Skip to content

sql: deprecate "GRANT" privilege #73065

New issue
New issue
Closed
#74210
Closed
sql: deprecate "GRANT" privilege#73065
#74210
Labels
C-enhancementSolution expected to add code/behavior + preserve backward-compat (pg compat issues are exception)T-sql-foundationsSQL Foundations Team (formerly SQL Schema + SQL Sessions)
@jackcwu

Description

@jackcwu
jackcwu
opened on Nov 22, 2021

CockroachDB currently has "GRANT" as one of its privileges, which serves as a way to indicate whether a user is able to grant any of the privileges it possesses to another user. However, this is a temporary placeholder for grant options and does not exist as a valid privilege in Postgres (https://www.postgresql.org/docs/14/sql-grant.html)

The addition of the grant options feature (#72123) will be added in version 22.1 and will effectively replace the need for "GRANT"; therefore, the "GRANT" privilege should be deprecated.

In 22.1, the following should happen:

  1. A long-running migration that turns all existing GRANT privileges into GRANT options on whichever privileges the user currently has.
  2. Granting the GRANT privilege should result in a notice saying that the GRANT privilege is deprecated. But if this command is executed, it should give the GRANT option for each privilege the user currently has.
  3. Privilege checks for granting privileges should only be based on the GRANT option.

Epic CRDB-2587

Metadata

Metadata

Assignees

No one assigned

    Labels

    C-enhancementSolution expected to add code/behavior + preserve backward-compat (pg compat issues are exception)T-sql-foundationsSQL Foundations Team (formerly SQL Schema + SQL Sessions)

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions