w*/} 3755498903 2026795574 0 T {foo=U*/,=U/} 3755498903 2026795574 0 n {foo=C*U*/} -3755498903 2026795574 0 f {foo=X*/} +3755498903 2026795574 0 f {foo=X*/,=X/} 1451375629 1546506610 0 r {bar=C*a*d*r*w*/,foo=C*a*d*r*w*/,=r/} 1451375629 1546506610 0 S {bar=C*U*a*d*r*w*/,foo=C*U*a*d*r*w*/,=r/} 1451375629 1546506610 0 T {bar=U*/,foo=U*/} 1451375629 1546506610 0 n {bar=C*U*/,foo=C*U*/,=U/} -1451375629 1546506610 0 f {bar=X*/,foo=X*/,=X/} +1451375629 1546506610 0 f {bar=X*/,foo=X*/} statement ok ALTER DEFAULT PRIVILEGES FOR ROLE foo GRANT SELECT ON TABLES TO foo; @@ -167,17 +170,17 @@ oid defaclrole defaclnamespace defaclobjtype defaclacl 97389596 1791217281 0 S {bar=C*U*a*d*r*w*/} 97389596 1791217281 0 T {bar=U*/,=U/} 97389596 1791217281 0 n {bar=C*U*/} -97389596 1791217281 0 f {bar=X*/} +97389596 1791217281 0 f {bar=X*/,=X/} 3755498903 2026795574 0 r {foo=C*a*d*rw*/} 3755498903 2026795574 0 S {foo=C*U*a*d*r*w*/} 3755498903 2026795574 0 T {foo=U*/,=U/} 3755498903 2026795574 0 n {foo=C*U*/} -3755498903 2026795574 0 f {foo=X*/} +3755498903 2026795574 0 f {foo=X*/,=X/} 1451375629 1546506610 0 r {bar=C*a*d*r*w*/,foo=C*a*d*r*w*/,=r/} 1451375629 1546506610 0 S {bar=C*U*a*d*r*w*/,foo=C*U*a*d*r*w*/,=r/} 1451375629 1546506610 0 T {bar=U*/,foo=U*/} 1451375629 1546506610 0 n {bar=C*U*/,foo=C*U*/,=U/} -1451375629 1546506610 0 f {bar=X*/,foo=X*/,=X/} +1451375629 1546506610 0 f {bar=X*/,foo=X*/} statement ok ALTER DEFAULT PRIVILEGES REVOKE SELECT ON TABLES FROM foo, bar, public; @@ -196,13 +199,14 @@ oid defaclrole defaclnamespace defaclobjtype defaclacl 97389596 1791217281 0 S {bar=C*U*a*d*r*w*/} 97389596 1791217281 0 T {bar=U*/,=U/} 97389596 1791217281 0 n {bar=C*U*/} -97389596 1791217281 0 f {bar=X*/} +97389596 1791217281 0 f {bar=X*/,=X/} 3755498903 2026795574 0 r {foo=C*a*d*rw*/} 3755498903 2026795574 0 S {foo=C*U*a*d*r*w*/} 3755498903 2026795574 0 T {foo=U*/,=U/} 3755498903 2026795574 0 n {foo=C*U*/} -3755498903 2026795574 0 f {foo=X*/} +3755498903 2026795574 0 f {foo=X*/,=X/} 1451375629 1546506610 0 r {bar=C*a*d*w*/,foo=C*a*d*w*/} +1451375629 1546506610 0 f {root=X/} # GRANT, DROP and ZONECONFIG should not show up in defaclacl. statement ok @@ -217,13 +221,14 @@ oid defaclrole defaclnamespace defaclobjtype defaclacl 97389596 1791217281 0 S {bar=C*U*a*d*r*w*/} 97389596 1791217281 0 T {bar=U*/,=U/} 97389596 1791217281 0 n {bar=C*U*/} -97389596 1791217281 0 f {bar=X*/} +97389596 1791217281 0 f {bar=X*/,=X/} 3755498903 2026795574 0 r {foo=C*a*d*rw*/} 3755498903 2026795574 0 S {foo=C*U*a*d*r*w*/} 3755498903 2026795574 0 T {foo=U*/,=U/} 3755498903 2026795574 0 n {foo=C*U*/} -3755498903 2026795574 0 f {foo=X*/} +3755498903 2026795574 0 f {foo=X*/,=X/} 1451375629 1546506610 0 r {foo=/} +1451375629 1546506610 0 f {root=X/} statement ok ALTER DEFAULT PRIVILEGES REVOKE DROP, ZONECONFIG ON TABLES FROM foo; @@ -245,12 +250,13 @@ oid defaclrole defaclnamespace defaclobjtype defaclacl 97389596 1791217281 0 S {bar=C*U*a*d*r*w*/} 97389596 1791217281 0 T {bar=U*/,=U/} 97389596 1791217281 0 n {bar=C*U*/} -97389596 1791217281 0 f {bar=X*/} +97389596 1791217281 0 f {bar=X*/,=X/} 3755498903 2026795574 0 r {foo=C*a*d*rw*/} 3755498903 2026795574 0 S {foo=C*U*a*d*r*w*/} 3755498903 2026795574 0 T {foo=U*/,=U/} 3755498903 2026795574 0 n {foo=C*U*/} -3755498903 2026795574 0 f {foo=X*/} +3755498903 2026795574 0 f {foo=X*/,=X/} +1451375629 1546506610 0 f {root=X/} 880552153 0 0 r {bar=C*a*d*r*w*/,foo=C*a*d*r*w*/} 880552153 0 0 S {bar=C*U*a*d*r*w*/,foo=C*U*a*d*r*w*/} 880552153 0 0 T {bar=U*/,foo=U*/} @@ -272,12 +278,13 @@ oid defaclrole defaclnamespace defaclobjtype defaclacl 97389596 1791217281 0 S {bar=C*U*a*d*r*w*/} 97389596 1791217281 0 T {bar=U*/,=U/} 97389596 1791217281 0 n {bar=C*U*/} -97389596 1791217281 0 f {bar=X*/} +97389596 1791217281 0 f {bar=X*/,=X/} 3755498903 2026795574 0 r {foo=C*a*d*rw*/} 3755498903 2026795574 0 S {foo=C*U*a*d*r*w*/} 3755498903 2026795574 0 T {foo=U*/,=U/} 3755498903 2026795574 0 n {foo=C*U*/} -3755498903 2026795574 0 f {foo=X*/} +3755498903 2026795574 0 f {foo=X*/,=X/} +1451375629 1546506610 0 f {root=X/} user testuser @@ -298,17 +305,18 @@ oid defaclrole defaclnamespace defaclobjtype defaclacl 97389596 1791217281 0 S {bar=C*U*a*d*r*w*/} 97389596 1791217281 0 T {bar=U*/,=U/} 97389596 1791217281 0 n {bar=C*U*/} -97389596 1791217281 0 f {bar=X*/} +97389596 1791217281 0 f {bar=X*/,=X/} 3755498903 2026795574 0 r {foo=C*a*d*rw*/} 3755498903 2026795574 0 S {foo=C*U*a*d*r*w*/} 3755498903 2026795574 0 T {foo=U*/,=U/} 3755498903 2026795574 0 n {foo=C*U*/} -3755498903 2026795574 0 f {foo=X*/} +3755498903 2026795574 0 f {foo=X*/,=X/} +1451375629 1546506610 0 f {root=X/} 2709666228 2264919399 0 r {} 2709666228 2264919399 0 S {} 2709666228 2264919399 0 T {=U/} 2709666228 2264919399 0 n {} -2709666228 2264919399 0 f {} +2709666228 2264919399 0 f {=X/} statement ok ALTER DEFAULT PRIVILEGES REVOKE USAGE ON TYPES FROM public; @@ -322,17 +330,18 @@ oid defaclrole defaclnamespace defaclobjtype defaclacl 97389596 1791217281 0 S {bar=C*U*a*d*r*w*/} 97389596 1791217281 0 T {bar=U*/,=U/} 97389596 1791217281 0 n {bar=C*U*/} -97389596 1791217281 0 f {bar=X*/} +97389596 1791217281 0 f {bar=X*/,=X/} 3755498903 2026795574 0 r {foo=C*a*d*rw*/} 3755498903 2026795574 0 S {foo=C*U*a*d*r*w*/} 3755498903 2026795574 0 T {foo=U*/,=U/} 3755498903 2026795574 0 n {foo=C*U*/} -3755498903 2026795574 0 f {foo=X*/} +3755498903 2026795574 0 f {foo=X*/,=X/} +1451375629 1546506610 0 f {root=X/} 2709666228 2264919399 0 r {} 2709666228 2264919399 0 S {} 2709666228 2264919399 0 T {} 2709666228 2264919399 0 n {} -2709666228 2264919399 0 f {} +2709666228 2264919399 0 f {=X/} statement ok @@ -348,17 +357,18 @@ oid defaclrole defaclnamespace defaclobjtype defaclacl 97389596 1791217281 0 S {bar=C*U*a*d*r*w*/} 97389596 1791217281 0 T {bar=U*/,=U/} 97389596 1791217281 0 n {bar=C*U*/} -97389596 1791217281 0 f {bar=X*/} +97389596 1791217281 0 f {bar=X*/,=X/} 3755498903 2026795574 0 r {foo=C*a*d*rw*/} 3755498903 2026795574 0 S {foo=C*U*a*d*r*w*/} 3755498903 2026795574 0 T {foo=U*/,=U/} 3755498903 2026795574 0 n {foo=C*U*/} -3755498903 2026795574 0 f {foo=X*/} +3755498903 2026795574 0 f {foo=X*/,=X/} +1451375629 1546506610 0 f {root=X/} 2709666228 2264919399 0 r {} 2709666228 2264919399 0 S {} 2709666228 2264919399 0 T {testuser=U*/} 2709666228 2264919399 0 n {} -2709666228 2264919399 0 f {} +2709666228 2264919399 0 f {=X/} statement ok ALTER DEFAULT PRIVILEGES GRANT ALL ON TABLES TO foo WITH GRANT OPTION; @@ -377,14 +387,15 @@ oid defaclrole defaclnamespace defaclobjtype defaclacl 97389596 1791217281 0 S {bar=C*U*a*d*r*w*/} 97389596 1791217281 0 T {bar=U*/,=U/} 97389596 1791217281 0 n {bar=C*U*/} -97389596 1791217281 0 f {bar=X*/} +97389596 1791217281 0 f {bar=X*/,=X/} 3755498903 2026795574 0 r {foo=C*a*d*rw*/} 3755498903 2026795574 0 S {foo=C*U*a*d*r*w*/} 3755498903 2026795574 0 T {foo=U*/,=U/} 3755498903 2026795574 0 n {foo=C*U*/} -3755498903 2026795574 0 f {foo=X*/} +3755498903 2026795574 0 f {foo=X*/,=X/} +1451375629 1546506610 0 f {root=X/} 2709666228 2264919399 0 r {foo=C*a*d*r*w*/} 2709666228 2264919399 0 S {foo=C*U*a*d*r*w*/} 2709666228 2264919399 0 T {foo=U*/,testuser=U*/} 2709666228 2264919399 0 n {foo=C*U*/} -2709666228 2264919399 0 f {foo=X*/} +2709666228 2264919399 0 f {foo=X*/,=X/} diff --git a/pkg/sql/logictest/testdata/logic_test/pg_catalog_pg_default_acl_with_grant_option b/pkg/sql/logictest/testdata/logic_test/pg_catalog_pg_default_acl_with_grant_option index 557f3935a572..0b583ab1bc8c 100644 --- a/pkg/sql/logictest/testdata/logic_test/pg_catalog_pg_default_acl_with_grant_option +++ b/pkg/sql/logictest/testdata/logic_test/pg_catalog_pg_default_acl_with_grant_option @@ -97,12 +97,12 @@ oid defaclrole defaclnamespace defaclobjtype defaclacl 97389596 1791217281 0 S {bar=C*U*a*d*r*w*/,foo=C*U*a*d*r*w*/} 97389596 1791217281 0 T {bar=U*/,foo=U*/,=U/} 97389596 1791217281 0 n {bar=C*U*/,foo=C*U*/} -97389596 1791217281 0 f {bar=X*/,foo=X*/} +97389596 1791217281 0 f {bar=X*/,foo=X*/,=X/} 3755498903 2026795574 0 r {bar=C*a*d*r*w*/,foo=C*a*d*r*w*/} 3755498903 2026795574 0 S {bar=C*U*a*d*r*w*/,foo=C*U*a*d*r*w*/} 3755498903 2026795574 0 T {bar=U*/,foo=U*/,=U/} 3755498903 2026795574 0 n {bar=C*U*/,foo=C*U*/} -3755498903 2026795574 0 f {bar=X*/,foo=X*/} +3755498903 2026795574 0 f {bar=X*/,foo=X*/,=X/} 1451375629 1546506610 0 r {bar=Cadrw/,foo=Cadrw/,=r/} 1451375629 1546506610 0 S {bar=CUadrw/,foo=CUadrw/,=r/} 1451375629 1546506610 0 T {bar=U/,foo=U/} @@ -126,12 +126,12 @@ oid defaclrole defaclnamespace defaclobjtype defaclacl 97389596 1791217281 0 S {} 97389596 1791217281 0 T {=U/} 97389596 1791217281 0 n {} -97389596 1791217281 0 f {} +97389596 1791217281 0 f {=X/} 3755498903 2026795574 0 r {} 3755498903 2026795574 0 S {} 3755498903 2026795574 0 T {=U/} 3755498903 2026795574 0 n {} -3755498903 2026795574 0 f {} +3755498903 2026795574 0 f {=X/} 1451375629 1546506610 0 r {bar=Cadrw/,foo=Cadrw/,=r/} 1451375629 1546506610 0 S {bar=CUadrw/,foo=CUadrw/,=r/} 1451375629 1546506610 0 T {bar=U/,foo=U/} diff --git a/pkg/sql/logictest/testdata/logic_test/show_default_privileges b/pkg/sql/logictest/testdata/logic_test/show_default_privileges index c7b22ea8c1c3..c63fce0c7310 100644 --- a/pkg/sql/logictest/testdata/logic_test/show_default_privileges +++ b/pkg/sql/logictest/testdata/logic_test/show_default_privileges @@ -3,12 +3,13 @@ query TBTTTB rowsort SHOW DEFAULT PRIVILEGES ---- -root false functions root ALL true -root false schemas root ALL true -root false sequences root ALL true -root false tables root ALL true -root false types public USAGE false -root false types root ALL true +root false functions public EXECUTE false +root false functions root ALL true +root false schemas root ALL true +root false sequences root ALL true +root false tables root ALL true +root false types public USAGE false +root false types root ALL true # Ensure revoking "default" default privileges reflects in show default # privileges. @@ -19,10 +20,11 @@ ALTER DEFAULT PRIVILEGES REVOKE USAGE ON TYPES FROM public; query TBTTTB rowsort SHOW DEFAULT PRIVILEGES ---- -root false functions root ALL true -root false schemas root ALL true -root false sequences root ALL true -root false types root ALL true +root false functions public EXECUTE false +root false functions root ALL true +root false schemas root ALL true +root false sequences root ALL true +root false types root ALL true statement ok ALTER DEFAULT PRIVILEGES GRANT SELECT ON TABLES TO PUBLIC; @@ -33,14 +35,15 @@ ALTER DEFAULT PRIVILEGES GRANT SELECT ON SEQUENCES TO PUBLIC; query TBTTTB rowsort SHOW DEFAULT PRIVILEGES ---- -root false functions root ALL true -root false schemas public USAGE false -root false schemas root ALL true -root false sequences public SELECT false -root false sequences root ALL true -root false tables public SELECT false -root false types public USAGE false -root false types root ALL true +root false functions public EXECUTE false +root false functions root ALL true +root false schemas public USAGE false +root false schemas root ALL true +root false sequences public SELECT false +root false sequences root ALL true +root false tables public SELECT false +root false types public USAGE false +root false types root ALL true statement ok CREATE USER foo @@ -51,14 +54,15 @@ CREATE USER bar query TBTTTB rowsort SHOW DEFAULT PRIVILEGES ---- -root false functions root ALL true -root false schemas public USAGE false -root false schemas root ALL true -root false sequences public SELECT false -root false sequences root ALL true -root false tables public SELECT false -root false types public USAGE false -root false types root ALL true +root false functions public EXECUTE false +root false functions root ALL true +root false schemas public USAGE false +root false schemas root ALL true +root false sequences public SELECT false +root false sequences root ALL true +root false tables public SELECT false +root false types public USAGE false +root false types root ALL true statement ok ALTER DEFAULT PRIVILEGES GRANT ALL ON TABLES TO foo, bar; @@ -69,34 +73,37 @@ ALTER DEFAULT PRIVILEGES GRANT ALL ON SEQUENCES TO foo, bar; query TBTTTB rowsort SHOW DEFAULT PRIVILEGES FOR ROLE foo, bar, root ---- -bar false functions bar ALL true -bar false schemas bar ALL true -bar false sequences bar ALL true -bar false tables bar ALL true -bar false types bar ALL true -bar false types public USAGE false -foo false functions foo ALL true -foo false schemas foo ALL true -foo false sequences foo ALL true -foo false tables foo ALL true -foo false types foo ALL true -foo false types public USAGE false -root false functions root ALL true -root false schemas bar ALL false -root false schemas foo ALL false -root false schemas public USAGE false -root false schemas root ALL true -root false sequences bar ALL false -root false sequences foo ALL false -root false sequences public SELECT false -root false sequences root ALL true -root false tables bar ALL false -root false tables foo ALL false -root false tables public SELECT false -root false types bar ALL false -root false types foo ALL false -root false types public USAGE false -root false types root ALL true +bar false functions bar ALL true +bar false functions public EXECUTE false +bar false schemas bar ALL true +bar false sequences bar ALL true +bar false tables bar ALL true +bar false types bar ALL true +bar false types public USAGE false +foo false functions foo ALL true +foo false functions public EXECUTE false +foo false schemas foo ALL true +foo false sequences foo ALL true +foo false tables foo ALL true +foo false types foo ALL true +foo false types public USAGE false +root false functions public EXECUTE false +root false functions root ALL true +root false schemas bar ALL false +root false schemas foo ALL false +root false schemas public USAGE false +root false schemas root ALL true +root false sequences bar ALL false +root false sequences foo ALL false +root false sequences public SELECT false +root false sequences root ALL true +root false tables bar ALL false +root false tables foo ALL false +root false tables public SELECT false +root false types bar ALL false +root false types foo ALL false +root false types public USAGE false +root false types root ALL true statement ok GRANT foo, bar TO root; @@ -110,22 +117,23 @@ ALTER DEFAULT PRIVILEGES FOR ROLE foo, bar GRANT ALL ON SEQUENCES TO foo, bar; query TBTTTB rowsort SHOW DEFAULT PRIVILEGES ---- -root false functions root ALL true -root false schemas bar ALL false -root false schemas foo ALL false -root false schemas public USAGE false -root false schemas root ALL true -root false sequences bar ALL false -root false sequences foo ALL false -root false sequences public SELECT false -root false sequences root ALL true -root false tables bar ALL false -root false tables foo ALL false -root false tables public SELECT false -root false types bar ALL false -root false types foo ALL false -root false types public USAGE false -root false types root ALL true +root false functions public EXECUTE false +root false functions root ALL true +root false schemas bar ALL false +root false schemas foo ALL false +root false schemas public USAGE false +root false schemas root ALL true +root false sequences bar ALL false +root false sequences foo ALL false +root false sequences public SELECT false +root false sequences root ALL true +root false tables bar ALL false +root false tables foo ALL false +root false tables public SELECT false +root false types bar ALL false +root false types foo ALL false +root false types public USAGE false +root false types root ALL true statement ok ALTER DEFAULT PRIVILEGES FOR ROLE foo, bar REVOKE ALL ON TABLES FROM foo, bar; @@ -136,22 +144,23 @@ ALTER DEFAULT PRIVILEGES FOR ROLE foo, bar REVOKE ALL ON SEQUENCES FROM foo, bar query TBTTTB rowsort SHOW DEFAULT PRIVILEGES ---- -root false functions root ALL true -root false schemas bar ALL false -root false schemas foo ALL false -root false schemas public USAGE false -root false schemas root ALL true -root false sequences bar ALL false -root false sequences foo ALL false -root false sequences public SELECT false -root false sequences root ALL true -root false tables bar ALL false -root false tables foo ALL false -root false tables public SELECT false -root false types bar ALL false -root false types foo ALL false -root false types public USAGE false -root false types root ALL true +root false functions public EXECUTE false +root false functions root ALL true +root false schemas bar ALL false +root false schemas foo ALL false +root false schemas public USAGE false +root false schemas root ALL true +root false sequences bar ALL false +root false sequences foo ALL false +root false sequences public SELECT false +root false sequences root ALL true +root false tables bar ALL false +root false tables foo ALL false +root false tables public SELECT false +root false types bar ALL false +root false types foo ALL false +root false types public USAGE false +root false types root ALL true statement ok ALTER DEFAULT PRIVILEGES REVOKE SELECT ON TABLES FROM foo, bar, public; @@ -162,26 +171,27 @@ ALTER DEFAULT PRIVILEGES REVOKE ALL ON SEQUENCES FROM foo, bar, public; query TBTTTB rowsort SHOW DEFAULT PRIVILEGES ---- -root false functions root ALL true -root false schemas root ALL true -root false sequences root ALL true -root false tables bar BACKUP false -root false tables bar CHANGEFEED false -root false tables bar CREATE false -root false tables bar DELETE false -root false tables bar DROP false -root false tables bar INSERT false -root false tables bar UPDATE false -root false tables bar ZONECONFIG false -root false tables foo BACKUP false -root false tables foo CHANGEFEED false -root false tables foo CREATE false -root false tables foo DELETE false -root false tables foo DROP false -root false tables foo INSERT false -root false tables foo UPDATE false -root false tables foo ZONECONFIG false -root false types root ALL true +root false functions public EXECUTE false +root false functions root ALL true +root false schemas root ALL true +root false sequences root ALL true +root false tables bar BACKUP false +root false tables bar CHANGEFEED false +root false tables bar CREATE false +root false tables bar DELETE false +root false tables bar DROP false +root false tables bar INSERT false +root false tables bar UPDATE false +root false tables bar ZONECONFIG false +root false tables foo BACKUP false +root false tables foo CHANGEFEED false +root false tables foo CREATE false +root false tables foo DELETE false +root false tables foo DROP false +root false tables foo INSERT false +root false tables foo UPDATE false +root false tables foo ZONECONFIG false +root false types root ALL true statement ok ALTER DEFAULT PRIVILEGES REVOKE ALL ON TABLES FROM foo, bar, public; @@ -190,12 +200,13 @@ ALTER DEFAULT PRIVILEGES GRANT DROP, ZONECONFIG ON TABLES TO foo WITH GRANT OPTI query TBTTTB rowsort SHOW DEFAULT PRIVILEGES ---- -root false functions root ALL true -root false schemas root ALL true -root false sequences root ALL true -root false tables foo DROP true -root false tables foo ZONECONFIG true -root false types root ALL true +root false functions public EXECUTE false +root false functions root ALL true +root false schemas root ALL true +root false sequences root ALL true +root false tables foo DROP true +root false tables foo ZONECONFIG true +root false types root ALL true # Create a second database. statement ok @@ -210,6 +221,7 @@ ALTER DEFAULT PRIVILEGES FOR ROLE testuser GRANT DROP, ZONECONFIG ON TABLES TO f query TBTTTB rowsort SHOW DEFAULT PRIVILEGES FOR ROLE testuser ---- +testuser false functions public EXECUTE false testuser false functions testuser ALL true testuser false schemas testuser ALL true testuser false sequences testuser ALL true @@ -224,18 +236,20 @@ user testuser query TBTTTB rowsort SHOW DEFAULT PRIVILEGES ---- -testuser false functions testuser ALL true -testuser false schemas testuser ALL true -testuser false sequences testuser ALL true -testuser false tables testuser ALL true -testuser false types public USAGE false -testuser false types testuser ALL true +testuser false functions public EXECUTE false +testuser false functions testuser ALL true +testuser false schemas testuser ALL true +testuser false sequences testuser ALL true +testuser false tables testuser ALL true +testuser false types public USAGE false +testuser false types testuser ALL true user root query TBTTTB rowsort SHOW DEFAULT PRIVILEGES FOR ROLE testuser ---- +testuser false functions public EXECUTE false testuser false functions testuser ALL true testuser false schemas testuser ALL true testuser false sequences testuser ALL true @@ -251,6 +265,7 @@ ALTER DEFAULT PRIVILEGES FOR ROLE root GRANT DROP, ZONECONFIG ON TABLES TO foo W query TBTTTB rowsort SHOW DEFAULT PRIVILEGES FOR ROLE root, testuser ---- +root false functions public EXECUTE false root false functions root ALL true root false schemas root ALL true root false sequences root ALL true @@ -259,6 +274,7 @@ root false tables foo ZONECONFIG true root false tables root ALL true root false types public USAGE false root false types root ALL true +testuser false functions public EXECUTE false testuser false functions testuser ALL true testuser false schemas testuser ALL true testuser false sequences testuser ALL true @@ -275,9 +291,10 @@ ALTER DEFAULT PRIVILEGES FOR ALL ROLES GRANT DROP, ZONECONFIG ON TABLES TO foo W query TBTTTB rowsort SHOW DEFAULT PRIVILEGES FOR ALL ROLES ---- -NULL true tables foo DROP true -NULL true tables foo ZONECONFIG true -NULL true types public USAGE false +NULL true functions public EXECUTE false +NULL true tables foo DROP true +NULL true tables foo ZONECONFIG true +NULL true types public USAGE false statement ok CREATE DATABASE "MixedCaseDB" @@ -295,6 +312,7 @@ query TBTTTB colnames,rowsort SHOW DEFAULT PRIVILEGES ---- role for_all_roles object_type grantee privilege_type is_grantable +root false functions public EXECUTE false root false functions root ALL true root false schemas root ALL true root false sequences root ALL true diff --git a/pkg/sql/logictest/testdata/logic_test/udf b/pkg/sql/logictest/testdata/logic_test/udf index 8549313e72f5..7b724a94e614 100644 --- a/pkg/sql/logictest/testdata/logic_test/udf +++ b/pkg/sql/logictest/testdata/logic_test/udf @@ -641,25 +641,43 @@ WHERE routine_name IN ('test_priv_f1', 'test_priv_f2', 'test_priv_f3') ORDER BY grantee, routine_name; ---- grantor grantee specific_catalog specific_schema specific_name routine_catalog routine_schema routine_name privilege_type is_grantable -NULL root test public test_priv_f1_100137 test public test_priv_f1 EXECUTE YES -NULL root test public test_priv_f2_100138 test public test_priv_f2 EXECUTE YES -NULL root test test_priv_sc1 test_priv_f3_100139 test test_priv_sc1 test_priv_f3 EXECUTE YES +NULL admin test public test_priv_f1_100137 test public test_priv_f1 ALL YES +NULL admin test public test_priv_f2_100138 test public test_priv_f2 ALL YES +NULL admin test test_priv_sc1 test_priv_f3_100139 test test_priv_sc1 test_priv_f3 ALL YES +NULL public test public test_priv_f1_100137 test public test_priv_f1 EXECUTE NO +NULL public test public test_priv_f2_100138 test public test_priv_f2 EXECUTE NO +NULL public test test_priv_sc1 test_priv_f3_100139 test test_priv_sc1 test_priv_f3 EXECUTE NO +NULL root test public test_priv_f1_100137 test public test_priv_f1 ALL YES +NULL root test public test_priv_f2_100138 test public test_priv_f2 ALL YES +NULL root test test_priv_sc1 test_priv_f3_100139 test test_priv_sc1 test_priv_f3 ALL YES query TTTTTTB colnames,rowsort SHOW GRANTS ON FUNCTION test_priv_f1, test_priv_f2, test_priv_f3 ---- database_name schema_name function_id function_signature grantee privilege_type is_grantable -test public 100137 test_priv_f1() root EXECUTE true -test public 100138 test_priv_f2(int8) root EXECUTE true -test test_priv_sc1 100139 test_priv_f3() root EXECUTE true +test public 100137 test_priv_f1() admin ALL true +test public 100137 test_priv_f1() public EXECUTE false +test public 100137 test_priv_f1() root ALL true +test public 100138 test_priv_f2(int8) admin ALL true +test public 100138 test_priv_f2(int8) public EXECUTE false +test public 100138 test_priv_f2(int8) root ALL true +test test_priv_sc1 100139 test_priv_f3() admin ALL true +test test_priv_sc1 100139 test_priv_f3() public EXECUTE false +test test_priv_sc1 100139 test_priv_f3() root ALL true query TTTTTTB colnames,rowsort SHOW GRANTS ON FUNCTION test_priv_f1(), test_priv_f2(INT), test_priv_f3() ---- database_name schema_name function_id function_signature grantee privilege_type is_grantable -test public 100137 test_priv_f1() root EXECUTE true -test public 100138 test_priv_f2(int8) root EXECUTE true -test test_priv_sc1 100139 test_priv_f3() root EXECUTE true +test public 100137 test_priv_f1() admin ALL true +test public 100137 test_priv_f1() public EXECUTE false +test public 100137 test_priv_f1() root ALL true +test public 100138 test_priv_f2(int8) admin ALL true +test public 100138 test_priv_f2(int8) public EXECUTE false +test public 100138 test_priv_f2(int8) root ALL true +test test_priv_sc1 100139 test_priv_f3() admin ALL true +test test_priv_sc1 100139 test_priv_f3() public EXECUTE false +test test_priv_sc1 100139 test_priv_f3() root ALL true query TTTTTT colnames SELECT * FROM [SHOW FUNCTIONS] ORDER BY function_name, result_data_type @@ -734,9 +752,15 @@ WHERE routine_name IN ('test_priv_f1', 'test_priv_f2', 'test_priv_f3') ORDER BY grantee, routine_name; ---- grantor grantee specific_catalog specific_schema specific_name routine_catalog routine_schema routine_name privilege_type is_grantable -NULL root test public test_priv_f1_100137 test public test_priv_f1 EXECUTE YES -NULL root test public test_priv_f2_100138 test public test_priv_f2 EXECUTE YES -NULL root test test_priv_sc1 test_priv_f3_100139 test test_priv_sc1 test_priv_f3 EXECUTE YES +NULL admin test public test_priv_f1_100137 test public test_priv_f1 ALL YES +NULL admin test public test_priv_f2_100138 test public test_priv_f2 ALL YES +NULL admin test test_priv_sc1 test_priv_f3_100139 test test_priv_sc1 test_priv_f3 ALL YES +NULL public test public test_priv_f1_100137 test public test_priv_f1 EXECUTE NO +NULL public test public test_priv_f2_100138 test public test_priv_f2 EXECUTE NO +NULL public test test_priv_sc1 test_priv_f3_100139 test test_priv_sc1 test_priv_f3 EXECUTE NO +NULL root test public test_priv_f1_100137 test public test_priv_f1 ALL YES +NULL root test public test_priv_f2_100138 test public test_priv_f2 ALL YES +NULL root test test_priv_sc1 test_priv_f3_100139 test test_priv_sc1 test_priv_f3 ALL YES NULL udf_test_user test public test_priv_f1_100137 test public test_priv_f1 EXECUTE YES NULL udf_test_user test public test_priv_f2_100138 test public test_priv_f2 EXECUTE YES NULL udf_test_user test test_priv_sc1 test_priv_f3_100139 test test_priv_sc1 test_priv_f3 EXECUTE YES @@ -745,11 +769,17 @@ query TTTTTTB colnames,rowsort SHOW GRANTS ON FUNCTION test_priv_f1, test_priv_f2, test_priv_f3 ---- database_name schema_name function_id function_signature grantee privilege_type is_grantable -test public 100137 test_priv_f1() root EXECUTE true +test public 100137 test_priv_f1() admin ALL true +test public 100137 test_priv_f1() public EXECUTE false +test public 100137 test_priv_f1() root ALL true test public 100137 test_priv_f1() udf_test_user EXECUTE true -test public 100138 test_priv_f2(int8) root EXECUTE true +test public 100138 test_priv_f2(int8) admin ALL true +test public 100138 test_priv_f2(int8) public EXECUTE false +test public 100138 test_priv_f2(int8) root ALL true test public 100138 test_priv_f2(int8) udf_test_user EXECUTE true -test test_priv_sc1 100139 test_priv_f3() root EXECUTE true +test test_priv_sc1 100139 test_priv_f3() admin ALL true +test test_priv_sc1 100139 test_priv_f3() public EXECUTE false +test test_priv_sc1 100139 test_priv_f3() root ALL true test test_priv_sc1 100139 test_priv_f3() udf_test_user EXECUTE true statement error pq: cannot drop role/user udf_test_user: grants still exist on.* @@ -764,9 +794,15 @@ WHERE routine_name IN ('test_priv_f1', 'test_priv_f2', 'test_priv_f3') ORDER BY grantee, routine_name; ---- grantor grantee specific_catalog specific_schema specific_name routine_catalog routine_schema routine_name privilege_type is_grantable -NULL root test public test_priv_f1_100137 test public test_priv_f1 EXECUTE YES -NULL root test public test_priv_f2_100138 test public test_priv_f2 EXECUTE YES -NULL root test test_priv_sc1 test_priv_f3_100139 test test_priv_sc1 test_priv_f3 EXECUTE YES +NULL admin test public test_priv_f1_100137 test public test_priv_f1 ALL YES +NULL admin test public test_priv_f2_100138 test public test_priv_f2 ALL YES +NULL admin test test_priv_sc1 test_priv_f3_100139 test test_priv_sc1 test_priv_f3 ALL YES +NULL public test public test_priv_f1_100137 test public test_priv_f1 EXECUTE NO +NULL public test public test_priv_f2_100138 test public test_priv_f2 EXECUTE NO +NULL public test test_priv_sc1 test_priv_f3_100139 test test_priv_sc1 test_priv_f3 EXECUTE NO +NULL root test public test_priv_f1_100137 test public test_priv_f1 ALL YES +NULL root test public test_priv_f2_100138 test public test_priv_f2 ALL YES +NULL root test test_priv_sc1 test_priv_f3_100139 test test_priv_sc1 test_priv_f3 ALL YES NULL udf_test_user test public test_priv_f1_100137 test public test_priv_f1 EXECUTE NO NULL udf_test_user test public test_priv_f2_100138 test public test_priv_f2 EXECUTE NO NULL udf_test_user test test_priv_sc1 test_priv_f3_100139 test test_priv_sc1 test_priv_f3 EXECUTE NO @@ -775,11 +811,17 @@ query TTTTTTB colnames,rowsort SHOW GRANTS ON FUNCTION test_priv_f1, test_priv_f2, test_priv_f3 ---- database_name schema_name function_id function_signature grantee privilege_type is_grantable -test public 100137 test_priv_f1() root EXECUTE true +test public 100137 test_priv_f1() admin ALL true +test public 100137 test_priv_f1() public EXECUTE false +test public 100137 test_priv_f1() root ALL true test public 100137 test_priv_f1() udf_test_user EXECUTE false -test public 100138 test_priv_f2(int8) root EXECUTE true +test public 100138 test_priv_f2(int8) admin ALL true +test public 100138 test_priv_f2(int8) public EXECUTE false +test public 100138 test_priv_f2(int8) root ALL true test public 100138 test_priv_f2(int8) udf_test_user EXECUTE false -test test_priv_sc1 100139 test_priv_f3() root EXECUTE true +test test_priv_sc1 100139 test_priv_f3() admin ALL true +test test_priv_sc1 100139 test_priv_f3() public EXECUTE false +test test_priv_sc1 100139 test_priv_f3() root ALL true test test_priv_sc1 100139 test_priv_f3() udf_test_user EXECUTE false statement ok @@ -791,17 +833,29 @@ WHERE routine_name IN ('test_priv_f1', 'test_priv_f2', 'test_priv_f3') ORDER BY grantee, routine_name; ---- grantor grantee specific_catalog specific_schema specific_name routine_catalog routine_schema routine_name privilege_type is_grantable -NULL root test public test_priv_f1_100137 test public test_priv_f1 EXECUTE YES -NULL root test public test_priv_f2_100138 test public test_priv_f2 EXECUTE YES -NULL root test test_priv_sc1 test_priv_f3_100139 test test_priv_sc1 test_priv_f3 EXECUTE YES +NULL admin test public test_priv_f1_100137 test public test_priv_f1 ALL YES +NULL admin test public test_priv_f2_100138 test public test_priv_f2 ALL YES +NULL admin test test_priv_sc1 test_priv_f3_100139 test test_priv_sc1 test_priv_f3 ALL YES +NULL public test public test_priv_f1_100137 test public test_priv_f1 EXECUTE NO +NULL public test public test_priv_f2_100138 test public test_priv_f2 EXECUTE NO +NULL public test test_priv_sc1 test_priv_f3_100139 test test_priv_sc1 test_priv_f3 EXECUTE NO +NULL root test public test_priv_f1_100137 test public test_priv_f1 ALL YES +NULL root test public test_priv_f2_100138 test public test_priv_f2 ALL YES +NULL root test test_priv_sc1 test_priv_f3_100139 test test_priv_sc1 test_priv_f3 ALL YES query TTTTTTB colnames,rowsort SHOW GRANTS ON FUNCTION test_priv_f1, test_priv_f2, test_priv_f3 ---- database_name schema_name function_id function_signature grantee privilege_type is_grantable -test public 100137 test_priv_f1() root EXECUTE true -test public 100138 test_priv_f2(int8) root EXECUTE true -test test_priv_sc1 100139 test_priv_f3() root EXECUTE true +test public 100137 test_priv_f1() admin ALL true +test public 100137 test_priv_f1() public EXECUTE false +test public 100137 test_priv_f1() root ALL true +test public 100138 test_priv_f2(int8) admin ALL true +test public 100138 test_priv_f2(int8) public EXECUTE false +test public 100138 test_priv_f2(int8) root ALL true +test test_priv_sc1 100139 test_priv_f3() admin ALL true +test test_priv_sc1 100139 test_priv_f3() public EXECUTE false +test test_priv_sc1 100139 test_priv_f3() root ALL true statement ok GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public, test_priv_sc1 TO udf_test_user WITH GRANT OPTION; @@ -812,9 +866,15 @@ WHERE routine_name IN ('test_priv_f1', 'test_priv_f2', 'test_priv_f3') ORDER BY grantee, routine_name; ---- grantor grantee specific_catalog specific_schema specific_name routine_catalog routine_schema routine_name privilege_type is_grantable -NULL root test public test_priv_f1_100137 test public test_priv_f1 EXECUTE YES -NULL root test public test_priv_f2_100138 test public test_priv_f2 EXECUTE YES -NULL root test test_priv_sc1 test_priv_f3_100139 test test_priv_sc1 test_priv_f3 EXECUTE YES +NULL admin test public test_priv_f1_100137 test public test_priv_f1 ALL YES +NULL admin test public test_priv_f2_100138 test public test_priv_f2 ALL YES +NULL admin test test_priv_sc1 test_priv_f3_100139 test test_priv_sc1 test_priv_f3 ALL YES +NULL public test public test_priv_f1_100137 test public test_priv_f1 EXECUTE NO +NULL public test public test_priv_f2_100138 test public test_priv_f2 EXECUTE NO +NULL public test test_priv_sc1 test_priv_f3_100139 test test_priv_sc1 test_priv_f3 EXECUTE NO +NULL root test public test_priv_f1_100137 test public test_priv_f1 ALL YES +NULL root test public test_priv_f2_100138 test public test_priv_f2 ALL YES +NULL root test test_priv_sc1 test_priv_f3_100139 test test_priv_sc1 test_priv_f3 ALL YES NULL udf_test_user test public test_priv_f1_100137 test public test_priv_f1 EXECUTE YES NULL udf_test_user test public test_priv_f2_100138 test public test_priv_f2 EXECUTE YES NULL udf_test_user test test_priv_sc1 test_priv_f3_100139 test test_priv_sc1 test_priv_f3 EXECUTE YES @@ -823,11 +883,17 @@ query TTTTTTB colnames,rowsort SHOW GRANTS ON FUNCTION test_priv_f1, test_priv_f2, test_priv_f3 ---- database_name schema_name function_id function_signature grantee privilege_type is_grantable -test public 100137 test_priv_f1() root EXECUTE true +test public 100137 test_priv_f1() admin ALL true +test public 100137 test_priv_f1() public EXECUTE false +test public 100137 test_priv_f1() root ALL true test public 100137 test_priv_f1() udf_test_user EXECUTE true -test public 100138 test_priv_f2(int8) root EXECUTE true +test public 100138 test_priv_f2(int8) admin ALL true +test public 100138 test_priv_f2(int8) public EXECUTE false +test public 100138 test_priv_f2(int8) root ALL true test public 100138 test_priv_f2(int8) udf_test_user EXECUTE true -test test_priv_sc1 100139 test_priv_f3() root EXECUTE true +test test_priv_sc1 100139 test_priv_f3() admin ALL true +test test_priv_sc1 100139 test_priv_f3() public EXECUTE false +test test_priv_sc1 100139 test_priv_f3() root ALL true test test_priv_sc1 100139 test_priv_f3() udf_test_user EXECUTE true statement ok @@ -839,9 +905,15 @@ WHERE routine_name IN ('test_priv_f1', 'test_priv_f2', 'test_priv_f3') ORDER BY grantee, routine_name; ---- grantor grantee specific_catalog specific_schema specific_name routine_catalog routine_schema routine_name privilege_type is_grantable -NULL root test public test_priv_f1_100137 test public test_priv_f1 EXECUTE YES -NULL root test public test_priv_f2_100138 test public test_priv_f2 EXECUTE YES -NULL root test test_priv_sc1 test_priv_f3_100139 test test_priv_sc1 test_priv_f3 EXECUTE YES +NULL admin test public test_priv_f1_100137 test public test_priv_f1 ALL YES +NULL admin test public test_priv_f2_100138 test public test_priv_f2 ALL YES +NULL admin test test_priv_sc1 test_priv_f3_100139 test test_priv_sc1 test_priv_f3 ALL YES +NULL public test public test_priv_f1_100137 test public test_priv_f1 EXECUTE NO +NULL public test public test_priv_f2_100138 test public test_priv_f2 EXECUTE NO +NULL public test test_priv_sc1 test_priv_f3_100139 test test_priv_sc1 test_priv_f3 EXECUTE NO +NULL root test public test_priv_f1_100137 test public test_priv_f1 ALL YES +NULL root test public test_priv_f2_100138 test public test_priv_f2 ALL YES +NULL root test test_priv_sc1 test_priv_f3_100139 test test_priv_sc1 test_priv_f3 ALL YES NULL udf_test_user test public test_priv_f1_100137 test public test_priv_f1 EXECUTE NO NULL udf_test_user test public test_priv_f2_100138 test public test_priv_f2 EXECUTE NO NULL udf_test_user test test_priv_sc1 test_priv_f3_100139 test test_priv_sc1 test_priv_f3 EXECUTE NO @@ -850,11 +922,17 @@ query TTTTTTB colnames,rowsort SHOW GRANTS ON FUNCTION test_priv_f1, test_priv_f2, test_priv_f3 ---- database_name schema_name function_id function_signature grantee privilege_type is_grantable -test public 100137 test_priv_f1() root EXECUTE true +test public 100137 test_priv_f1() admin ALL true +test public 100137 test_priv_f1() public EXECUTE false +test public 100137 test_priv_f1() root ALL true test public 100137 test_priv_f1() udf_test_user EXECUTE false -test public 100138 test_priv_f2(int8) root EXECUTE true +test public 100138 test_priv_f2(int8) admin ALL true +test public 100138 test_priv_f2(int8) public EXECUTE false +test public 100138 test_priv_f2(int8) root ALL true test public 100138 test_priv_f2(int8) udf_test_user EXECUTE false -test test_priv_sc1 100139 test_priv_f3() root EXECUTE true +test test_priv_sc1 100139 test_priv_f3() admin ALL true +test test_priv_sc1 100139 test_priv_f3() public EXECUTE false +test test_priv_sc1 100139 test_priv_f3() root ALL true test test_priv_sc1 100139 test_priv_f3() udf_test_user EXECUTE false statement ok @@ -866,17 +944,29 @@ WHERE routine_name IN ('test_priv_f1', 'test_priv_f2', 'test_priv_f3') ORDER BY grantee, routine_name; ---- grantor grantee specific_catalog specific_schema specific_name routine_catalog routine_schema routine_name privilege_type is_grantable -NULL root test public test_priv_f1_100137 test public test_priv_f1 EXECUTE YES -NULL root test public test_priv_f2_100138 test public test_priv_f2 EXECUTE YES -NULL root test test_priv_sc1 test_priv_f3_100139 test test_priv_sc1 test_priv_f3 EXECUTE YES +NULL admin test public test_priv_f1_100137 test public test_priv_f1 ALL YES +NULL admin test public test_priv_f2_100138 test public test_priv_f2 ALL YES +NULL admin test test_priv_sc1 test_priv_f3_100139 test test_priv_sc1 test_priv_f3 ALL YES +NULL public test public test_priv_f1_100137 test public test_priv_f1 EXECUTE NO +NULL public test public test_priv_f2_100138 test public test_priv_f2 EXECUTE NO +NULL public test test_priv_sc1 test_priv_f3_100139 test test_priv_sc1 test_priv_f3 EXECUTE NO +NULL root test public test_priv_f1_100137 test public test_priv_f1 ALL YES +NULL root test public test_priv_f2_100138 test public test_priv_f2 ALL YES +NULL root test test_priv_sc1 test_priv_f3_100139 test test_priv_sc1 test_priv_f3 ALL YES query TTTTTTB colnames,rowsort SHOW GRANTS ON FUNCTION test_priv_f1, test_priv_f2, test_priv_f3 ---- database_name schema_name function_id function_signature grantee privilege_type is_grantable -test public 100137 test_priv_f1() root EXECUTE true -test public 100138 test_priv_f2(int8) root EXECUTE true -test test_priv_sc1 100139 test_priv_f3() root EXECUTE true +test public 100137 test_priv_f1() admin ALL true +test public 100137 test_priv_f1() public EXECUTE false +test public 100137 test_priv_f1() root ALL true +test public 100138 test_priv_f2(int8) admin ALL true +test public 100138 test_priv_f2(int8) public EXECUTE false +test public 100138 test_priv_f2(int8) root ALL true +test test_priv_sc1 100139 test_priv_f3() admin ALL true +test test_priv_sc1 100139 test_priv_f3() public EXECUTE false +test test_priv_sc1 100139 test_priv_f3() root ALL true statement ok DROP FUNCTION test_priv_f1; @@ -896,15 +986,19 @@ WHERE routine_name IN ('test_priv_f1', 'test_priv_f2', 'test_priv_f3') ORDER BY grantee, routine_name; ---- grantor grantee specific_catalog specific_schema specific_name routine_catalog routine_schema routine_name privilege_type is_grantable -NULL root test public test_priv_f1_100140 test public test_priv_f1 EXECUTE YES +NULL admin test public test_priv_f1_100140 test public test_priv_f1 ALL YES +NULL public test public test_priv_f1_100140 test public test_priv_f1 EXECUTE NO +NULL root test public test_priv_f1_100140 test public test_priv_f1 ALL YES -query TTTTTTB colnames +query TTTTTTB colnames,nosort SHOW GRANTS ON FUNCTION test_priv_f1 ---- database_name schema_name function_id function_signature grantee privilege_type is_grantable -test public 100140 test_priv_f1() root EXECUTE true +test public 100140 test_priv_f1() admin ALL true +test public 100140 test_priv_f1() public EXECUTE false +test public 100140 test_priv_f1() root ALL true -# Add default privilege and make sure new function +# Add default privilege and make sure new function has that privilege. statement ok ALTER DEFAULT PRIVILEGES IN SCHEMA public, test_priv_sc1 GRANT EXECUTE ON FUNCTIONS TO udf_test_user WITH GRANT OPTION; @@ -918,9 +1012,15 @@ WHERE routine_name IN ('test_priv_f1', 'test_priv_f2', 'test_priv_f3') ORDER BY grantee, routine_name; ---- grantor grantee specific_catalog specific_schema specific_name routine_catalog routine_schema routine_name privilege_type is_grantable -NULL root test public test_priv_f1_100140 test public test_priv_f1 EXECUTE YES -NULL root test public test_priv_f2_100141 test public test_priv_f2 EXECUTE YES -NULL root test test_priv_sc1 test_priv_f3_100142 test test_priv_sc1 test_priv_f3 EXECUTE YES +NULL admin test public test_priv_f1_100140 test public test_priv_f1 ALL YES +NULL admin test public test_priv_f2_100141 test public test_priv_f2 ALL YES +NULL admin test test_priv_sc1 test_priv_f3_100142 test test_priv_sc1 test_priv_f3 ALL YES +NULL public test public test_priv_f1_100140 test public test_priv_f1 EXECUTE NO +NULL public test public test_priv_f2_100141 test public test_priv_f2 EXECUTE NO +NULL public test test_priv_sc1 test_priv_f3_100142 test test_priv_sc1 test_priv_f3 EXECUTE NO +NULL root test public test_priv_f1_100140 test public test_priv_f1 ALL YES +NULL root test public test_priv_f2_100141 test public test_priv_f2 ALL YES +NULL root test test_priv_sc1 test_priv_f3_100142 test test_priv_sc1 test_priv_f3 ALL YES NULL udf_test_user test public test_priv_f2_100141 test public test_priv_f2 EXECUTE YES NULL udf_test_user test test_priv_sc1 test_priv_f3_100142 test test_priv_sc1 test_priv_f3 EXECUTE YES @@ -928,10 +1028,16 @@ query TTTTTTB colnames,rowsort SHOW GRANTS ON FUNCTION test_priv_f1, test_priv_f2, test_priv_f3 ---- database_name schema_name function_id function_signature grantee privilege_type is_grantable -test public 100140 test_priv_f1() root EXECUTE true -test public 100141 test_priv_f2(int8) root EXECUTE true +test public 100140 test_priv_f1() admin ALL true +test public 100140 test_priv_f1() public EXECUTE false +test public 100140 test_priv_f1() root ALL true +test public 100141 test_priv_f2(int8) admin ALL true +test public 100141 test_priv_f2(int8) public EXECUTE false +test public 100141 test_priv_f2(int8) root ALL true test public 100141 test_priv_f2(int8) udf_test_user EXECUTE true -test test_priv_sc1 100142 test_priv_f3() root EXECUTE true +test test_priv_sc1 100142 test_priv_f3() admin ALL true +test test_priv_sc1 100142 test_priv_f3() public EXECUTE false +test test_priv_sc1 100142 test_priv_f3() root ALL true test test_priv_sc1 100142 test_priv_f3() udf_test_user EXECUTE true statement ok @@ -944,13 +1050,71 @@ WHERE routine_name IN ('test_priv_f1', 'test_priv_f2', 'test_priv_f3') ORDER BY grantee, routine_name; ---- grantor grantee specific_catalog specific_schema specific_name routine_catalog routine_schema routine_name privilege_type is_grantable -NULL root test public test_priv_f1_100140 test public test_priv_f1 EXECUTE YES +NULL admin test public test_priv_f1_100140 test public test_priv_f1 ALL YES +NULL public test public test_priv_f1_100140 test public test_priv_f1 EXECUTE NO +NULL root test public test_priv_f1_100140 test public test_priv_f1 ALL YES -query TTTTTTB colnames +query TTTTTTB colnames,nosort SHOW GRANTS ON FUNCTION test_priv_f1 ---- database_name schema_name function_id function_signature grantee privilege_type is_grantable -test public 100140 test_priv_f1() root EXECUTE true +test public 100140 test_priv_f1() admin ALL true +test public 100140 test_priv_f1() public EXECUTE false +test public 100140 test_priv_f1() root ALL true + +# Revoke default privilege from public and make sure new function does not have +# that privilege. +statement ok +ALTER DEFAULT PRIVILEGES REVOKE EXECUTE ON FUNCTIONS FROM public; + +statement ok +CREATE FUNCTION test_priv_f4(int) RETURNS INT LANGUAGE SQL AS $$ SELECT 1 $$; +CREATE FUNCTION test_priv_sc1.test_priv_f5() RETURNS INT LANGUAGE SQL AS $$ SELECT 1 $$; +GRANT CREATE ON SCHEMA test_priv_sc1 TO udf_test_user; + +# A function created by a different user should still have EXECUTE privilege +# for public. Also, the owner should always have ALL privileges implicitly. +statement ok +SET ROLE udf_test_user; +CREATE FUNCTION test_priv_sc1.test_priv_f6() RETURNS INT LANGUAGE SQL AS $$ SELECT 1 $$; +RESET ROLE + +query TTTTTTTTTT colnames +SELECT * FROM information_schema.role_routine_grants +WHERE routine_name IN ('test_priv_f4', 'test_priv_f5', 'test_priv_f6') +ORDER BY grantee, routine_name; +---- +grantor grantee specific_catalog specific_schema specific_name routine_catalog routine_schema routine_name privilege_type is_grantable +NULL admin test public test_priv_f4_100143 test public test_priv_f4 ALL YES +NULL admin test test_priv_sc1 test_priv_f5_100144 test test_priv_sc1 test_priv_f5 ALL YES +NULL admin test test_priv_sc1 test_priv_f6_100145 test test_priv_sc1 test_priv_f6 ALL YES +NULL public test test_priv_sc1 test_priv_f6_100145 test test_priv_sc1 test_priv_f6 EXECUTE NO +NULL root test public test_priv_f4_100143 test public test_priv_f4 ALL YES +NULL root test test_priv_sc1 test_priv_f5_100144 test test_priv_sc1 test_priv_f5 ALL YES +NULL root test test_priv_sc1 test_priv_f6_100145 test test_priv_sc1 test_priv_f6 ALL YES +NULL udf_test_user test public test_priv_f4_100143 test public test_priv_f4 EXECUTE YES +NULL udf_test_user test test_priv_sc1 test_priv_f5_100144 test test_priv_sc1 test_priv_f5 EXECUTE YES +NULL udf_test_user test test_priv_sc1 test_priv_f6_100145 test test_priv_sc1 test_priv_f6 ALL YES + +query TTTTTTB colnames,rowsort +SHOW GRANTS ON FUNCTION test_priv_f4, test_priv_f5, test_priv_f6 +---- +database_name schema_name function_id function_signature grantee privilege_type is_grantable +test public 100143 test_priv_f4(int8) admin ALL true +test public 100143 test_priv_f4(int8) root ALL true +test public 100143 test_priv_f4(int8) udf_test_user EXECUTE true +test test_priv_sc1 100144 test_priv_f5() admin ALL true +test test_priv_sc1 100144 test_priv_f5() root ALL true +test test_priv_sc1 100144 test_priv_f5() udf_test_user EXECUTE true +test test_priv_sc1 100145 test_priv_f6() admin ALL true +test test_priv_sc1 100145 test_priv_f6() public EXECUTE false +test test_priv_sc1 100145 test_priv_f6() root ALL true +test test_priv_sc1 100145 test_priv_f6() udf_test_user ALL true + +statement ok +DROP FUNCTION test_priv_f4; +DROP FUNCTION test_priv_sc1.test_priv_f5; +DROP FUNCTION test_priv_sc1.test_priv_f6; statement ok ALTER DEFAULT PRIVILEGES IN SCHEMA public, test_priv_sc1 REVOKE EXECUTE ON FUNCTIONS FROM udf_test_user; @@ -965,17 +1129,25 @@ WHERE routine_name IN ('test_priv_f1', 'test_priv_f2', 'test_priv_f3') ORDER BY grantee, routine_name; ---- grantor grantee specific_catalog specific_schema specific_name routine_catalog routine_schema routine_name privilege_type is_grantable -NULL root test public test_priv_f1_100140 test public test_priv_f1 EXECUTE YES -NULL root test public test_priv_f2_100143 test public test_priv_f2 EXECUTE YES -NULL root test test_priv_sc1 test_priv_f3_100144 test test_priv_sc1 test_priv_f3 EXECUTE YES +NULL admin test public test_priv_f1_100140 test public test_priv_f1 ALL YES +NULL admin test public test_priv_f2_100146 test public test_priv_f2 ALL YES +NULL admin test test_priv_sc1 test_priv_f3_100147 test test_priv_sc1 test_priv_f3 ALL YES +NULL public test public test_priv_f1_100140 test public test_priv_f1 EXECUTE NO +NULL root test public test_priv_f1_100140 test public test_priv_f1 ALL YES +NULL root test public test_priv_f2_100146 test public test_priv_f2 ALL YES +NULL root test test_priv_sc1 test_priv_f3_100147 test test_priv_sc1 test_priv_f3 ALL YES query TTTTTTB colnames,rowsort SHOW GRANTS ON FUNCTION test_priv_f1, test_priv_f2, test_priv_f3 ---- database_name schema_name function_id function_signature grantee privilege_type is_grantable -test public 100140 test_priv_f1() root EXECUTE true -test public 100143 test_priv_f2(int8) root EXECUTE true -test test_priv_sc1 100144 test_priv_f3() root EXECUTE true +test public 100140 test_priv_f1() admin ALL true +test public 100140 test_priv_f1() public EXECUTE false +test public 100140 test_priv_f1() root ALL true +test public 100146 test_priv_f2(int8) admin ALL true +test public 100146 test_priv_f2(int8) root ALL true +test test_priv_sc1 100147 test_priv_f3() admin ALL true +test test_priv_sc1 100147 test_priv_f3() root ALL true # Make sure has_function_privilege works. query B @@ -1265,9 +1437,9 @@ SELECT oid, proname, prosrc FROM pg_catalog.pg_proc WHERE proname IN ('f_test_sc') ORDER BY oid ---- -100150 f_test_sc SELECT 1; -100151 f_test_sc SELECT 2; -100153 f_test_sc SELECT 3; +100153 f_test_sc SELECT 1; +100154 f_test_sc SELECT 2; +100156 f_test_sc SELECT 3; query TT WITH fns AS ( @@ -1288,9 +1460,9 @@ SELECT fn->>'id' AS id, fn->'parentSchemaId' FROM fns ORDER BY id; ---- -150 105 -151 105 -153 152 +153 105 +154 105 +156 155 statement error pq: cannot move objects into or out of virtual schemas ALTER FUNCTION f_test_sc() SET SCHEMA pg_catalog; @@ -1321,9 +1493,9 @@ SELECT fn->>'id' AS id, fn->'parentSchemaId' FROM fns ORDER BY id; ---- -150 105 -151 105 -153 152 +153 105 +154 105 +156 155 query T SELECT create_statement FROM [SHOW CREATE FUNCTION public.f_test_sc] ORDER BY 1 @@ -1371,9 +1543,9 @@ SELECT fn->>'id' AS id, fn->'parentSchemaId' FROM fns ORDER BY id; ---- -150 105 -151 152 -153 152 +153 105 +154 155 +156 155 query T SELECT create_statement FROM [SHOW CREATE FUNCTION public.f_test_sc]; @@ -1804,7 +1976,7 @@ WITH tmp AS ( ) SELECT etype, info_json->'DescriptorID', info_json->'FunctionName', info_json->'Statement' FROM tmp; ---- -create_function 203 "test.public.f_test_log" "CREATE FUNCTION test.public.f_test_log()\n\tRETURNS INT8\n\tLANGUAGE SQL\n\tAS $$SELECT 1;$$" +create_function 206 "test.public.f_test_log" "CREATE FUNCTION test.public.f_test_log()\n\tRETURNS INT8\n\tLANGUAGE SQL\n\tAS $$SELECT 1;$$" statement ok CREATE OR REPLACE FUNCTION f_test_log() RETURNS INT LANGUAGE SQL AS $$ SELECT 2 $$; @@ -1820,8 +1992,8 @@ SELECT etype, info_json->'DescriptorID', info_json->'FunctionName', info_json->' FROM tmp ORDER BY 4 ---- -create_function 203 "test.public.f_test_log" "CREATE FUNCTION test.public.f_test_log()\n\tRETURNS INT8\n\tLANGUAGE SQL\n\tAS $$SELECT 1;$$" -create_function 203 "test.public.f_test_log" "CREATE OR REPLACE FUNCTION test.public.f_test_log()\n\tRETURNS INT8\n\tLANGUAGE SQL\n\tAS $$SELECT 2;$$" +create_function 206 "test.public.f_test_log" "CREATE FUNCTION test.public.f_test_log()\n\tRETURNS INT8\n\tLANGUAGE SQL\n\tAS $$SELECT 1;$$" +create_function 206 "test.public.f_test_log" "CREATE OR REPLACE FUNCTION test.public.f_test_log()\n\tRETURNS INT8\n\tLANGUAGE SQL\n\tAS $$SELECT 2;$$" statement ok ALTER FUNCTION f_test_log RENAME TO f_test_log_new; @@ -1835,7 +2007,7 @@ WITH tmp AS ( ) SELECT etype, info_json->'DescriptorID', info_json->'FunctionName', info_json->'NewFunctionName', info_json->'Statement' FROM tmp; ---- -rename_function 203 "test.public.f_test_log" "test.public.f_test_log_new" "ALTER FUNCTION \"\".\"\".f_test_log RENAME TO f_test_log_new" +rename_function 206 "test.public.f_test_log" "test.public.f_test_log_new" "ALTER FUNCTION \"\".\"\".f_test_log RENAME TO f_test_log_new" statement ok ALTER FUNCTION f_test_log_new RENAME TO f_test_log; @@ -1852,7 +2024,7 @@ WITH tmp AS ( ) SELECT etype, info_json->'DescriptorID', info_json->'FunctionName', info_json->'Owner', info_json->'Statement' FROM tmp; ---- -alter_function_owner 203 "test.public.f_test_log" "u_test_event" "ALTER FUNCTION \"\".\"\".f_test_log OWNER TO u_test_event" +alter_function_owner 206 "test.public.f_test_log" "u_test_event" "ALTER FUNCTION \"\".\"\".f_test_log OWNER TO u_test_event" statement ok ALTER FUNCTION f_test_log SET SCHEMA sc_test_event; @@ -1866,7 +2038,7 @@ WITH tmp AS ( ) SELECT etype, info_json->'DescriptorID', info_json->'DescriptorName', info_json->'NewDescriptorName', info_json->'Statement' FROM tmp; ---- -set_schema 203 "test.public.f_test_log" "test.sc_test_event.f_test_log" "ALTER FUNCTION \"\".\"\".f_test_log SET SCHEMA sc_test_event" +set_schema 206 "test.public.f_test_log" "test.sc_test_event.f_test_log" "ALTER FUNCTION \"\".\"\".f_test_log SET SCHEMA sc_test_event" statement ok ALTER FUNCTION sc_test_event.f_test_log SET SCHEMA public; @@ -1882,7 +2054,7 @@ WITH tmp AS ( ) SELECT etype, info_json->'DescriptorID', info_json->'FunctionName', info_json->'Statement' FROM tmp; ---- -alter_function_options 203 "test.public.f_test_log" "ALTER FUNCTION \"\".\"\".f_test_log IMMUTABLE" +alter_function_options 206 "test.public.f_test_log" "ALTER FUNCTION \"\".\"\".f_test_log IMMUTABLE" onlyif config local-legacy-schema-changer query TTTT retry @@ -1893,7 +2065,7 @@ WITH tmp AS ( ) SELECT etype, info_json->'DescriptorID', info_json->'FunctionName', info_json->'Statement' FROM tmp; ---- -drop_function 203 "test.public.f_test_log" "DROP FUNCTION \"\".\"\".f_test_log" +drop_function 206 "test.public.f_test_log" "DROP FUNCTION \"\".\"\".f_test_log" subtest show_grants @@ -1914,10 +2086,12 @@ SELECT * FROM [ ] ORDER BY function_signature, grantee ---- database_name schema_name function_id function_signature grantee privilege_type is_grantable -test sc_test_show_grants 100205 f_test_show_grants(int8) root EXECUTE true -test sc_test_show_grants 100205 f_test_show_grants(int8) u_test_show_grants EXECUTE false -test sc_test_show_grants 100206 f_test_show_grants(int8, text, oid) root EXECUTE true -test sc_test_show_grants 100206 f_test_show_grants(int8, text, oid) u_test_show_grants EXECUTE false +test sc_test_show_grants 100208 f_test_show_grants(int8) admin ALL true +test sc_test_show_grants 100208 f_test_show_grants(int8) root ALL true +test sc_test_show_grants 100208 f_test_show_grants(int8) u_test_show_grants EXECUTE false +test sc_test_show_grants 100209 f_test_show_grants(int8, text, oid) admin ALL true +test sc_test_show_grants 100209 f_test_show_grants(int8, text, oid) root ALL true +test sc_test_show_grants 100209 f_test_show_grants(int8, text, oid) u_test_show_grants EXECUTE false statement error pq: function f_test_show_grants\(string\) does not exist: function undefined SHOW GRANTS ON FUNCTION f_test_show_grants(string); @@ -1926,15 +2100,17 @@ query TTTTTTB colnames SELECT * FROM [SHOW GRANTS ON FUNCTION f_test_show_grants(INT)] ORDER BY grantee ---- database_name schema_name function_id function_signature grantee privilege_type is_grantable -test sc_test_show_grants 100205 f_test_show_grants(int8) root EXECUTE true -test sc_test_show_grants 100205 f_test_show_grants(int8) u_test_show_grants EXECUTE false +test sc_test_show_grants 100208 f_test_show_grants(int8) admin ALL true +test sc_test_show_grants 100208 f_test_show_grants(int8) root ALL true +test sc_test_show_grants 100208 f_test_show_grants(int8) u_test_show_grants EXECUTE false query TTTTTTB colnames SELECT * FROM [SHOW GRANTS ON FUNCTION f_test_show_grants(INT, string, OID)] ORDER BY function_signature, grantee ---- database_name schema_name function_id function_signature grantee privilege_type is_grantable -test sc_test_show_grants 100206 f_test_show_grants(int8, text, oid) root EXECUTE true -test sc_test_show_grants 100206 f_test_show_grants(int8, text, oid) u_test_show_grants EXECUTE false +test sc_test_show_grants 100209 f_test_show_grants(int8, text, oid) admin ALL true +test sc_test_show_grants 100209 f_test_show_grants(int8, text, oid) root ALL true +test sc_test_show_grants 100209 f_test_show_grants(int8, text, oid) u_test_show_grants EXECUTE false statement error pq: unknown function: f_not_existing\(\): function undefined SHOW GRANTS ON FUNCTION f_not_existing; @@ -1945,8 +2121,8 @@ SELECT * FROM [ ] ORDER BY function_id ---- database_name schema_name function_id function_signature grantee privilege_type is_grantable -test sc_test_show_grants 100205 f_test_show_grants(int8) u_test_show_grants EXECUTE false -test sc_test_show_grants 100206 f_test_show_grants(int8, text, oid) u_test_show_grants EXECUTE false +test sc_test_show_grants 100208 f_test_show_grants(int8) u_test_show_grants EXECUTE false +test sc_test_show_grants 100209 f_test_show_grants(int8, text, oid) u_test_show_grants EXECUTE false query TTTTTB colnames SELECT * FROM [SHOW GRANTS FOR u_test_show_grants] ORDER BY relation_name @@ -3088,10 +3264,10 @@ SELECT oid, proname, pronamespace, proowner, prolang, proleakproof, proisstrict, FROM pg_catalog.pg_proc WHERE proname IN ('f_93314', 'f_93314_alias', 'f_93314_comp', 'f_93314_comp_t') ORDER BY oid; ---- -100273 f_93314 105 1546506610 14 false false false v 0 100272 · {} NULL SELECT i, e FROM test.public.t_93314 ORDER BY i LIMIT 1; -100275 f_93314_alias 105 1546506610 14 false false false v 0 100274 · {} NULL SELECT i, e FROM test.public.t_93314_alias ORDER BY i LIMIT 1; -100279 f_93314_comp 105 1546506610 14 false false false v 0 100276 · {} NULL SELECT (1:::INT8, 2:::INT8); -100280 f_93314_comp_t 105 1546506610 14 false false false v 0 100278 · {} NULL SELECT a, c FROM test.public.t_93314_comp LIMIT 1; +100276 f_93314 105 1546506610 14 false false false v 0 100275 · {} NULL SELECT i, e FROM test.public.t_93314 ORDER BY i LIMIT 1; +100278 f_93314_alias 105 1546506610 14 false false false v 0 100277 · {} NULL SELECT i, e FROM test.public.t_93314_alias ORDER BY i LIMIT 1; +100282 f_93314_comp 105 1546506610 14 false false false v 0 100279 · {} NULL SELECT (1:::INT8, 2:::INT8); +100283 f_93314_comp_t 105 1546506610 14 false false false v 0 100281 · {} NULL SELECT a, c FROM test.public.t_93314_comp LIMIT 1; # Regression test for #95240. Strict UDFs that are inlined should result in NULL # when presented with NULL arguments. diff --git a/pkg/sql/pg_catalog.go b/pkg/sql/pg_catalog.go index 774eb4435abf..14a4b80e0393 100644 --- a/pkg/sql/pg_catalog.go +++ b/pkg/sql/pg_catalog.go @@ -1297,7 +1297,7 @@ https://www.postgresql.org/docs/13/catalog-pg-default-acl.html`, // the RoleHasAllPrivilegesOnX flag and skip. We still have to take // into consideration the PublicHasUsageOnTypes flag. if objectType == privilege.Types { - // if the objectType is tree.Types, we only omit the entry + // if the objectType is Types, we only omit the entry // if both the role has ALL privileges AND public has USAGE. // This is the "default" state for default privileges on types // in Postgres. @@ -1306,6 +1306,16 @@ https://www.postgresql.org/docs/13/catalog-pg-default-acl.html`, catprivilege.GetPublicHasUsageOnTypes(&defaultPrivilegesForRole) { continue } + } else if objectType == privilege.Functions { + // if the objectType is Functions, we only omit the entry + // if both the role has ALL privileges AND public has EXECUTE. + // This is the "default" state for default privileges on functions + // in Postgres. + if (!defaultPrivilegesForRole.IsExplicitRole() || + catprivilege.GetRoleHasAllPrivilegesOnTargetObject(&defaultPrivilegesForRole, privilege.Functions)) && + catprivilege.GetPublicHasExecuteOnFunctions(&defaultPrivilegesForRole) { + continue + } } else if !defaultPrivilegesForRole.IsExplicitRole() || catprivilege.GetRoleHasAllPrivilegesOnTargetObject(&defaultPrivilegesForRole, objectType) { continue @@ -1360,11 +1370,11 @@ https://www.postgresql.org/docs/13/catalog-pg-default-acl.html`, } } - // Special cases to handle for types. + // Special cases to handle for types and functions. // If one of RoleHasAllPrivilegesOnTypes or PublicHasUsageOnTypes is false // and the other is true, we do not omit the entry since the default // state has changed. We have to produce an entry by expanding the - // privileges. + // privileges. Similarly, we need to check EXECUTE for functions. if defaultPrivilegesForRole.IsExplicitRole() { if objectType == privilege.Types { if !catprivilege.GetRoleHasAllPrivilegesOnTargetObject(&defaultPrivilegesForRole, privilege.Types) && @@ -1393,6 +1403,33 @@ https://www.postgresql.org/docs/13/catalog-pg-default-acl.html`, } } } + if objectType == privilege.Functions { + if !catprivilege.GetRoleHasAllPrivilegesOnTargetObject(&defaultPrivilegesForRole, privilege.Functions) && + catprivilege.GetPublicHasExecuteOnFunctions(&defaultPrivilegesForRole) { + defaclItem, err := createDefACLItem( + "" /* public role */, privilege.List{privilege.EXECUTE}, privilege.List{}, privilegeObjectType, + ) + if err != nil { + return err + } + if err := arr.Append(tree.NewDString(defaclItem)); err != nil { + return err + } + } + if !catprivilege.GetPublicHasExecuteOnFunctions(&defaultPrivilegesForRole) && + defaultPrivilegesForRole.GetExplicitRole().RoleHasAllPrivilegesOnFunctions { + defaclItem, err := createDefACLItem( + defaultPrivilegesForRole.GetExplicitRole().UserProto.Decode().Normalized(), + privilege.List{privilege.ALL}, privilege.List{}, privilegeObjectType, + ) + if err != nil { + return err + } + if err := arr.Append(tree.NewDString(defaclItem)); err != nil { + return err + } + } + } } // TODO(richardjcai): Update this logic once default privileges on diff --git a/pkg/sql/schemachanger/scbuild/testdata/create_function b/pkg/sql/schemachanger/scbuild/testdata/create_function index c2b277073dda..2fa76db9603b 100644 --- a/pkg/sql/schemachanger/scbuild/testdata/create_function +++ b/pkg/sql/schemachanger/scbuild/testdata/create_function @@ -33,6 +33,8 @@ $$; {descriptorId: 110, owner: root} - [[UserPrivileges:{DescID: 110, Name: admin}, PUBLIC], ABSENT] {descriptorId: 110, privileges: "2", userName: admin, withGrantOption: "2"} +- [[UserPrivileges:{DescID: 110, Name: public}, PUBLIC], ABSENT] + {descriptorId: 110, privileges: "1048576", userName: public} - [[UserPrivileges:{DescID: 110, Name: root}, PUBLIC], ABSENT] {descriptorId: 110, privileges: "2", userName: root, withGrantOption: "2"} - [[FunctionBody:{DescID: 110}, PUBLIC], ABSENT] diff --git a/pkg/sql/schemachanger/scbuild/testdata/drop_function b/pkg/sql/schemachanger/scbuild/testdata/drop_function index c74795ce12b1..3d7afaa192d0 100644 --- a/pkg/sql/schemachanger/scbuild/testdata/drop_function +++ b/pkg/sql/schemachanger/scbuild/testdata/drop_function @@ -25,6 +25,8 @@ DROP FUNCTION f; {descriptorId: 109, owner: root} - [[UserPrivileges:{DescID: 109, Name: admin}, ABSENT], PUBLIC] {descriptorId: 109, privileges: "2", userName: admin, withGrantOption: "2"} +- [[UserPrivileges:{DescID: 109, Name: public}, ABSENT], PUBLIC] + {descriptorId: 109, privileges: "1048576", userName: public} - [[UserPrivileges:{DescID: 109, Name: root}, ABSENT], PUBLIC] {descriptorId: 109, privileges: "2", userName: root, withGrantOption: "2"} - [[Function:{DescID: 109}, ABSENT], PUBLIC] diff --git a/pkg/sql/schemachanger/scdecomp/testdata/function b/pkg/sql/schemachanger/scdecomp/testdata/function index e76c2a8db88d..6c4cb71432ba 100644 --- a/pkg/sql/schemachanger/scdecomp/testdata/function +++ b/pkg/sql/schemachanger/scdecomp/testdata/function @@ -130,6 +130,12 @@ ElementState: childObjectId: 110 schemaId: 101 Status: PUBLIC +- UserPrivileges: + descriptorId: 110 + privileges: "1048576" + userName: public + withGrantOption: "0" + Status: PUBLIC - UserPrivileges: descriptorId: 110 privileges: "2" diff --git a/pkg/sql/schemachanger/scplan/testdata/create_function b/pkg/sql/schemachanger/scplan/testdata/create_function index 037e78d4c8db..efa3be111ff4 100644 --- a/pkg/sql/schemachanger/scplan/testdata/create_function +++ b/pkg/sql/schemachanger/scplan/testdata/create_function @@ -20,7 +20,7 @@ CREATE FUNCTION f(a notmyworkday) RETURNS INT VOLATILE LANGUAGE SQL AS $$ SELECT nextval('sq1'); $$; ---- -StatementPhase stage 1 of 1 with 11 MutationType ops +StatementPhase stage 1 of 1 with 12 MutationType ops transitions: [[Function:{DescID: 109}, PUBLIC], ABSENT] -> PUBLIC [[SchemaChild:{DescID: 109, ReferencedDescID: 101}, PUBLIC], ABSENT] -> PUBLIC @@ -28,6 +28,7 @@ StatementPhase stage 1 of 1 with 11 MutationType ops [[FunctionVolatility:{DescID: 109}, PUBLIC], ABSENT] -> PUBLIC [[Owner:{DescID: 109}, PUBLIC], ABSENT] -> PUBLIC [[UserPrivileges:{DescID: 109, Name: admin}, PUBLIC], ABSENT] -> PUBLIC + [[UserPrivileges:{DescID: 109, Name: public}, PUBLIC], ABSENT] -> PUBLIC [[UserPrivileges:{DescID: 109, Name: root}, PUBLIC], ABSENT] -> PUBLIC [[FunctionBody:{DescID: 109}, PUBLIC], ABSENT] -> PUBLIC ops: @@ -74,6 +75,11 @@ StatementPhase stage 1 of 1 with 11 MutationType ops Privileges: 2 UserName: admin WithGrantOption: 2 + *scop.UpdateUserPrivileges + Privileges: + DescriptorID: 109 + Privileges: 1048576 + UserName: public *scop.UpdateUserPrivileges Privileges: DescriptorID: 109 @@ -153,12 +159,13 @@ PreCommitPhase stage 1 of 2 with 1 MutationType op [[FunctionVolatility:{DescID: 109}, PUBLIC], PUBLIC] -> ABSENT [[Owner:{DescID: 109}, PUBLIC], PUBLIC] -> ABSENT [[UserPrivileges:{DescID: 109, Name: admin}, PUBLIC], PUBLIC] -> ABSENT + [[UserPrivileges:{DescID: 109, Name: public}, PUBLIC], PUBLIC] -> ABSENT [[UserPrivileges:{DescID: 109, Name: root}, PUBLIC], PUBLIC] -> ABSENT [[FunctionBody:{DescID: 109}, PUBLIC], PUBLIC] -> ABSENT ops: *scop.UndoAllInTxnImmediateMutationOpSideEffects {} -PreCommitPhase stage 2 of 2 with 11 MutationType ops +PreCommitPhase stage 2 of 2 with 12 MutationType ops transitions: [[Function:{DescID: 109}, PUBLIC], ABSENT] -> PUBLIC [[SchemaChild:{DescID: 109, ReferencedDescID: 101}, PUBLIC], ABSENT] -> PUBLIC @@ -166,6 +173,7 @@ PreCommitPhase stage 2 of 2 with 11 MutationType ops [[FunctionVolatility:{DescID: 109}, PUBLIC], ABSENT] -> PUBLIC [[Owner:{DescID: 109}, PUBLIC], ABSENT] -> PUBLIC [[UserPrivileges:{DescID: 109, Name: admin}, PUBLIC], ABSENT] -> PUBLIC + [[UserPrivileges:{DescID: 109, Name: public}, PUBLIC], ABSENT] -> PUBLIC [[UserPrivileges:{DescID: 109, Name: root}, PUBLIC], ABSENT] -> PUBLIC [[FunctionBody:{DescID: 109}, PUBLIC], ABSENT] -> PUBLIC ops: @@ -212,6 +220,11 @@ PreCommitPhase stage 2 of 2 with 11 MutationType ops Privileges: 2 UserName: admin WithGrantOption: 2 + *scop.UpdateUserPrivileges + Privileges: + DescriptorID: 109 + Privileges: 1048576 + UserName: public *scop.UpdateUserPrivileges Privileges: DescriptorID: 109 @@ -317,6 +330,10 @@ $$; to: [UserPrivileges:{DescID: 110, Name: admin}, PUBLIC] kind: Precedence rule: descriptor existence precedes dependents +- from: [Function:{DescID: 110}, DESCRIPTOR_ADDED] + to: [UserPrivileges:{DescID: 110, Name: public}, PUBLIC] + kind: Precedence + rule: descriptor existence precedes dependents - from: [Function:{DescID: 110}, DESCRIPTOR_ADDED] to: [UserPrivileges:{DescID: 110, Name: root}, PUBLIC] kind: Precedence @@ -349,6 +366,10 @@ $$; to: [Function:{DescID: 110}, PUBLIC] kind: Precedence rule: dependents exist before descriptor becomes public +- from: [UserPrivileges:{DescID: 110, Name: public}, PUBLIC] + to: [Function:{DescID: 110}, PUBLIC] + kind: Precedence + rule: dependents exist before descriptor becomes public - from: [UserPrivileges:{DescID: 110, Name: root}, PUBLIC] to: [Function:{DescID: 110}, PUBLIC] kind: Precedence diff --git a/pkg/sql/schemachanger/scplan/testdata/drop_function b/pkg/sql/schemachanger/scplan/testdata/drop_function index b24c02ca1d35..16c5eb1daea6 100644 --- a/pkg/sql/schemachanger/scplan/testdata/drop_function +++ b/pkg/sql/schemachanger/scplan/testdata/drop_function @@ -21,10 +21,11 @@ $$; ops DROP FUNCTION f; ---- -StatementPhase stage 1 of 1 with 11 MutationType ops +StatementPhase stage 1 of 1 with 12 MutationType ops transitions: [[Owner:{DescID: 109}, ABSENT], PUBLIC] -> ABSENT [[UserPrivileges:{DescID: 109, Name: admin}, ABSENT], PUBLIC] -> ABSENT + [[UserPrivileges:{DescID: 109, Name: public}, ABSENT], PUBLIC] -> ABSENT [[UserPrivileges:{DescID: 109, Name: root}, ABSENT], PUBLIC] -> ABSENT [[Function:{DescID: 109}, ABSENT], PUBLIC] -> DROPPED [[SchemaChild:{DescID: 109, ReferencedDescID: 101}, ABSENT], PUBLIC] -> ABSENT @@ -70,6 +71,9 @@ StatementPhase stage 1 of 1 with 11 MutationType ops *scop.RemoveUserPrivileges DescriptorID: 109 User: admin + *scop.RemoveUserPrivileges + DescriptorID: 109 + User: public *scop.RemoveUserPrivileges DescriptorID: 109 User: root @@ -77,6 +81,7 @@ PreCommitPhase stage 1 of 2 with 1 MutationType op transitions: [[Owner:{DescID: 109}, ABSENT], ABSENT] -> PUBLIC [[UserPrivileges:{DescID: 109, Name: admin}, ABSENT], ABSENT] -> PUBLIC + [[UserPrivileges:{DescID: 109, Name: public}, ABSENT], ABSENT] -> PUBLIC [[UserPrivileges:{DescID: 109, Name: root}, ABSENT], ABSENT] -> PUBLIC [[Function:{DescID: 109}, ABSENT], DROPPED] -> PUBLIC [[SchemaChild:{DescID: 109, ReferencedDescID: 101}, ABSENT], ABSENT] -> PUBLIC @@ -88,10 +93,11 @@ PreCommitPhase stage 1 of 2 with 1 MutationType op ops: *scop.UndoAllInTxnImmediateMutationOpSideEffects {} -PreCommitPhase stage 2 of 2 with 18 MutationType ops +PreCommitPhase stage 2 of 2 with 19 MutationType ops transitions: [[Owner:{DescID: 109}, ABSENT], PUBLIC] -> ABSENT [[UserPrivileges:{DescID: 109, Name: admin}, ABSENT], PUBLIC] -> ABSENT + [[UserPrivileges:{DescID: 109, Name: public}, ABSENT], PUBLIC] -> ABSENT [[UserPrivileges:{DescID: 109, Name: root}, ABSENT], PUBLIC] -> ABSENT [[Function:{DescID: 109}, ABSENT], PUBLIC] -> DROPPED [[SchemaChild:{DescID: 109, ReferencedDescID: 101}, ABSENT], PUBLIC] -> ABSENT @@ -137,6 +143,9 @@ PreCommitPhase stage 2 of 2 with 18 MutationType ops *scop.RemoveUserPrivileges DescriptorID: 109 User: admin + *scop.RemoveUserPrivileges + DescriptorID: 109 + User: public *scop.RemoveUserPrivileges DescriptorID: 109 User: root diff --git a/pkg/sql/schemachanger/testdata/end_to_end/create_function/create_function.explain b/pkg/sql/schemachanger/testdata/end_to_end/create_function/create_function.explain index 6177b269132f..0ebc05bd1de5 100644 --- a/pkg/sql/schemachanger/testdata/end_to_end/create_function/create_function.explain +++ b/pkg/sql/schemachanger/testdata/end_to_end/create_function/create_function.explain @@ -27,21 +27,23 @@ Schema change plan for CREATE FUNCTION ‹defaultdb›.‹public›.‹f›(IN AS $$SELECT ‹a› FROM ‹defaultdb›.‹public›.‹t›; SELECT ‹b› FROM ‹defaultdb›.‹public›.‹t›@‹t_idx_b›; SELECT ‹c› FROM ‹defaultdb›.‹public›.‹t›@‹t_idx_c›; SELECT ‹a› FROM ‹defaultdb›.‹public›.‹v›; SELECT nextval(‹'sq1'›);$$; ├── StatementPhase │ └── Stage 1 of 1 in StatementPhase - │ ├── 8 elements transitioning toward PUBLIC + │ ├── 9 elements transitioning toward PUBLIC │ │ ├── ABSENT → PUBLIC Function:{DescID: 110 (f+)} │ │ ├── ABSENT → PUBLIC SchemaChild:{DescID: 110 (f+), ReferencedDescID: 101 (public)} │ │ ├── ABSENT → PUBLIC FunctionName:{DescID: 110 (f+)} │ │ ├── ABSENT → PUBLIC FunctionVolatility:{DescID: 110 (f+)} │ │ ├── ABSENT → PUBLIC Owner:{DescID: 110 (f+)} │ │ ├── ABSENT → PUBLIC UserPrivileges:{DescID: 110 (f+), Name: "admin"} + │ │ ├── ABSENT → PUBLIC UserPrivileges:{DescID: 110 (f+), Name: "public"} │ │ ├── ABSENT → PUBLIC UserPrivileges:{DescID: 110 (f+), Name: "root"} │ │ └── ABSENT → PUBLIC FunctionBody:{DescID: 110 (f+)} - │ └── 11 Mutation operations + │ └── 12 Mutation operations │ ├── CreateFunctionDescriptor {"Function":{"FunctionID":110}} │ ├── SetFunctionName {"FunctionID":110,"Name":"f"} │ ├── SetFunctionVolatility {"FunctionID":110,"Volatility":1} │ ├── UpdateOwner {"Owner":{"DescriptorID":110,"Owner":"root"}} │ ├── UpdateUserPrivileges {"Privileges":{"DescriptorID":110,"Privileges":2,"UserName":"admin","WithGrantOption":2}} + │ ├── UpdateUserPrivileges {"Privileges":{"DescriptorID":110,"Privileges":1048576,"UserName":"public"}} │ ├── UpdateUserPrivileges {"Privileges":{"DescriptorID":110,"Privileges":2,"UserName":"root","WithGrantOption":2}} │ ├── SetFunctionBody {"Body":{"Body":"SELECT a FROM t;...","FunctionID":110}} │ ├── UpdateFunctionTypeReferences {"FunctionID":110} @@ -50,33 +52,36 @@ Schema change plan for CREATE FUNCTION ‹defaultdb›.‹public›.‹f›(IN │ └── MarkDescriptorAsPublic {"DescriptorID":110} └── PreCommitPhase ├── Stage 1 of 2 in PreCommitPhase - │ ├── 8 elements transitioning toward PUBLIC + │ ├── 9 elements transitioning toward PUBLIC │ │ ├── PUBLIC → ABSENT Function:{DescID: 110 (f+)} │ │ ├── PUBLIC → ABSENT SchemaChild:{DescID: 110 (f+), ReferencedDescID: 101 (public)} │ │ ├── PUBLIC → ABSENT FunctionName:{DescID: 110 (f+)} │ │ ├── PUBLIC → ABSENT FunctionVolatility:{DescID: 110 (f+)} │ │ ├── PUBLIC → ABSENT Owner:{DescID: 110 (f+)} │ │ ├── PUBLIC → ABSENT UserPrivileges:{DescID: 110 (f+), Name: "admin"} + │ │ ├── PUBLIC → ABSENT UserPrivileges:{DescID: 110 (f+), Name: "public"} │ │ ├── PUBLIC → ABSENT UserPrivileges:{DescID: 110 (f+), Name: "root"} │ │ └── PUBLIC → ABSENT FunctionBody:{DescID: 110 (f+)} │ └── 1 Mutation operation │ └── UndoAllInTxnImmediateMutationOpSideEffects └── Stage 2 of 2 in PreCommitPhase - ├── 8 elements transitioning toward PUBLIC + ├── 9 elements transitioning toward PUBLIC │ ├── ABSENT → PUBLIC Function:{DescID: 110 (f+)} │ ├── ABSENT → PUBLIC SchemaChild:{DescID: 110 (f+), ReferencedDescID: 101 (public)} │ ├── ABSENT → PUBLIC FunctionName:{DescID: 110 (f+)} │ ├── ABSENT → PUBLIC FunctionVolatility:{DescID: 110 (f+)} │ ├── ABSENT → PUBLIC Owner:{DescID: 110 (f+)} │ ├── ABSENT → PUBLIC UserPrivileges:{DescID: 110 (f+), Name: "admin"} + │ ├── ABSENT → PUBLIC UserPrivileges:{DescID: 110 (f+), Name: "public"} │ ├── ABSENT → PUBLIC UserPrivileges:{DescID: 110 (f+), Name: "root"} │ └── ABSENT → PUBLIC FunctionBody:{DescID: 110 (f+)} - └── 11 Mutation operations + └── 12 Mutation operations ├── CreateFunctionDescriptor {"Function":{"FunctionID":110}} ├── SetFunctionName {"FunctionID":110,"Name":"f"} ├── SetFunctionVolatility {"FunctionID":110,"Volatility":1} ├── UpdateOwner {"Owner":{"DescriptorID":110,"Owner":"root"}} ├── UpdateUserPrivileges {"Privileges":{"DescriptorID":110,"Privileges":2,"UserName":"admin","WithGrantOption":2}} + ├── UpdateUserPrivileges {"Privileges":{"DescriptorID":110,"Privileges":1048576,"UserName":"public"}} ├── UpdateUserPrivileges {"Privileges":{"DescriptorID":110,"Privileges":2,"UserName":"root","WithGrantOption":2}} ├── SetFunctionBody {"Body":{"Body":"SELECT a FROM t;...","FunctionID":110}} ├── UpdateFunctionTypeReferences {"FunctionID":110} diff --git a/pkg/sql/schemachanger/testdata/end_to_end/create_function/create_function.side_effects b/pkg/sql/schemachanger/testdata/end_to_end/create_function/create_function.side_effects index 39bc16e41b62..5e77feb9a022 100644 --- a/pkg/sql/schemachanger/testdata/end_to_end/create_function/create_function.side_effects +++ b/pkg/sql/schemachanger/testdata/end_to_end/create_function/create_function.side_effects @@ -42,7 +42,7 @@ write *eventpb.CreateFunction to event log: SELECT ‹a› FROM ‹defaultdb›.‹public›.‹v›; SELECT nextval(‹'sq1'›);$$" tag: CREATE FUNCTION user: root -## StatementPhase stage 1 of 1 with 11 MutationType ops +## StatementPhase stage 1 of 1 with 12 MutationType ops upsert descriptor #110 - +function: @@ -80,6 +80,8 @@ upsert descriptor #110 + - privileges: "2" + userProto: admin + withGrantOption: "2" + + - privileges: "1048576" + + userProto: public + - privileges: "2" + userProto: root + withGrantOption: "2" @@ -184,7 +186,7 @@ upsert descriptor #108 ## PreCommitPhase stage 1 of 2 with 1 MutationType op undo all catalog changes within txn #1 persist all catalog changes to storage -## PreCommitPhase stage 2 of 2 with 11 MutationType ops +## PreCommitPhase stage 2 of 2 with 12 MutationType ops upsert descriptor #110 - +function: @@ -222,6 +224,8 @@ upsert descriptor #110 + - privileges: "2" + userProto: admin + withGrantOption: "2" + + - privileges: "1048576" + + userProto: public + - privileges: "2" + userProto: root + withGrantOption: "2" diff --git a/pkg/sql/schemachanger/testdata/end_to_end/create_function_in_txn/create_function_in_txn.side_effects b/pkg/sql/schemachanger/testdata/end_to_end/create_function_in_txn/create_function_in_txn.side_effects index 224439d01336..2b2ec3948c66 100644 --- a/pkg/sql/schemachanger/testdata/end_to_end/create_function_in_txn/create_function_in_txn.side_effects +++ b/pkg/sql/schemachanger/testdata/end_to_end/create_function_in_txn/create_function_in_txn.side_effects @@ -20,7 +20,7 @@ write *eventpb.CreateFunction to event log: SQL\n\tAS $$SELECT ‹1›;$$" tag: CREATE FUNCTION user: root -## StatementPhase stage 1 of 1 with 10 MutationType ops +## StatementPhase stage 1 of 1 with 11 MutationType ops upsert descriptor #105 - +function: @@ -39,6 +39,8 @@ upsert descriptor #105 + - privileges: "2" + userProto: admin + withGrantOption: "2" + + - privileges: "1048576" + + userProto: public + - privileges: "2" + userProto: root + withGrantOption: "2" @@ -154,7 +156,7 @@ upsert descriptor #104 ## PreCommitPhase stage 1 of 2 with 1 MutationType op undo all catalog changes within txn #1 persist all catalog changes to storage -## PreCommitPhase stage 2 of 2 with 21 MutationType ops +## PreCommitPhase stage 2 of 2 with 22 MutationType ops upsert descriptor #105 - +function: @@ -191,6 +193,8 @@ upsert descriptor #105 + - privileges: "2" + userProto: admin + withGrantOption: "2" + + - privileges: "1048576" + + userProto: public + - privileges: "2" + userProto: root + withGrantOption: "2" diff --git a/pkg/sql/schemachanger/testdata/end_to_end/create_function_in_txn/create_function_in_txn__rollback_1_of_7.explain b/pkg/sql/schemachanger/testdata/end_to_end/create_function_in_txn/create_function_in_txn__rollback_1_of_7.explain index dd37c178e639..5e4c9c1c215f 100644 --- a/pkg/sql/schemachanger/testdata/end_to_end/create_function_in_txn/create_function_in_txn__rollback_1_of_7.explain +++ b/pkg/sql/schemachanger/testdata/end_to_end/create_function_in_txn/create_function_in_txn__rollback_1_of_7.explain @@ -12,9 +12,10 @@ Schema change plan for rolling back CREATE UNIQUE INDEX ‹idx› ON ‹defaultd AS $$SELECT ‹1›;$$; └── PostCommitNonRevertiblePhase ├── Stage 1 of 2 in PostCommitNonRevertiblePhase - │ ├── 15 elements transitioning toward ABSENT + │ ├── 16 elements transitioning toward ABSENT │ │ ├── PUBLIC → ABSENT Owner:{DescID: 105 (t-)} │ │ ├── PUBLIC → ABSENT UserPrivileges:{DescID: 105 (t-), Name: "admin"} + │ │ ├── PUBLIC → ABSENT UserPrivileges:{DescID: 105 (t-), Name: "public"} │ │ ├── PUBLIC → ABSENT UserPrivileges:{DescID: 105 (t-), Name: "root"} │ │ ├── DESCRIPTOR_ADDED → DROPPED Function:{DescID: 105 (t-)} │ │ ├── PUBLIC → ABSENT SchemaChild:{DescID: 105 (t-), ReferencedDescID: 101 (#101)} @@ -28,7 +29,7 @@ Schema change plan for rolling back CREATE UNIQUE INDEX ‹idx› ON ‹defaultd │ │ ├── DELETE_ONLY → ABSENT TemporaryIndex:{DescID: 104 (t), IndexID: 3, ConstraintID: 3, SourceIndexID: 1 (t_pkey)} │ │ ├── PUBLIC → ABSENT IndexColumn:{DescID: 104 (t), ColumnID: 2 (b), IndexID: 3} │ │ └── PUBLIC → ABSENT IndexColumn:{DescID: 104 (t), ColumnID: 1 (a), IndexID: 3} - │ └── 17 Mutation operations + │ └── 18 Mutation operations │ ├── RemoveColumnFromIndex {"ColumnID":2,"IndexID":2,"TableID":104} │ ├── RemoveColumnFromIndex {"ColumnID":1,"IndexID":2,"Kind":1,"TableID":104} │ ├── SetIndexName {"IndexID":2,"Name":"crdb_internal_in...","TableID":104} @@ -42,6 +43,7 @@ Schema change plan for rolling back CREATE UNIQUE INDEX ‹idx› ON ‹defaultd │ ├── MakeIndexAbsent {"IndexID":3,"TableID":104} │ ├── NotImplementedForPublicObjects {"DescID":105,"ElementType":"scpb.Owner"} │ ├── RemoveUserPrivileges {"DescriptorID":105,"User":"admin"} + │ ├── RemoveUserPrivileges {"DescriptorID":105,"User":"public"} │ ├── RemoveUserPrivileges {"DescriptorID":105,"User":"root"} │ ├── SetJobStateOnDescriptor {"DescriptorID":104} │ ├── SetJobStateOnDescriptor {"DescriptorID":105} diff --git a/pkg/sql/schemachanger/testdata/end_to_end/create_function_in_txn/create_function_in_txn__rollback_2_of_7.explain b/pkg/sql/schemachanger/testdata/end_to_end/create_function_in_txn/create_function_in_txn__rollback_2_of_7.explain index db235cca4f34..59adecf7e909 100644 --- a/pkg/sql/schemachanger/testdata/end_to_end/create_function_in_txn/create_function_in_txn__rollback_2_of_7.explain +++ b/pkg/sql/schemachanger/testdata/end_to_end/create_function_in_txn/create_function_in_txn__rollback_2_of_7.explain @@ -12,9 +12,10 @@ Schema change plan for rolling back CREATE UNIQUE INDEX ‹idx› ON ‹defaultd AS $$SELECT ‹1›;$$; └── PostCommitNonRevertiblePhase ├── Stage 1 of 2 in PostCommitNonRevertiblePhase - │ ├── 14 elements transitioning toward ABSENT + │ ├── 15 elements transitioning toward ABSENT │ │ ├── PUBLIC → ABSENT Owner:{DescID: 105 (t-)} │ │ ├── PUBLIC → ABSENT UserPrivileges:{DescID: 105 (t-), Name: "admin"} + │ │ ├── PUBLIC → ABSENT UserPrivileges:{DescID: 105 (t-), Name: "public"} │ │ ├── PUBLIC → ABSENT UserPrivileges:{DescID: 105 (t-), Name: "root"} │ │ ├── DESCRIPTOR_ADDED → DROPPED Function:{DescID: 105 (t-)} │ │ ├── PUBLIC → ABSENT SchemaChild:{DescID: 105 (t-), ReferencedDescID: 101 (#101)} @@ -27,7 +28,7 @@ Schema change plan for rolling back CREATE UNIQUE INDEX ‹idx› ON ‹defaultd │ │ ├── WRITE_ONLY → DELETE_ONLY TemporaryIndex:{DescID: 104 (t), IndexID: 3, ConstraintID: 3, SourceIndexID: 1 (t_pkey)} │ │ ├── PUBLIC → ABSENT IndexColumn:{DescID: 104 (t), ColumnID: 2 (b), IndexID: 3} │ │ └── PUBLIC → ABSENT IndexColumn:{DescID: 104 (t), ColumnID: 1 (a), IndexID: 3} - │ └── 16 Mutation operations + │ └── 17 Mutation operations │ ├── RemoveColumnFromIndex {"ColumnID":2,"IndexID":2,"TableID":104} │ ├── RemoveColumnFromIndex {"ColumnID":1,"IndexID":2,"Kind":1,"TableID":104} │ ├── SetIndexName {"IndexID":2,"Name":"crdb_internal_in...","TableID":104} @@ -40,6 +41,7 @@ Schema change plan for rolling back CREATE UNIQUE INDEX ‹idx› ON ‹defaultd │ ├── MakeIndexAbsent {"IndexID":2,"TableID":104} │ ├── NotImplementedForPublicObjects {"DescID":105,"ElementType":"scpb.Owner"} │ ├── RemoveUserPrivileges {"DescriptorID":105,"User":"admin"} + │ ├── RemoveUserPrivileges {"DescriptorID":105,"User":"public"} │ ├── RemoveUserPrivileges {"DescriptorID":105,"User":"root"} │ ├── SetJobStateOnDescriptor {"DescriptorID":104} │ ├── SetJobStateOnDescriptor {"DescriptorID":105} diff --git a/pkg/sql/schemachanger/testdata/end_to_end/create_function_in_txn/create_function_in_txn__rollback_3_of_7.explain b/pkg/sql/schemachanger/testdata/end_to_end/create_function_in_txn/create_function_in_txn__rollback_3_of_7.explain index 9f2cb8a19b31..1c68d405e9f0 100644 --- a/pkg/sql/schemachanger/testdata/end_to_end/create_function_in_txn/create_function_in_txn__rollback_3_of_7.explain +++ b/pkg/sql/schemachanger/testdata/end_to_end/create_function_in_txn/create_function_in_txn__rollback_3_of_7.explain @@ -12,9 +12,10 @@ Schema change plan for rolling back CREATE UNIQUE INDEX ‹idx› ON ‹defaultd AS $$SELECT ‹1›;$$; └── PostCommitNonRevertiblePhase ├── Stage 1 of 2 in PostCommitNonRevertiblePhase - │ ├── 14 elements transitioning toward ABSENT + │ ├── 15 elements transitioning toward ABSENT │ │ ├── PUBLIC → ABSENT Owner:{DescID: 105 (t-)} │ │ ├── PUBLIC → ABSENT UserPrivileges:{DescID: 105 (t-), Name: "admin"} + │ │ ├── PUBLIC → ABSENT UserPrivileges:{DescID: 105 (t-), Name: "public"} │ │ ├── PUBLIC → ABSENT UserPrivileges:{DescID: 105 (t-), Name: "root"} │ │ ├── DESCRIPTOR_ADDED → DROPPED Function:{DescID: 105 (t-)} │ │ ├── PUBLIC → ABSENT SchemaChild:{DescID: 105 (t-), ReferencedDescID: 101 (#101)} @@ -27,7 +28,7 @@ Schema change plan for rolling back CREATE UNIQUE INDEX ‹idx› ON ‹defaultd │ │ ├── WRITE_ONLY → DELETE_ONLY TemporaryIndex:{DescID: 104 (t), IndexID: 3, ConstraintID: 3, SourceIndexID: 1 (t_pkey)} │ │ ├── PUBLIC → ABSENT IndexColumn:{DescID: 104 (t), ColumnID: 2 (b), IndexID: 3} │ │ └── PUBLIC → ABSENT IndexColumn:{DescID: 104 (t), ColumnID: 1 (a), IndexID: 3} - │ └── 16 Mutation operations + │ └── 17 Mutation operations │ ├── RemoveColumnFromIndex {"ColumnID":2,"IndexID":2,"TableID":104} │ ├── RemoveColumnFromIndex {"ColumnID":1,"IndexID":2,"Kind":1,"TableID":104} │ ├── SetIndexName {"IndexID":2,"Name":"crdb_internal_in...","TableID":104} @@ -40,6 +41,7 @@ Schema change plan for rolling back CREATE UNIQUE INDEX ‹idx› ON ‹defaultd │ ├── MakeIndexAbsent {"IndexID":2,"TableID":104} │ ├── NotImplementedForPublicObjects {"DescID":105,"ElementType":"scpb.Owner"} │ ├── RemoveUserPrivileges {"DescriptorID":105,"User":"admin"} + │ ├── RemoveUserPrivileges {"DescriptorID":105,"User":"public"} │ ├── RemoveUserPrivileges {"DescriptorID":105,"User":"root"} │ ├── SetJobStateOnDescriptor {"DescriptorID":104} │ ├── SetJobStateOnDescriptor {"DescriptorID":105} diff --git a/pkg/sql/schemachanger/testdata/end_to_end/create_function_in_txn/create_function_in_txn__rollback_4_of_7.explain b/pkg/sql/schemachanger/testdata/end_to_end/create_function_in_txn/create_function_in_txn__rollback_4_of_7.explain index 98fe711756a6..71efb927fdf4 100644 --- a/pkg/sql/schemachanger/testdata/end_to_end/create_function_in_txn/create_function_in_txn__rollback_4_of_7.explain +++ b/pkg/sql/schemachanger/testdata/end_to_end/create_function_in_txn/create_function_in_txn__rollback_4_of_7.explain @@ -12,9 +12,10 @@ Schema change plan for rolling back CREATE UNIQUE INDEX ‹idx› ON ‹defaultd AS $$SELECT ‹1›;$$; └── PostCommitNonRevertiblePhase ├── Stage 1 of 2 in PostCommitNonRevertiblePhase - │ ├── 14 elements transitioning toward ABSENT + │ ├── 15 elements transitioning toward ABSENT │ │ ├── PUBLIC → ABSENT Owner:{DescID: 105 (t-)} │ │ ├── PUBLIC → ABSENT UserPrivileges:{DescID: 105 (t-), Name: "admin"} + │ │ ├── PUBLIC → ABSENT UserPrivileges:{DescID: 105 (t-), Name: "public"} │ │ ├── PUBLIC → ABSENT UserPrivileges:{DescID: 105 (t-), Name: "root"} │ │ ├── DESCRIPTOR_ADDED → DROPPED Function:{DescID: 105 (t-)} │ │ ├── PUBLIC → ABSENT SchemaChild:{DescID: 105 (t-), ReferencedDescID: 101 (#101)} @@ -27,7 +28,7 @@ Schema change plan for rolling back CREATE UNIQUE INDEX ‹idx› ON ‹defaultd │ │ ├── WRITE_ONLY → DELETE_ONLY TemporaryIndex:{DescID: 104 (t), IndexID: 3, ConstraintID: 3, SourceIndexID: 1 (t_pkey)} │ │ ├── PUBLIC → ABSENT IndexColumn:{DescID: 104 (t), ColumnID: 2 (b), IndexID: 3} │ │ └── PUBLIC → ABSENT IndexColumn:{DescID: 104 (t), ColumnID: 1 (a), IndexID: 3} - │ └── 16 Mutation operations + │ └── 17 Mutation operations │ ├── RemoveColumnFromIndex {"ColumnID":2,"IndexID":2,"TableID":104} │ ├── RemoveColumnFromIndex {"ColumnID":1,"IndexID":2,"Kind":1,"TableID":104} │ ├── SetIndexName {"IndexID":2,"Name":"crdb_internal_in...","TableID":104} @@ -40,6 +41,7 @@ Schema change plan for rolling back CREATE UNIQUE INDEX ‹idx› ON ‹defaultd │ ├── MakeIndexAbsent {"IndexID":2,"TableID":104} │ ├── NotImplementedForPublicObjects {"DescID":105,"ElementType":"scpb.Owner"} │ ├── RemoveUserPrivileges {"DescriptorID":105,"User":"admin"} + │ ├── RemoveUserPrivileges {"DescriptorID":105,"User":"public"} │ ├── RemoveUserPrivileges {"DescriptorID":105,"User":"root"} │ ├── SetJobStateOnDescriptor {"DescriptorID":104} │ ├── SetJobStateOnDescriptor {"DescriptorID":105} diff --git a/pkg/sql/schemachanger/testdata/end_to_end/create_function_in_txn/create_function_in_txn__rollback_5_of_7.explain b/pkg/sql/schemachanger/testdata/end_to_end/create_function_in_txn/create_function_in_txn__rollback_5_of_7.explain index bb5d5332d7ee..004e3a3cd100 100644 --- a/pkg/sql/schemachanger/testdata/end_to_end/create_function_in_txn/create_function_in_txn__rollback_5_of_7.explain +++ b/pkg/sql/schemachanger/testdata/end_to_end/create_function_in_txn/create_function_in_txn__rollback_5_of_7.explain @@ -12,9 +12,10 @@ Schema change plan for rolling back CREATE UNIQUE INDEX ‹idx› ON ‹defaultd AS $$SELECT ‹1›;$$; └── PostCommitNonRevertiblePhase ├── Stage 1 of 2 in PostCommitNonRevertiblePhase - │ ├── 14 elements transitioning toward ABSENT + │ ├── 15 elements transitioning toward ABSENT │ │ ├── PUBLIC → ABSENT Owner:{DescID: 105 (t-)} │ │ ├── PUBLIC → ABSENT UserPrivileges:{DescID: 105 (t-), Name: "admin"} + │ │ ├── PUBLIC → ABSENT UserPrivileges:{DescID: 105 (t-), Name: "public"} │ │ ├── PUBLIC → ABSENT UserPrivileges:{DescID: 105 (t-), Name: "root"} │ │ ├── DESCRIPTOR_ADDED → DROPPED Function:{DescID: 105 (t-)} │ │ ├── PUBLIC → ABSENT SchemaChild:{DescID: 105 (t-), ReferencedDescID: 101 (#101)} @@ -27,7 +28,7 @@ Schema change plan for rolling back CREATE UNIQUE INDEX ‹idx› ON ‹defaultd │ │ ├── WRITE_ONLY → DELETE_ONLY TemporaryIndex:{DescID: 104 (t), IndexID: 3, ConstraintID: 3, SourceIndexID: 1 (t_pkey)} │ │ ├── PUBLIC → ABSENT IndexColumn:{DescID: 104 (t), ColumnID: 2 (b), IndexID: 3} │ │ └── PUBLIC → ABSENT IndexColumn:{DescID: 104 (t), ColumnID: 1 (a), IndexID: 3} - │ └── 16 Mutation operations + │ └── 17 Mutation operations │ ├── MakeWriteOnlyIndexDeleteOnly {"IndexID":3,"TableID":104} │ ├── RemoveColumnFromIndex {"ColumnID":2,"IndexID":3,"TableID":104} │ ├── RemoveColumnFromIndex {"ColumnID":1,"IndexID":3,"Kind":1,"TableID":104} @@ -40,6 +41,7 @@ Schema change plan for rolling back CREATE UNIQUE INDEX ‹idx› ON ‹defaultd │ ├── SetIndexName {"IndexID":2,"Name":"crdb_internal_in...","TableID":104} │ ├── NotImplementedForPublicObjects {"DescID":105,"ElementType":"scpb.Owner"} │ ├── RemoveUserPrivileges {"DescriptorID":105,"User":"admin"} + │ ├── RemoveUserPrivileges {"DescriptorID":105,"User":"public"} │ ├── RemoveUserPrivileges {"DescriptorID":105,"User":"root"} │ ├── SetJobStateOnDescriptor {"DescriptorID":104} │ ├── SetJobStateOnDescriptor {"DescriptorID":105} diff --git a/pkg/sql/schemachanger/testdata/end_to_end/create_function_in_txn/create_function_in_txn__rollback_6_of_7.explain b/pkg/sql/schemachanger/testdata/end_to_end/create_function_in_txn/create_function_in_txn__rollback_6_of_7.explain index 48be018b6ed8..3e19d066a8cc 100644 --- a/pkg/sql/schemachanger/testdata/end_to_end/create_function_in_txn/create_function_in_txn__rollback_6_of_7.explain +++ b/pkg/sql/schemachanger/testdata/end_to_end/create_function_in_txn/create_function_in_txn__rollback_6_of_7.explain @@ -12,9 +12,10 @@ Schema change plan for rolling back CREATE UNIQUE INDEX ‹idx› ON ‹defaultd AS $$SELECT ‹1›;$$; └── PostCommitNonRevertiblePhase ├── Stage 1 of 2 in PostCommitNonRevertiblePhase - │ ├── 14 elements transitioning toward ABSENT + │ ├── 15 elements transitioning toward ABSENT │ │ ├── PUBLIC → ABSENT Owner:{DescID: 105 (t-)} │ │ ├── PUBLIC → ABSENT UserPrivileges:{DescID: 105 (t-), Name: "admin"} + │ │ ├── PUBLIC → ABSENT UserPrivileges:{DescID: 105 (t-), Name: "public"} │ │ ├── PUBLIC → ABSENT UserPrivileges:{DescID: 105 (t-), Name: "root"} │ │ ├── DESCRIPTOR_ADDED → DROPPED Function:{DescID: 105 (t-)} │ │ ├── PUBLIC → ABSENT SchemaChild:{DescID: 105 (t-), ReferencedDescID: 101 (#101)} @@ -27,7 +28,7 @@ Schema change plan for rolling back CREATE UNIQUE INDEX ‹idx› ON ‹defaultd │ │ ├── WRITE_ONLY → DELETE_ONLY TemporaryIndex:{DescID: 104 (t), IndexID: 3, ConstraintID: 3, SourceIndexID: 1 (t_pkey)} │ │ ├── PUBLIC → ABSENT IndexColumn:{DescID: 104 (t), ColumnID: 2 (b), IndexID: 3} │ │ └── PUBLIC → ABSENT IndexColumn:{DescID: 104 (t), ColumnID: 1 (a), IndexID: 3} - │ └── 16 Mutation operations + │ └── 17 Mutation operations │ ├── MakeWriteOnlyIndexDeleteOnly {"IndexID":3,"TableID":104} │ ├── RemoveColumnFromIndex {"ColumnID":2,"IndexID":3,"TableID":104} │ ├── RemoveColumnFromIndex {"ColumnID":1,"IndexID":3,"Kind":1,"TableID":104} @@ -40,6 +41,7 @@ Schema change plan for rolling back CREATE UNIQUE INDEX ‹idx› ON ‹defaultd │ ├── SetIndexName {"IndexID":2,"Name":"crdb_internal_in...","TableID":104} │ ├── NotImplementedForPublicObjects {"DescID":105,"ElementType":"scpb.Owner"} │ ├── RemoveUserPrivileges {"DescriptorID":105,"User":"admin"} + │ ├── RemoveUserPrivileges {"DescriptorID":105,"User":"public"} │ ├── RemoveUserPrivileges {"DescriptorID":105,"User":"root"} │ ├── SetJobStateOnDescriptor {"DescriptorID":104} │ ├── SetJobStateOnDescriptor {"DescriptorID":105} diff --git a/pkg/sql/schemachanger/testdata/end_to_end/create_function_in_txn/create_function_in_txn__rollback_7_of_7.explain b/pkg/sql/schemachanger/testdata/end_to_end/create_function_in_txn/create_function_in_txn__rollback_7_of_7.explain index 2654742869b5..b1b6009677ce 100644 --- a/pkg/sql/schemachanger/testdata/end_to_end/create_function_in_txn/create_function_in_txn__rollback_7_of_7.explain +++ b/pkg/sql/schemachanger/testdata/end_to_end/create_function_in_txn/create_function_in_txn__rollback_7_of_7.explain @@ -12,9 +12,10 @@ Schema change plan for rolling back CREATE UNIQUE INDEX ‹idx› ON ‹defaultd AS $$SELECT ‹1›;$$; └── PostCommitNonRevertiblePhase ├── Stage 1 of 2 in PostCommitNonRevertiblePhase - │ ├── 14 elements transitioning toward ABSENT + │ ├── 15 elements transitioning toward ABSENT │ │ ├── PUBLIC → ABSENT Owner:{DescID: 105 (t-)} │ │ ├── PUBLIC → ABSENT UserPrivileges:{DescID: 105 (t-), Name: "admin"} + │ │ ├── PUBLIC → ABSENT UserPrivileges:{DescID: 105 (t-), Name: "public"} │ │ ├── PUBLIC → ABSENT UserPrivileges:{DescID: 105 (t-), Name: "root"} │ │ ├── DESCRIPTOR_ADDED → DROPPED Function:{DescID: 105 (t-)} │ │ ├── PUBLIC → ABSENT SchemaChild:{DescID: 105 (t-), ReferencedDescID: 101 (#101)} @@ -27,7 +28,7 @@ Schema change plan for rolling back CREATE UNIQUE INDEX ‹idx› ON ‹defaultd │ │ ├── TRANSIENT_DELETE_ONLY → ABSENT TemporaryIndex:{DescID: 104 (t), IndexID: 3, ConstraintID: 3, SourceIndexID: 1 (t_pkey)} │ │ ├── PUBLIC → ABSENT IndexColumn:{DescID: 104 (t), ColumnID: 2 (b), IndexID: 3} │ │ └── PUBLIC → ABSENT IndexColumn:{DescID: 104 (t), ColumnID: 1 (a), IndexID: 3} - │ └── 16 Mutation operations + │ └── 17 Mutation operations │ ├── MakeWriteOnlyIndexDeleteOnly {"IndexID":2,"TableID":104} │ ├── RemoveColumnFromIndex {"ColumnID":2,"IndexID":2,"TableID":104} │ ├── RemoveColumnFromIndex {"ColumnID":1,"IndexID":2,"Kind":1,"TableID":104} @@ -40,6 +41,7 @@ Schema change plan for rolling back CREATE UNIQUE INDEX ‹idx› ON ‹defaultd │ ├── MakeIndexAbsent {"IndexID":3,"TableID":104} │ ├── NotImplementedForPublicObjects {"DescID":105,"ElementType":"scpb.Owner"} │ ├── RemoveUserPrivileges {"DescriptorID":105,"User":"admin"} + │ ├── RemoveUserPrivileges {"DescriptorID":105,"User":"public"} │ ├── RemoveUserPrivileges {"DescriptorID":105,"User":"root"} │ ├── SetJobStateOnDescriptor {"DescriptorID":104} │ ├── SetJobStateOnDescriptor {"DescriptorID":105} diff --git a/pkg/sql/schemachanger/testdata/end_to_end/create_function_in_txn/create_function_in_txn__statement_1_of_2.explain b/pkg/sql/schemachanger/testdata/end_to_end/create_function_in_txn/create_function_in_txn__statement_1_of_2.explain index 2c9ad1e47eeb..5c05c8080c38 100644 --- a/pkg/sql/schemachanger/testdata/end_to_end/create_function_in_txn/create_function_in_txn__statement_1_of_2.explain +++ b/pkg/sql/schemachanger/testdata/end_to_end/create_function_in_txn/create_function_in_txn__statement_1_of_2.explain @@ -10,19 +10,21 @@ Schema change plan for CREATE FUNCTION ‹defaultdb›.‹public›.‹t›() AS $$SELECT ‹1›;$$; ├── StatementPhase │ └── Stage 1 of 1 in StatementPhase - │ ├── 7 elements transitioning toward PUBLIC + │ ├── 8 elements transitioning toward PUBLIC │ │ ├── ABSENT → PUBLIC Function:{DescID: 105 (t+)} │ │ ├── ABSENT → PUBLIC SchemaChild:{DescID: 105 (t+), ReferencedDescID: 101 (public)} │ │ ├── ABSENT → PUBLIC FunctionName:{DescID: 105 (t+)} │ │ ├── ABSENT → PUBLIC Owner:{DescID: 105 (t+)} │ │ ├── ABSENT → PUBLIC UserPrivileges:{DescID: 105 (t+), Name: "admin"} + │ │ ├── ABSENT → PUBLIC UserPrivileges:{DescID: 105 (t+), Name: "public"} │ │ ├── ABSENT → PUBLIC UserPrivileges:{DescID: 105 (t+), Name: "root"} │ │ └── ABSENT → PUBLIC FunctionBody:{DescID: 105 (t+)} - │ └── 10 Mutation operations + │ └── 11 Mutation operations │ ├── CreateFunctionDescriptor {"Function":{"FunctionID":105}} │ ├── SetFunctionName {"FunctionID":105,"Name":"t"} │ ├── UpdateOwner {"Owner":{"DescriptorID":105,"Owner":"root"}} │ ├── UpdateUserPrivileges {"Privileges":{"DescriptorID":105,"Privileges":2,"UserName":"admin","WithGrantOption":2}} + │ ├── UpdateUserPrivileges {"Privileges":{"DescriptorID":105,"Privileges":1048576,"UserName":"public"}} │ ├── UpdateUserPrivileges {"Privileges":{"DescriptorID":105,"Privileges":2,"UserName":"root","WithGrantOption":2}} │ ├── SetFunctionBody {"Body":{"Body":"SELECT 1;","FunctionID":105}} │ ├── UpdateFunctionTypeReferences {"FunctionID":105} @@ -31,30 +33,33 @@ Schema change plan for CREATE FUNCTION ‹defaultdb›.‹public›.‹t›() │ └── MarkDescriptorAsPublic {"DescriptorID":105} └── PreCommitPhase ├── Stage 1 of 2 in PreCommitPhase - │ ├── 7 elements transitioning toward PUBLIC + │ ├── 8 elements transitioning toward PUBLIC │ │ ├── PUBLIC → ABSENT Function:{DescID: 105 (t+)} │ │ ├── PUBLIC → ABSENT SchemaChild:{DescID: 105 (t+), ReferencedDescID: 101 (public)} │ │ ├── PUBLIC → ABSENT FunctionName:{DescID: 105 (t+)} │ │ ├── PUBLIC → ABSENT Owner:{DescID: 105 (t+)} │ │ ├── PUBLIC → ABSENT UserPrivileges:{DescID: 105 (t+), Name: "admin"} + │ │ ├── PUBLIC → ABSENT UserPrivileges:{DescID: 105 (t+), Name: "public"} │ │ ├── PUBLIC → ABSENT UserPrivileges:{DescID: 105 (t+), Name: "root"} │ │ └── PUBLIC → ABSENT FunctionBody:{DescID: 105 (t+)} │ └── 1 Mutation operation │ └── UndoAllInTxnImmediateMutationOpSideEffects └── Stage 2 of 2 in PreCommitPhase - ├── 7 elements transitioning toward PUBLIC + ├── 8 elements transitioning toward PUBLIC │ ├── ABSENT → PUBLIC Function:{DescID: 105 (t+)} │ ├── ABSENT → PUBLIC SchemaChild:{DescID: 105 (t+), ReferencedDescID: 101 (public)} │ ├── ABSENT → PUBLIC FunctionName:{DescID: 105 (t+)} │ ├── ABSENT → PUBLIC Owner:{DescID: 105 (t+)} │ ├── ABSENT → PUBLIC UserPrivileges:{DescID: 105 (t+), Name: "admin"} + │ ├── ABSENT → PUBLIC UserPrivileges:{DescID: 105 (t+), Name: "public"} │ ├── ABSENT → PUBLIC UserPrivileges:{DescID: 105 (t+), Name: "root"} │ └── ABSENT → PUBLIC FunctionBody:{DescID: 105 (t+)} - └── 10 Mutation operations + └── 11 Mutation operations ├── CreateFunctionDescriptor {"Function":{"FunctionID":105}} ├── SetFunctionName {"FunctionID":105,"Name":"t"} ├── UpdateOwner {"Owner":{"DescriptorID":105,"Owner":"root"}} ├── UpdateUserPrivileges {"Privileges":{"DescriptorID":105,"Privileges":2,"UserName":"admin","WithGrantOption":2}} + ├── UpdateUserPrivileges {"Privileges":{"DescriptorID":105,"Privileges":1048576,"UserName":"public"}} ├── UpdateUserPrivileges {"Privileges":{"DescriptorID":105,"Privileges":2,"UserName":"root","WithGrantOption":2}} ├── SetFunctionBody {"Body":{"Body":"SELECT 1;","FunctionID":105}} ├── UpdateFunctionTypeReferences {"FunctionID":105} diff --git a/pkg/sql/schemachanger/testdata/end_to_end/create_function_in_txn/create_function_in_txn__statement_2_of_2.explain b/pkg/sql/schemachanger/testdata/end_to_end/create_function_in_txn/create_function_in_txn__statement_2_of_2.explain index 1711d04ce56b..3b1ca4ca30fd 100644 --- a/pkg/sql/schemachanger/testdata/end_to_end/create_function_in_txn/create_function_in_txn__statement_2_of_2.explain +++ b/pkg/sql/schemachanger/testdata/end_to_end/create_function_in_txn/create_function_in_txn__statement_2_of_2.explain @@ -31,9 +31,10 @@ Schema change plan for CREATE UNIQUE INDEX ‹idx› ON ‹defaultdb›.‹publi │ └── AddColumnToIndex {"ColumnID":1,"IndexID":3,"Kind":1,"TableID":104} ├── PreCommitPhase │ ├── Stage 1 of 2 in PreCommitPhase - │ │ ├── 12 elements transitioning toward PUBLIC + │ │ ├── 13 elements transitioning toward PUBLIC │ │ │ ├── PUBLIC → ABSENT Owner:{DescID: 105 (t+)} │ │ │ ├── PUBLIC → ABSENT UserPrivileges:{DescID: 105 (t+), Name: "admin"} + │ │ │ ├── PUBLIC → ABSENT UserPrivileges:{DescID: 105 (t+), Name: "public"} │ │ │ ├── PUBLIC → ABSENT UserPrivileges:{DescID: 105 (t+), Name: "root"} │ │ │ ├── PUBLIC → ABSENT Function:{DescID: 105 (t+)} │ │ │ ├── PUBLIC → ABSENT SchemaChild:{DescID: 105 (t+), ReferencedDescID: 101 (public)} @@ -51,9 +52,10 @@ Schema change plan for CREATE UNIQUE INDEX ‹idx› ON ‹defaultdb›.‹publi │ │ └── 1 Mutation operation │ │ └── UndoAllInTxnImmediateMutationOpSideEffects │ └── Stage 2 of 2 in PreCommitPhase - │ ├── 12 elements transitioning toward PUBLIC + │ ├── 13 elements transitioning toward PUBLIC │ │ ├── ABSENT → PUBLIC Owner:{DescID: 105 (t+)} │ │ ├── ABSENT → PUBLIC UserPrivileges:{DescID: 105 (t+), Name: "admin"} + │ │ ├── ABSENT → PUBLIC UserPrivileges:{DescID: 105 (t+), Name: "public"} │ │ ├── ABSENT → PUBLIC UserPrivileges:{DescID: 105 (t+), Name: "root"} │ │ ├── ABSENT → DESCRIPTOR_ADDED Function:{DescID: 105 (t+)} │ │ ├── ABSENT → PUBLIC SchemaChild:{DescID: 105 (t+), ReferencedDescID: 101 (public)} @@ -68,7 +70,7 @@ Schema change plan for CREATE UNIQUE INDEX ‹idx› ON ‹defaultdb›.‹publi │ │ ├── ABSENT → DELETE_ONLY TemporaryIndex:{DescID: 104 (t), IndexID: 3, ConstraintID: 3, SourceIndexID: 1 (t_pkey)} │ │ ├── ABSENT → PUBLIC IndexColumn:{DescID: 104 (t), ColumnID: 2 (b), IndexID: 3} │ │ └── ABSENT → PUBLIC IndexColumn:{DescID: 104 (t), ColumnID: 1 (a), IndexID: 3} - │ └── 21 Mutation operations + │ └── 22 Mutation operations │ ├── CreateFunctionDescriptor {"Function":{"FunctionID":105}} │ ├── SetFunctionName {"FunctionID":105,"Name":"t"} │ ├── SetFunctionBody {"Body":{"Body":"SELECT 1;","FunctionID":105}} @@ -85,6 +87,7 @@ Schema change plan for CREATE UNIQUE INDEX ‹idx› ON ‹defaultdb›.‹publi │ ├── AddColumnToIndex {"ColumnID":1,"IndexID":3,"Kind":1,"TableID":104} │ ├── UpdateOwner {"Owner":{"DescriptorID":105,"Owner":"root"}} │ ├── UpdateUserPrivileges {"Privileges":{"DescriptorID":105,"Privileges":2,"UserName":"admin","WithGrantOption":2}} + │ ├── UpdateUserPrivileges {"Privileges":{"DescriptorID":105,"Privileges":1048576,"UserName":"public"}} │ ├── UpdateUserPrivileges {"Privileges":{"DescriptorID":105,"Privileges":2,"UserName":"root","WithGrantOption":2}} │ ├── SetObjectParentID {"ObjParent":{"ChildObjectID":105,"SchemaID":101}} │ ├── SetJobStateOnDescriptor {"DescriptorID":104,"Initialize":true} diff --git a/pkg/sql/schemachanger/testdata/end_to_end/drop_function/drop_function.explain b/pkg/sql/schemachanger/testdata/end_to_end/drop_function/drop_function.explain index 69901b3c551d..e722ed7f4759 100644 --- a/pkg/sql/schemachanger/testdata/end_to_end/drop_function/drop_function.explain +++ b/pkg/sql/schemachanger/testdata/end_to_end/drop_function/drop_function.explain @@ -24,9 +24,10 @@ EXPLAIN (DDL) DROP FUNCTION f; Schema change plan for DROP FUNCTION ‹""›.‹""›.‹f›; ├── StatementPhase │ └── Stage 1 of 1 in StatementPhase - │ ├── 10 elements transitioning toward ABSENT + │ ├── 11 elements transitioning toward ABSENT │ │ ├── PUBLIC → ABSENT Owner:{DescID: 109 (f-)} │ │ ├── PUBLIC → ABSENT UserPrivileges:{DescID: 109 (f-), Name: "admin"} + │ │ ├── PUBLIC → ABSENT UserPrivileges:{DescID: 109 (f-), Name: "public"} │ │ ├── PUBLIC → ABSENT UserPrivileges:{DescID: 109 (f-), Name: "root"} │ │ ├── PUBLIC → DROPPED Function:{DescID: 109 (f-)} │ │ ├── PUBLIC → ABSENT SchemaChild:{DescID: 109 (f-), ReferencedDescID: 101 (public)} @@ -35,7 +36,7 @@ Schema change plan for DROP FUNCTION ‹""›.‹""›.‹f›; │ │ ├── PUBLIC → ABSENT FunctionLeakProof:{DescID: 109 (f-)} │ │ ├── PUBLIC → ABSENT FunctionNullInputBehavior:{DescID: 109 (f-)} │ │ └── PUBLIC → ABSENT FunctionBody:{DescID: 109 (f-)} - │ └── 11 Mutation operations + │ └── 12 Mutation operations │ ├── MarkDescriptorAsDropped {"DescriptorID":109} │ ├── RemoveObjectParent {"ObjectID":109,"ParentSchemaID":101} │ ├── NotImplementedForPublicObjects {"DescID":109,"ElementType":"scpb.FunctionNam..."} @@ -46,12 +47,14 @@ Schema change plan for DROP FUNCTION ‹""›.‹""›.‹f›; │ ├── RemoveBackReferencesInRelations {"BackReferencedID":109} │ ├── NotImplementedForPublicObjects {"DescID":109,"ElementType":"scpb.Owner"} │ ├── RemoveUserPrivileges {"DescriptorID":109,"User":"admin"} + │ ├── RemoveUserPrivileges {"DescriptorID":109,"User":"public"} │ └── RemoveUserPrivileges {"DescriptorID":109,"User":"root"} ├── PreCommitPhase │ ├── Stage 1 of 2 in PreCommitPhase - │ │ ├── 10 elements transitioning toward ABSENT + │ │ ├── 11 elements transitioning toward ABSENT │ │ │ ├── ABSENT → PUBLIC Owner:{DescID: 109 (f-)} │ │ │ ├── ABSENT → PUBLIC UserPrivileges:{DescID: 109 (f-), Name: "admin"} + │ │ │ ├── ABSENT → PUBLIC UserPrivileges:{DescID: 109 (f-), Name: "public"} │ │ │ ├── ABSENT → PUBLIC UserPrivileges:{DescID: 109 (f-), Name: "root"} │ │ │ ├── DROPPED → PUBLIC Function:{DescID: 109 (f-)} │ │ │ ├── ABSENT → PUBLIC SchemaChild:{DescID: 109 (f-), ReferencedDescID: 101 (public)} @@ -63,9 +66,10 @@ Schema change plan for DROP FUNCTION ‹""›.‹""›.‹f›; │ │ └── 1 Mutation operation │ │ └── UndoAllInTxnImmediateMutationOpSideEffects │ └── Stage 2 of 2 in PreCommitPhase - │ ├── 10 elements transitioning toward ABSENT + │ ├── 11 elements transitioning toward ABSENT │ │ ├── PUBLIC → ABSENT Owner:{DescID: 109 (f-)} │ │ ├── PUBLIC → ABSENT UserPrivileges:{DescID: 109 (f-), Name: "admin"} + │ │ ├── PUBLIC → ABSENT UserPrivileges:{DescID: 109 (f-), Name: "public"} │ │ ├── PUBLIC → ABSENT UserPrivileges:{DescID: 109 (f-), Name: "root"} │ │ ├── PUBLIC → DROPPED Function:{DescID: 109 (f-)} │ │ ├── PUBLIC → ABSENT SchemaChild:{DescID: 109 (f-), ReferencedDescID: 101 (public)} @@ -74,7 +78,7 @@ Schema change plan for DROP FUNCTION ‹""›.‹""›.‹f›; │ │ ├── PUBLIC → ABSENT FunctionLeakProof:{DescID: 109 (f-)} │ │ ├── PUBLIC → ABSENT FunctionNullInputBehavior:{DescID: 109 (f-)} │ │ └── PUBLIC → ABSENT FunctionBody:{DescID: 109 (f-)} - │ └── 18 Mutation operations + │ └── 19 Mutation operations │ ├── MarkDescriptorAsDropped {"DescriptorID":109} │ ├── RemoveObjectParent {"ObjectID":109,"ParentSchemaID":101} │ ├── NotImplementedForPublicObjects {"DescID":109,"ElementType":"scpb.FunctionNam..."} @@ -85,6 +89,7 @@ Schema change plan for DROP FUNCTION ‹""›.‹""›.‹f›; │ ├── RemoveBackReferencesInRelations {"BackReferencedID":109} │ ├── NotImplementedForPublicObjects {"DescID":109,"ElementType":"scpb.Owner"} │ ├── RemoveUserPrivileges {"DescriptorID":109,"User":"admin"} + │ ├── RemoveUserPrivileges {"DescriptorID":109,"User":"public"} │ ├── RemoveUserPrivileges {"DescriptorID":109,"User":"root"} │ ├── SetJobStateOnDescriptor {"DescriptorID":104,"Initialize":true} │ ├── SetJobStateOnDescriptor {"DescriptorID":105,"Initialize":true} diff --git a/pkg/sql/schemachanger/testdata/end_to_end/drop_function/drop_function.side_effects b/pkg/sql/schemachanger/testdata/end_to_end/drop_function/drop_function.side_effects index 53860694bbad..1e98d1b5b33a 100644 --- a/pkg/sql/schemachanger/testdata/end_to_end/drop_function/drop_function.side_effects +++ b/pkg/sql/schemachanger/testdata/end_to_end/drop_function/drop_function.side_effects @@ -40,7 +40,7 @@ write *eventpb.DropFunction to event log: statement: DROP FUNCTION ‹""›.‹""›.‹f› tag: DROP FUNCTION user: root -## StatementPhase stage 1 of 1 with 11 MutationType ops +## StatementPhase stage 1 of 1 with 12 MutationType ops upsert descriptor #101 schema: - functions: @@ -144,7 +144,7 @@ upsert descriptor #109 ## PreCommitPhase stage 1 of 2 with 1 MutationType op undo all catalog changes within txn #1 persist all catalog changes to storage -## PreCommitPhase stage 2 of 2 with 18 MutationType ops +## PreCommitPhase stage 2 of 2 with 19 MutationType ops upsert descriptor #101 schema: - functions: diff --git a/pkg/sql/sem/builtins/pg_builtins.go b/pkg/sql/sem/builtins/pg_builtins.go index 0b54d1d1f101..8462694f78c4 100644 --- a/pkg/sql/sem/builtins/pg_builtins.go +++ b/pkg/sql/sem/builtins/pg_builtins.go @@ -2191,7 +2191,7 @@ var pgBuiltins = map[string]builtinDefinition{ ReturnType: tree.FixedReturnType(types.Name), Body: ` SELECT - CASE WHEN length($1::text || '_' || $2::text) > 64 + CASE WHEN length($1::text || '_' || $2::text) > 63 THEN (substring($1 from 1 for 63 - length($2::text) - 1) || '_' || $2::text)::name ELSE ($1::text || '_' || $2::text)::name END