release-26.2: backup: clear default privileges on database and schema descriptors during restore#166183
Conversation
During non-cluster restore, default privileges on database descriptors were carried over verbatim from the backup, potentially referencing users that don't exist on the target cluster. Clear them alongside regular privileges, which are already reset to defaults. Closes cockroachdb#164961 Epic: none Release note (bug fix): Fixed a bug where restoring a database backup containing default privileges referencing non-existent users would leave dangling user references in the restored database descriptor. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…store Extend the previous fix to also clear default privileges on schema descriptors during non-cluster restore. Schemas can also carry default privileges referencing users that don't exist on the target cluster. Release note: None Epic: none Co-Authored-By: roachdev-claude <roachdev-claude-bot@cockroachlabs.com>
spilchen
force-pushed
the
blathers/backport-release-26.2-165997
branch
from
5cadad9 to
d3c2cdf
Compare
blathers-crl
bot
added
blathers-backport
|
This backport targets 26.2, which is an End-of-Life (EOL) version. Please verify that backporting to this EOL version is intentional and appropriate. EOL versions no longer receive maintenance updates according to our support policy. Thanks for opening a backport. Before merging, please confirm that the change does not break backwards compatibility and otherwise complies with the backport policy. Include a brief release justification in the PR description explaining why the backport is appropriate. All backports must be reviewed by the TL for the owning area. While the stricter LTS policy does not yet apply, please exercise judgment and consider gating non-critical changes behind a disabled-by-default feature flag when appropriate. |
blathers-crl
bot
added
backport
|
This change is |
|
hey @andrew-r-thomas , could you give this PR a close read to ensure it doesn't affect your restore with grants work? in addition, perhaps we should write a test to understand how restore with grants interacts with default privs. |
|
@msbutler currently restore with grants leaves default privs completely untouched (and in fact my |
|
@andrew-r-thomas let me be a bit more specific: suppose user I think what you're saying is that even with |
5 participants
Backport 2/2 commits from #165997 on behalf of @spilchen.
During non-cluster restore, default privileges on database descriptors were carried over verbatim from the backup, potentially referencing users that don't exist on the target cluster. Clear them alongside regular privileges, which are already reset to defaults.
The second commit extends the first fix to also clear default privileges on schema
descriptors during non-cluster restore. Schemas can also carry default
privileges referencing users that don't exist on the target cluster.
Closes #164961
Epic: none
Release note (bug fix): Fixed a bug where restoring a database backup containing default privileges referencing non-existent users would leave dangling user references in the restored database descriptor.
Release justification: fix GA blocker