You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
cockroachdb/cockroach#72123 --- Release note (sql change): If the WITH GRANT OPTION flag is present when granting privileges to a user, then that user is able to grant those same privileges to subsequent users; otherwise, they cannot. If the GRANT OPTION FOR flag is present when revoking privileges from a user, then only the ability the grant those privileges is revoked from that user, not the privileges themselves (otherwise both the privileges and the ability to grant those privileges are revoked). This behavior is consistent with Postgres. For example, let's say we have a user named Alice who is the admin of a database that contains a table named t. If she wanted to give read access to Bob on t but did not want him to be able to give that privilege to anyone else, she could do this with the command 'GRANT SELECT ON TABLE t TO bob'. However, if she wanted Bob to be able to give the SELECT privilege on table t to other users, she would grant him the ability to do so with the command 'GRANT SELECT ON TABLE t TO bob WITH GRANT OPTION'. If Alice changed her mind and decided she did not want Bob to have the ability to grant read access on table t to other users (but she still wanted Bob himself to have read access on table t), she could revoke his ability to do so with the command 'REVOKE GRANT OPTION FOR SELECT ON TABLE t FROM bob'. Alternatively, she could omit the flag and do 'REVOKE SELECT ON TABLE t FROM bob' to remove Bob's read access on table t in addition to his ability to grant read access to other users.
Exalate commented:
cockroachdb/cockroach#72123 --- Release note (sql change): If the WITH GRANT OPTION flag is present when granting privileges to a user, then that user is able to grant those same privileges to subsequent users; otherwise, they cannot. If the GRANT OPTION FOR flag is present when revoking privileges from a user, then only the ability the grant those privileges is revoked from that user, not the privileges themselves (otherwise both the privileges and the ability to grant those privileges are revoked). This behavior is consistent with Postgres. For example, let's say we have a user named Alice who is the admin of a database that contains a table named t. If she wanted to give read access to Bob on t but did not want him to be able to give that privilege to anyone else, she could do this with the command 'GRANT SELECT ON TABLE t TO bob'. However, if she wanted Bob to be able to give the SELECT privilege on table t to other users, she would grant him the ability to do so with the command 'GRANT SELECT ON TABLE t TO bob WITH GRANT OPTION'. If Alice changed her mind and decided she did not want Bob to have the ability to grant read access on table t to other users (but she still wanted Bob himself to have read access on table t), she could revoke his ability to do so with the command 'REVOKE GRANT OPTION FOR SELECT ON TABLE t FROM bob'. Alternatively, she could omit the flag and do 'REVOKE SELECT ON TABLE t FROM bob' to remove Bob's read access on table t in addition to his ability to grant read access to other users.
Jira Issue: DOC-2105
Jira Issue: DOC-4136
The text was updated successfully, but these errors were encountered: