Comments (7)
Just by looking at the behaviours, the objects seem to be not analyzed. There will be more variations around this but I would presume a single fix will address all.
from crate.
I am pretty sure at least for schemas this is intentional, as they are not explicitly created and therefore a user would need to have access to a schema before the first object within it exists.
(Personally I'd prefer for schemas to also be explicitly created)
from crate.
I don't have a clear opinion if this is a bug or a desired behavior.
A bit related, need to test, what happens if you attempt to restore users/roles & their privileges to a new cluster, if the tables/views/schemas are not still there? Maybe it can be handy for such cases to prepare the users/roles & privileges (manually, or with saved statements) before the DB objects are created. Additionally, agreeing with @proddata, since currently we don't have empty schemas, (always need to have the 1st table created within them, and we dont' have a DROP SCHEMA
stmt), seems valid to be able to assign privileges to a schema that doesn't exist.
On the other, hand it is weird to select from sys.privileges and see privs for object not existing on the cluster.
from crate.
I am pretty sure at least for schemas this is intentional, as they are not explicitly created and therefore a user would need to have access to a schema before the first object within it exists.
(Personally I'd prefer for schemas to also be explicitly created)
I'm guessing that after: #11939, we can consider implementing the explicit creation/dropping of schemas.
from crate.
After discussion we decided to treat this as an improvement, rather than a bug fix.
from crate.
Some extra info, currently you can restore USERMANAGEMENT, and the privileges are there even though the objects are not:
cr> RESTORE SNAPSHOT repo.snap1 USERMANAGEMENT;
RESTORE OK, 1 row affected (0.052 sec)
cr> select * from sys.privileges;
+-------+---------+---------+-------+-------+------+
| class | grantee | grantor | ident | state | type |
+-------+---------+---------+-------+-------+------+
| TABLE | matriv | crate | doc.t | GRANT | DML |
+-------+---------+---------+-------+-------+------+
SELECT 1 row in set (0.003 sec)
cr> select * from t;
RelationUnknown[Relation 't' unknown]
If we go ahead to implement throw errors when trying to grant privs on non-existing objects, this will contradict with the restore privs behavior.
from crate.
I would maintain the current behavior until we decide to explicitly create schemas. Once we do, we can more closely link privileges to objects and potentially drop privileges if the associated object no longer exists.
from crate.
Related Issues (20)
- Unexpected results when using `OBJECT` nulls HOT 1
- Add CLI tool to recover a corrupted shard HOT 1
- Inconsistent type mapping when trying to insert scalar and array value for sub-column in `VALUES` statement. HOT 1
- Unexpected results when matching empty string with indexing disabled HOT 2
- Unexpected result when querying partitioned table with null values HOT 2
- Filtering by `= ALL` on float types does not work HOT 2
- Performance of returning a large number of rows HOT 9
- Filtering by `LIKE ANY` with array of regexes does not work HOT 5
- Support for reading and writing using DuckDBs postgres extension HOT 4
- Cluster-Level JWT Configuration HOT 2
- Benchmarks for per-column stored values HOT 5
- Unexpected result when querying partitioned table with `CASE WHEN`
- Unexpected result when using bigint in `ORDER BY` HOT 2
- CrateDB 4.2bis: HTTP bulk operations and error handling with INSERT statements HOT 10
- Only allow RHS of `LIKE ANY` to be patterns HOT 2
- Conflicting column definitions accepted in OBJECT(DYNAMIC) HOT 1
- Casting to NUMERIC from TEXT returns wrong results HOT 3
- Show error messages in result array for failed bulk inserts via HTTP endpoint HOT 1
- Unexpected result when using `ARRAY(TEXT)` in `IN` HOT 2
- Expose Type Mapping for Object Columns in System Tables (e.g., information_schema.columns) HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from crate.