sql: GRANT gets confused when username argument is not normalized #65556

keith-mcclellan · 2021-05-21T13:09:33Z

Describe the problem

usernames are supposed to be case insensitive. Grant seems to be case sensitive.

To Reproduce

What did you do? Describe in your own words.

CREATE USER "v-root-keycloak-ruKOXLtxBFOd6iO473d7-1621531073" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}';
GRANT ALL ON DATABASE keycloak TO "v-root-keycloak-ruKOXLtxBFOd6iO473d7-1621531073";

* 1 error occurred:
* pq: user or role "v-root-keycloak-ruKOXLtxBFOd6iO473d7-1621531073" does not exist

show users
username options member_of
admin {}
dba {admin}
root {admin}
v-root-keycloak-rukoxltxbfod6io473d7-1621531073 VALID UNTIL=2022-01-25 10:10:10.555555+00:00 {}

Expected behavior
GRANT should succeed because usernames are case-insensitive.

Environment:

CockroachDB v21.1.0

Additional context
What was the impact?
A partner at Red Hat is working on Vault/Keycloak integration for customers to have a solution to manage users and permissions.

Epic CRDB-7217

The text was updated successfully, but these errors were encountered:

rafiss · 2021-05-21T15:28:16Z

this relates to #54696 as well

67625: sql: GRANT/REVOKE treat names case insensitively r=RichardJCai a=rafiss fixes #65556 Release note (bug fix): Previously the GRANT and REVOKE commands would incorrectly handle role names. CockroachDB treats role names as case insensitive, but these commands were incorrectly handling the names. Now, GRANT and REVOKE normalize the names and are case-insensitive. 67821: sql: removed pg_stat exclusion for pg_catalog r=rafiss a=mnovelodou Previously, we excluded pg_stat* tables from difftool This was inadequate because we were unable to add missing empty tables To address this, this patch removes the exclusion Release note: None Co-authored-by: Rafi Shamim <[email protected]> Co-authored-by: MiguelNovelo <[email protected]>

keith-mcclellan added the C-bug Code not up to spec/doc, specs & docs deemed correct. Solution expected to change code/behavior. label May 21, 2021

knz added the A-security label May 21, 2021

knz added the A-sql-privileges SQL privilege handling and permission checks. label May 21, 2021

knz changed the title ~~Can't grant permissions to user with mixed-case in username~~ sql: GRANT gets confused when username argument is not normalized May 21, 2021

rafiss added the T-sql-foundations SQL Foundations Team (formerly SQL Schema + SQL Sessions) label May 21, 2021

jlinder added the T-server-and-security DB Server & Security label Jun 16, 2021

rafiss assigned arulajmani Jun 16, 2021

rafiss mentioned this issue Jul 14, 2021

sql: GRANT/REVOKE treat names case insensitively #67625

Merged

rafiss assigned rafiss and unassigned arulajmani Jul 20, 2021

craig bot closed this as completed in d81b01c Jul 22, 2021

blathers-crl bot mentioned this issue Jul 22, 2021

release-21.1: sql: GRANT/REVOKE treat names case insensitively #67901

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

sql: GRANT gets confused when username argument is not normalized #65556

sql: GRANT gets confused when username argument is not normalized #65556

keith-mcclellan commented May 21, 2021 •

edited by elinorgarcia

Loading

rafiss commented May 21, 2021

sql: GRANT gets confused when username argument is not normalized #65556

sql: GRANT gets confused when username argument is not normalized #65556

Comments

keith-mcclellan commented May 21, 2021 • edited by elinorgarcia Loading

rafiss commented May 21, 2021

keith-mcclellan commented May 21, 2021 •

edited by elinorgarcia

Loading