Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a cluster setting to prevent GRANT OPTION from being passed down #124376

Open
dikshant opened this issue May 18, 2024 · 0 comments
Open

Add a cluster setting to prevent GRANT OPTION from being passed down #124376

dikshant opened this issue May 18, 2024 · 0 comments
Labels
A-sql-privileges SQL privilege handling and permission checks. C-enhancement Solution expected to add code/behavior + preserve backward-compat (pg compat issues are exception) T-sql-foundations SQL Foundations Team (formerly SQL Schema + SQL Sessions)
Projects
SQL Foundations

Comments

@dikshant
Copy link

dikshant commented May 18, 2024
edited by exalate-issue-sync bot

Users granted a privilege with WITH GRANT OPTION can in turn grant that privilege to others. The owner of an object implicitly has the GRANT OPTION for all privileges, and the GRANT OPTION is inherited through role memberships. This behavior is not always desireable for customers looking to exercise strict control over how privileges are inherited. We should add a cluster setting to prevent this behavior.

Something like:

SET CLUSTER SETTING sql.auth.disable_grant_option_inheritance='true';

Jira issue: CRDB-38851

Epic CRDB-37763
@dikshant dikshant added C-enhancement Solution expected to add code/behavior + preserve backward-compat (pg compat issues are exception) A-sql-privileges SQL privilege handling and permission checks. T-sql-foundations SQL Foundations Team (formerly SQL Schema + SQL Sessions) labels May 18, 2024
@blathers-crl blathers-crl bot added this to Triage in SQL Foundations May 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-sql-privileges SQL privilege handling and permission checks. C-enhancement Solution expected to add code/behavior + preserve backward-compat (pg compat issues are exception) T-sql-foundations SQL Foundations Team (formerly SQL Schema + SQL Sessions)
Projects
SQL Foundations
  
Triage
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dikshant