cockroachdb · rafiss · Aug 30, 2023 · Aug 28, 2023
@@ -6279,7 +6279,7 @@ privileges:
   }
 | privilege_list
   {
-     privList, err := privilege.ListFromStrings($1.nameList().ToStrings())
+     privList, err := privilege.ListFromStrings($1.nameList().ToStrings(), privilege.OriginFromUserInput)
      if err != nil {
        return setErr(sqllex, err)
      }

@@ -942,3 +942,11 @@ ALTER DEFAULT PRIVILEGES FOR ALL ROLES REVOKE SELECT ON TABLES  FROM foo, bar --
 ALTER DEFAULT PRIVILEGES FOR ALL ROLES REVOKE SELECT ON TABLES  FROM foo, bar -- fully parenthesized
 ALTER DEFAULT PRIVILEGES FOR ALL ROLES REVOKE SELECT ON TABLES  FROM foo, bar -- literals removed
 ALTER DEFAULT PRIVILEGES FOR ALL ROLES REVOKE SELECT ON TABLES  FROM _, _ -- identifiers removed
+
+error
+ALTER DEFAULT PRIVILEGES FOR ALL ROLES GRANT CREATE, UNKNOWN_PRIV ON TYPES TO SESSION_USER WITH GRANT OPTION
+----
+at or near "on": syntax error: not a valid privilege: "unknown_priv"
+DETAIL: source SQL:
+ALTER DEFAULT PRIVILEGES FOR ALL ROLES GRANT CREATE, UNKNOWN_PRIV ON TYPES TO SESSION_USER WITH GRANT OPTION
+                                                                  ^
@@ -596,3 +596,11 @@ DETAIL: source SQL:
 REVOKE SELECT ON ROLE foo, bar FROM blix
                       ^
 HINT: try \h REVOKE
+
+error
+GRANT CREATE, UNKNOWN_PRIV ON TABLE foo TO testuser
+----
+at or near "on": syntax error: not a valid privilege: "unknown_priv"
+DETAIL: source SQL:
+GRANT CREATE, UNKNOWN_PRIV ON TABLE foo TO testuser
+                           ^
@@ -336,18 +336,38 @@ func PrivilegesFromBitFields(
 	return ret, nil
 }
 
+// Origin indicates the origin of the privileges being parsed in
+// ListFromStrings.
+type Origin bool
+
+const (
+	// OriginFromUserInput indicates that the privilege name came from user
+	// input and should be validated to make sure it refers to a real privilege.
+	OriginFromUserInput Origin = false
+
+	// OriginFromSystemTable indicates that the privilege name came from a
+	// system table and should be ignored if it does not refer to a real
+	// privilege.
+	OriginFromSystemTable Origin = true
+)
+
 // ListFromStrings takes a list of strings and attempts to build a list of Kind.
 // We convert each string to uppercase and search for it in the ByName map.
-// If an entry is not found in ByName, it is ignored.
-func ListFromStrings(strs []string) (List, error) {
+// If an entry is not found in ByName, it is either ignored or reports an error
+// depending on the purpose.
+func ListFromStrings(strs []string, origin Origin) (List, error) {
 	ret := make(List, len(strs))
 	for i, s := range strs {
 		k, ok := ByName[strings.ToUpper(s)]
 		if !ok {
-			// Ignore an unknown privilege name. This is so that it is possible to
-			// backport new privileges onto older release branches, without causing
-			// mixed-version compatibility issues.
-			continue
+			// Ignore an unknown privilege name if it came from a system table. This
+			// is so that it is possible to backport new privileges onto older release
+			// branches, without causing mixed-version compatibility issues.
+			if origin == OriginFromSystemTable {
+				continue
+			} else if origin == OriginFromUserInput {
+				return nil, errors.Errorf("not a valid privilege: %q", s)
+			}
 		}
 		ret[i] = k
 	}

diff --git a/pkg/sql/syntheticprivilegecache/accumulator.go b/pkg/sql/syntheticprivilegecache/accumulator.go
@@ -50,11 +50,11 @@ func (s *accumulator) addRow(path, user tree.DString, privArr, grantOptionArr *t
 	for _, elem := range grantOptionArr.Array {
 		grantOptionStrings = append(grantOptionStrings, string(tree.MustBeDString(elem)))
 	}
-	privs, err := privilege.ListFromStrings(privilegeStrings)
+	privs, err := privilege.ListFromStrings(privilegeStrings, privilege.OriginFromSystemTable)
 	if err != nil {
 		return err
 	}
-	grantOptions, err := privilege.ListFromStrings(grantOptionStrings)
+	grantOptions, err := privilege.ListFromStrings(grantOptionStrings, privilege.OriginFromSystemTable)
 	if err != nil {
 		return err
 	}