Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sql: only table owner should be allowed to change RLS attributes of a table #143080

Closed
Tracked by #73596
spilchen opened this issue Mar 18, 2025 · 0 comments · Fixed by #143158
Closed
Tracked by #73596

sql: only table owner should be allowed to change RLS attributes of a table #143080

spilchen opened this issue Mar 18, 2025 · 0 comments · Fixed by #143158
Assignees
@spilchen
Labels
A-sql-privileges SQL privilege handling and permission checks. C-enhancement Solution expected to add code/behavior + preserve backward-compat (pg compat issues are exception) T-sql-foundations SQL Foundations Team (formerly SQL Schema + SQL Sessions) target-release-25.2.0

Comments

@spilchen
Copy link
Contributor

spilchen commented Mar 18, 2025
edited
Loading

In postgres, only the superuser or the table owner is allowed to perform the following operations on a table:

  • CREATE POLICY
  • DROP POLICY
  • ALTER POLICY
  • ALTER TABLE ... * ROW LEVEL SECURITY

Our implementation is more permissive, requiring only the CREATE privilege. This issue was opened to align our behavior with postgres by ensuring that these operations are restricted to the table owner.

If you attempt any of the above commands in postgres, you get the following error:

postgres=> create policy p1 on t2;
ERROR:  must be owner of table t2
postgres=> alter table t2 enable row level security;
ERROR:  must be owner of table t2
postgres=> alter policy p1 on t2 rename to new_p1;
ERROR:  must be owner of table t2
postgres=> drop policy p1 on t2;
ERROR:  must be owner of relation t2

Jira issue: CRDB-48648
@spilchen spilchen added A-sql-privileges SQL privilege handling and permission checks. C-enhancement Solution expected to add code/behavior + preserve backward-compat (pg compat issues are exception) T-sql-foundations SQL Foundations Team (formerly SQL Schema + SQL Sessions) labels Mar 18, 2025
@spilchen spilchen mentioned this issue Mar 18, 2025
Open
35 tasks
spilchen added a commit to spilchen/cockroach that referenced this issue Mar 19, 2025
@spilchen
sql/schemachanger: require table ownership for RLS DDL operations
474d6c2 
Previously, executing row-level security (RLS) DDL statements (e.g.,
CREATE POLICY, DROP POLICY) required only the CREATE privilege. This
change updates the requirement so that only the table owner can perform
these operations, aligning with postgres' behaviour.

Closes cockroachdb#143080

Epic: CRDB-45203
Release note: none
@spilchen spilchen mentioned this issue Mar 19, 2025
Merged
craig bot pushed a commit that referenced this issue Mar 20, 2025
@spilchen
Merge #143158
f5d2176 
143158: sql/schemachanger: require table ownership for RLS DDL operations r=spilchen a=spilchen

Previously, executing row-level security (RLS) DDL statements (e.g., CREATE POLICY, DROP POLICY) required only the CREATE privilege. This change updates the requirement so that only the table owner can perform these operations, aligning with postgres' behaviour.

Closes #143080

Epic: CRDB-45203
Release note: none

Co-authored-by: Matt Spilchen <[email protected]>
craig bot pushed a commit that referenced this issue Mar 20, 2025
@dcrosta @spilchen
Merge #142900 #143158
5df7d98 
142900: use github.com/cockroachdb/version instead of pkg/util/version r=dcrosta a=dcrosta

CRDB versions are not semantic versions [1], but the version library was designed to work with & correctly handle semvers. This change adopts the version library from Cockroach Cloud (now extracted to its own shared repo) to:

* More-strictly validate actual, valid CockroachDB versions
* Correctly order actual CockroachDB versions [2]
* Add a MajorVersion type to capture & order CRDB major versions
* Remove the word "minor" from the Version type [1]

[1] The "minor" version -- the Y in vX.Y.Z -- does not carry the same meaning as in semver

[2] In particular, the "-cloudonly" release phase should sort after "-rc"; semver sorts these phases alphabetically, but we must not, in order to correctly order versions

Epic: None
Issue: RE-814
Release note: None

143158: sql/schemachanger: require table ownership for RLS DDL operations r=spilchen a=spilchen

Previously, executing row-level security (RLS) DDL statements (e.g., CREATE POLICY, DROP POLICY) required only the CREATE privilege. This change updates the requirement so that only the table owner can perform these operations, aligning with postgres' behaviour.

Closes #143080

Epic: CRDB-45203
Release note: none

Co-authored-by: Dan Crosta <[email protected]>
Co-authored-by: Matt Spilchen <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@spilchen spilchen

Labels
A-sql-privileges SQL privilege handling and permission checks. C-enhancement Solution expected to add code/behavior + preserve backward-compat (pg compat issues are exception) T-sql-foundations SQL Foundations Team (formerly SQL Schema + SQL Sessions) target-release-25.2.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

sql/schemachanger: require table ownership for RLS DDL operations spilchen/cockroach
1 participant
@spilchen