feat: Support GRANT/REVOKE on views with security semantics and tests#23469
feat: Support GRANT/REVOKE on views with security semantics and tests#23469gouhongshen wants to merge 26 commits intomatrixorigin:mainfrom
Conversation
PR Compliance Guide 🔍Below is a summary of compliance checks for this PR:
Compliance status legend🟢 - Fully Compliant🟡 - Partial Compliant 🔴 - Not Compliant ⚪ - Requires Further Human Verification 🏷️ - Compliance label |
||||||||||||||||||||||||||||||
PR Code Suggestions ✨Explore these optional code suggestions:
|
|||||||||||||||||
User description
What type of PR is this?
Which issue(s) this PR fixes:
issue ##23232
What this PR does / why we need it:
PR Type
Enhancement, Tests
Description
Add VIEW as first-class privilege object with GRANT/REVOKE support
Implement view lineage tracking in plan nodes for authorization checks
Enforce SQL SECURITY DEFINER/INVOKER semantics for view access
Fix privilege extraction for INSERT/UPDATE/DELETE statement paths
Add comprehensive BVT test cases for view grant/revoke operations
Diagram Walkthrough
flowchart LR A["View Privilege Request"] --> B["Extract View Lineage<br/>from Plan Nodes"] B --> C["Check View Privilege"] C --> D{SQL SECURITY<br/>Type?} D -->|DEFINER| E["Verify Definer<br/>Base Table Privileges"] D -->|INVOKER| F["Verify Invoker<br/>Base Table Privileges"] E --> G["Grant/Revoke<br/>Execution"] F --> G H["System Views<br/>information_schema/mysql"] --> I["Skip View Checks<br/>Read-Only"]File Walkthrough
10 files
Add view privilege object type and enforcement logicImplement view privilege verification with security semanticsRecord view security type in plan metadataTrack view lineage in plan nodes during bindingAdd view lineage fields to plan structuresPropagate view chain context through bind contextsDeep copy view lineage fields in plan nodesAdd view_security_type session variableAdd VIEW to object type string representationAdd origin_views and direct_view fields to plan nodes12 files
Add unit tests for GRANT/REVOKE on viewsUpdate test fixtures with security type fieldUpdate test fixtures with security type fieldAdd security type to mock view definitionsAdd BVT tests for basic view grant/revoke operationsAdd expected results for view grant BVT testsAdd BVT tests for view grants on non-system tenantsAdd expected results for non-system tenant view grant testsAdd complex BVT tests for multi-level role inheritanceAdd expected results for complex view grant scenariosUpdate error messages to include view object typeUpdate error messages to include view object type1 files
Fix protobuf comment formatting1 files
Document final design and implementation of view grants1 files