VIEWACTIVITY does not allow retrieval of statement bundles

data-matt commented 1 month ago

Describe the problem

Please describe the issue you observed, and any steps we can take to reproduce it:

A user granted the VIEWACTIVITY system privilege is supposed to be able to retrieve a statement bundle.

To Reproduce

Granted the VIEWSYSTEMTABLE privilege to workaround.

Here is the steps:

./cockroach sql --certs-dir=certs

root@localhost:26257/defaultdb> create user va with password 'va';                                                                                                                                                                              
CREATE ROLE

Time: 2.095s total (execution 2.095s / network 0.000s)

root@localhost:26257/defaultdb> grant system viewactivity to va;                                                                                                                                                                                
GRANT

Time: 1.806s total (execution 1.806s / network 0.000s)

root@localhost:26257/defaultdb> \q

./cockroach sql --certs-dir=certs --user=va
#
# Welcome to the CockroachDB SQL shell.
# All statements must be terminated by a semicolon.
# To exit, type: \q.
#
Connecting to server "localhost:26257" as user "va".
Enter password: 
# Server version: CockroachDB CCL v23.2.7 (x86_64-apple-darwin19, built 2024/06/27 15:50:37, go1.21.10 X:nocoverageredesign) (same version as client)
# Cluster ID: a43c2afb-3c96-4d54-a507-bb61be024de9
#
# Enter \? for a brief introduction.
#
va@localhost:26257/defaultdb> create table t1 ( c1 uuid, c2 string );                                                                                                                                                                           
CREATE TABLE

Time: 200ms total (execution 199ms / network 0ms)

va@localhost:26257/defaultdb> insert into t1 values ( gen_random_uuid(), 'wow text here');                                                                                                                                                      
INSERT 0 1

Time: 234ms total (execution 233ms / network 0ms)

va@localhost:26257/defaultdb> insert into t1 values ( gen_random_uuid(), 'wow text here');                                                                                                                                                      
INSERT 0 1

Time: 65ms total (execution 65ms / network 0ms)

va@localhost:26257/defaultdb> insert into t1 values ( gen_random_uuid(), 'wow text here');                                                                                                                                                      
INSERT 0 1

Time: 68ms total (execution 68ms / network 0ms)

va@localhost:26257/defaultdb> insert into t1 values ( gen_random_uuid(), 'wow text here');                                                                                                                                                      
INSERT 0 1

Time: 82ms total (execution 81ms / network 0ms)

-- BROKEN

./cockroach sql --certs-dir=certs

-- From here we can retrieve statement bundle
root@localhost:26257/defaultdb> grant system viewsystemtable to va;                                                                                                                                                                             
GRANT

Time: 1.586s total (execution 1.586s / network 0.000s)

Expected behavior A clear and concise description of what you expected to happen.

Additional data / screenshots

If applicable, add screenshots to help explain your problem.

Environment: