Skip to content

Commit

Permalink
rbac: Update view owner privilege docs (#22425)
Browse files Browse the repository at this point in the history 
This commit updates the docs that specify the necessary privileges of a
view owner. Materialize has the following two properties:

- Whether a role is a superuser is associated with an active database
connection/session and it is not persisted anywhere in Materialize.
- In order for someone to query a view, the view owner must have the
necessary privileges to execute the view definition.

As a consequence of these two facts, if a superuser creates a view, then
they must explicitly be granted the privileges to execute the view
definition. When another user tries to query the view, there's no way to
know that the view owner is a superuser and shouldn't need explicit
privileges.
  • Loading branch information
@jkosh44
jkosh44 authored Oct 17, 2023
1 parent 508f193 commit f45bf4c
Show file tree
Hide file tree
Showing 6 changed files with 12 additions and 6 deletions.
3 changes: 2 additions & 1 deletion doc/user/content/sql/copy-to.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ The privileges required to execute this statement are:
- `USAGE` privileges on the schemas that all relations and types in the query are contained in.
- `SELECT` privileges on all relations in the query.
- NOTE: if any item is a view, then the view owner must also have the necessary privileges to
execute the view definition.
execute the view definition. Even if the view owner is an admin, they still must explicitly be
granted the necessary privileges.
- `USAGE` privileges on all types used in the query.
- `USAGE` privileges on the active cluster.
3 changes: 2 additions & 1 deletion doc/user/content/sql/delete.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,8 @@ The privileges required to execute this statement are:
- `DELETE` privileges on `table_name`.
- `SELECT` privileges on all relations in the query.
- NOTE: if any item is a view, then the view owner must also have the necessary privileges to
execute the view definition.
execute the view definition. Even if the view owner is an admin, they still must explicitly be
granted the necessary privileges.
- `USAGE` privileges on all types used in the query.
- `USAGE` privileges on the active cluster.

Expand Down
3 changes: 2 additions & 1 deletion doc/user/content/sql/insert.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,8 @@ The privileges required to execute this statement are:
- `INSERT` privileges on `table_name`.
- `SELECT` privileges on all relations in the query.
- NOTE: if any item is a view, then the view owner must also have the necessary privileges to
execute the view definition.
execute the view definition. Even if the view owner is an admin, they still must explicitly be
granted the necessary privileges.
- `USAGE` privileges on all types used in the query.
- `USAGE` privileges on the active cluster.

Expand Down
3 changes: 2 additions & 1 deletion doc/user/content/sql/select.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -236,7 +236,8 @@ The privileges required to execute this statement are:
- `USAGE` privileges on the schemas that all relations and types in the query are contained in.
- `SELECT` privileges on all relations in the query.
- NOTE: if any item is a view, then the view owner must also have the necessary privileges to
execute the view definition.
execute the view definition. Even if the view owner is an admin, they still must explicitly be
granted the necessary privileges.
- `USAGE` privileges on all types used in the query.
- `USAGE` privileges on the active cluster.

Expand Down
3 changes: 2 additions & 1 deletion doc/user/content/sql/subscribe.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -526,6 +526,7 @@ The privileges required to execute this statement are:
- `USAGE` privileges on the schemas that all relations and types in the query are contained in.
- `SELECT` privileges on all relations in the query.
- NOTE: if any item is a view, then the view owner must also have the necessary privileges to
execute the view definition.
execute the view definition. Even if the view owner is an admin, they still must explicitly be
granted the necessary privileges.
- `USAGE` privileges on all types used in the query.
- `USAGE` privileges on the active cluster.
3 changes: 2 additions & 1 deletion doc/user/content/sql/update.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,8 @@ The privileges required to execute this statement are:
- `UPDATE` privileges on `table_name`.
- `SELECT` privileges on all relations in the query.
- NOTE: if any item is a view, then the view owner must also have the necessary privileges to
execute the view definition.
execute the view definition. Even if the view owner is an admin, they still must explicitly be
granted the necessary privileges.
- `USAGE` privileges on all types used in the query.
- `USAGE` privileges on the active cluster.

Expand Down

0 comments on commit f45bf4c

Please sign in to comment.