Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sql/schemachanger: require table ownership for RLS DDL operations #143158

Merged
merged 1 commit into from
Mar 20, 2025
Merged

sql/schemachanger: require table ownership for RLS DDL operations #143158

merged 1 commit into from
Mar 20, 2025
+89 −1

Conversation

spilchen
Copy link
Contributor

Previously, executing row-level security (RLS) DDL statements (e.g., CREATE POLICY, DROP POLICY) required only the CREATE privilege. This change updates the requirement so that only the table owner can perform these operations, aligning with postgres' behaviour.

Closes #143080

Epic: CRDB-45203
Release note: none

@spilchen
sql/schemachanger: require table ownership for RLS DDL operations
474d6c2 
Previously, executing row-level security (RLS) DDL statements (e.g.,
CREATE POLICY, DROP POLICY) required only the CREATE privilege. This
change updates the requirement so that only the table owner can perform
these operations, aligning with postgres' behaviour.

Closes cockroachdb#143080

Epic: CRDB-45203
Release note: none
@spilchen spilchen self-assigned this Mar 19, 2025
@spilchen spilchen requested a review from a team as a code owner March 19, 2025 20:06
@cockroach-teamcity
Copy link
Member

This change is Reviewable

rafiss
rafiss approved these changes Mar 19, 2025
View reviewed changes
Copy link
Collaborator

@rafiss rafiss left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 3 of 3 files at r1, all commit messages.
Reviewable status: :shipit: complete! 0 of 0 LGTMs obtained (waiting on @spilchen)

@spilchen
Copy link
Contributor Author

TFTR!

bors r+

craig bot pushed a commit that referenced this pull request Mar 20, 2025
@spilchen
Merge #143158
f5d2176 
143158: sql/schemachanger: require table ownership for RLS DDL operations r=spilchen a=spilchen

Previously, executing row-level security (RLS) DDL statements (e.g., CREATE POLICY, DROP POLICY) required only the CREATE privilege. This change updates the requirement so that only the table owner can perform these operations, aligning with postgres' behaviour.

Closes #143080

Epic: CRDB-45203
Release note: none

Co-authored-by: Matt Spilchen <[email protected]>
@craig
Copy link
Contributor

craig bot commented Mar 20, 2025

Build failed:

@spilchen
Copy link
Contributor Author

bors retry

@craig
Copy link
Contributor

craig bot commented Mar 20, 2025

Build succeeded:

@craig craig bot merged commit 5df7d98 into cockroachdb:master Mar 20, 2025
24 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rafiss rafiss rafiss approved these changes

Assignees

@spilchen spilchen

Labels
target-release-25.2.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

sql: only table owner should be allowed to change RLS attributes of a table
3 participants
@spilchen @cockroach-teamcity @rafiss