sql: add CANCELQUERY role option #52578
Assignees
Labels
A-sql-privileges
SQL privilege handling and permission checks.
C-enhancement
Solution expected to add code/behavior + preserve backward-compat (pg compat issues are exception)
Comments
solongordon
added
C-enhancement
10 tasks
solongordon
added a commit
to solongordon/cockroach
that referenced
this issue
Aug 23, 2020
Release note (sql change): Introduced a new CANCELQUERY role option. This grants non-admin roles the ability to cancel other users' queries and sessions. Note that non-admins are not allowed to cancel admins' queries or sessions. Release note (bug fix): Admin users are now permitted to cancel other users' queries and sessions. Previously only the root user was allowed to do so. Fixes cockroachdb#52578 Fixes cockroachdb#52579 Fixes cockroachdb#53277
craig bot
pushed a commit
that referenced
this issue
Aug 24, 2020
51561: pkg: skip TestCheckConsistencyInconsistent on short r=andreimatei a=andreimatei
Takes 30s on my machine.
Release note: None
53209: cmd/skip-test: make skip test functionality r=jordanlewis a=otan
Added a command that automatically skip tests. Example invocation:
```
./bin/skip-test 'TestStoreGossipSystemData'
From github.com:cockroachdb/cockroach
* branch master -> FETCH_HEAD
Switched to a new branch 'skip-test-TestStoreGossipSystemData'
"kv/kvserver: TestStoreGossipSystemData failed"
diff -u old/pkg/kv/kvserver/client_lease_test.go new/pkg/kv/kvserver/client_lease_test.go
--- old/pkg/kv/kvserver/client_lease_test.go 2020-08-21 09:47:17.000000000 -0700
+++ new/pkg/kv/kvserver/client_lease_test.go 2020-08-21 09:47:17.000000000 -0700
@@ -30,6 +30,7 @@
"github.com/cockroachdb/cockroach/pkg/roachpb"
"github.com/cockroachdb/cockroach/pkg/server"
"github.com/cockroachdb/cockroach/pkg/testutils"
+ "github.com/cockroachdb/cockroach/pkg/testutils/skip"
"github.com/cockroachdb/cockroach/pkg/testutils/testcluster"
"github.com/cockroachdb/cockroach/pkg/util/leaktest"
"github.com/cockroachdb/cockroach/pkg/util/log"
@@ -91,7 +92,7 @@
// data is gossiped at startup.
func TestStoreGossipSystemData(t *testing.T) {
defer leaktest.AfterTest(t)()
-skip.WithIssue(t, 53012, "generated by bin/skip-test")
+ skip.WithIssue(t, 53012, "generated by bin/skip-test")
defer log.Scope(t).Close(t)
zcfg := zonepb.DefaultZoneConfig()
[skip-test-TestStoreGossipSystemData 21b8e0fe84] kv/kvserver: skip pkg/kv/kvserver/client_lease_test.go
1 file changed, 2 insertions(+)
Enumerating objects: 11, done.
Counting objects: 100% (11/11), done.
Delta compression using up to 16 threads
Compressing objects: 100% (6/6), done.
Writing objects: 100% (6/6), 622 bytes | 622.00 KiB/s, done.
Total 6 (delta 5), reused 0 (delta 0), pack-reused 0
remote: Resolving deltas: 100% (5/5), completed with 5 local objects.
To github.com:otan-cockroach/cockroach.git
+ a814ee4ae6...21b8e0fe84 skip-test-TestStoreGossipSystemData -> skip-test-TestStoreGossipSystemData (forced update)
Switched to branch 'skip-test'
```
Release note: None
53291: sql: add VIEWACTIVITY and CANCELQUERY role options r=solongordon a=solongordon
Release note (sql change): Introduced a new VIEWACTIVITY role option.
This grants non-admin roles the ability to see other users' sessions and
queries through the following means:
- SHOW SESSIONS
- SHOW QUERIES
- the WebUI Statements page
Release note (sql change): Introduced a new CANCELQUERY role option.
This grants non-admin roles the ability to cancel other users' queries
and sessions. Note that non-admins are not allowed to cancel admins'
queries or sessions.
Release note (bug fix): Admin users are now permitted to cancel other
users' queries and sessions. Previously only the root user was allowed
to do so.
Fixes #52578
Fixes #52579
Fixes #53277
53309: sql: remove some old aliases r=ajwerner a=ajwerner
Picking up the scraps of the some of the rename work.
Release note: None
53330: sql: remove experimental_partial_indexes setting and disallow inverted partial indexes r=mgartner a=mgartner
#### sql: disallow inverted partial indexes
Inverted partial indexes are not fully supported. This commit disallows
them from being created.
Fixes #52025
Release note: None
#### sql: removes experimental_partial_indexes setting
This commit removes the `experimental_partial_indexes` session and
cluster setting, now that partial indexes are supported.
Fixes #50217
Release note: None
53336: roachtest/cdc: add retries to curl r=dt a=otan
Release note: None
Co-authored-by: Andrei Matei <[email protected]>
Co-authored-by: Oliver Tan <[email protected]>
Co-authored-by: Solon Gordon <[email protected]>
Co-authored-by: Andrew Werner <[email protected]>
Co-authored-by: Marcus Gartner <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is a new role option which allows a non-admin user to cancel queries of other users. Without this privilege, users can only cancel their own queries. Even with this privilege, non-admins cannot cancel admin queries.
The text was updated successfully, but these errors were encountered: