Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: support privilege management #54

Closed
wants to merge 10 commits into from
Closed

feat: support privilege management #54

wants to merge 10 commits into from

Conversation

dl239
Copy link
Collaborator

@dl239 dl239 commented Feb 21, 2024
edited
Loading

support the following syntax:

GRANT priv_type ON [object_type] priv_level TO user_or_role[, user_or_role] [WITH GRANT OPTION]

REVOKE [IF EXISTS] priv_type ON [object_type] priv_level FROM user_or_role[, user_or_role]

SHOW GRANTS;

@dl239 dl239 marked this pull request as ready for review March 4, 2024 12:39
@dl239 dl239 requested a review from aceforeverd March 5, 2024 08:09
aceforeverd
aceforeverd reviewed Mar 5, 2024
View reviewed changes
zetasql/parser/bison_parser.y Show resolved Hide resolved
zetasql/parser/bison_parser.y Outdated Show resolved Hide resolved
zetasql/parser/bison_parser.y Show resolved Hide resolved
zetasql/parser/bison_parser.y
@@ -7648,6 +7766,7 @@ keyword_as_identifier:
| "RETURNS"
| "RETURN"
| "REVOKE"
| "ROLE"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pg merge user and group into single role, user just role with LOGIN attribute. This have many advantages, ref https://stackoverflow.com/a/8499491

allow groups to have groups as members

the ACL code would be simplified

the GRANT/REVOKE syntax and the display format for ACL lists could be simplified, since there'd be no need for a syntactic marker as to whether a given name is a user or a group.

In some circumstances I could see it making sense to allow logging in directly as a group/role/whatchacallit

This would also solve the problem that information_schema views will show only owned objects

[makes it easier to] representing privileges granted to groups [since you'd simply reuse the role related code?]

At least simplification make sense, e.g the privilege list. Consider ?

aceforeverd
aceforeverd reviewed Mar 6, 2024
View reviewed changes
zetasql/parser/ast_node_kind.h Outdated Show resolved Hide resolved
zetasql/parser/bison_parser.y Show resolved Hide resolved
aceforeverd
aceforeverd reviewed Mar 6, 2024
View reviewed changes
zetasql/parser/bison_parser.y
{
$$ = parser->MakeIdentifier(@1, parser->GetInputText(@1));
}
| "ALTER" "USER"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just concern about extensibility.

Those two word privileges do require parser update for every new privilege, or it better to replace e.g 'CREATE USER' to 'CREATEUSER'.

Anyway you can reserve some common parts of the two words privileges, as synonyms. MySQL dialect is ugly :(

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

combine the two words looks more strange. how to set as synonyms

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not parser side, but privilege impl. Just point it out here

@aceforeverd
Copy link
Collaborator

refactored in #57 @dl239

@aceforeverd aceforeverd mentioned this pull request Mar 11, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aceforeverd aceforeverd aceforeverd left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dl239 @aceforeverd