search

cockroachdb / cockroach

CockroachDB — the cloud native, distributed SQL database designed for high availability, effortless scale, and control over data placement.
https://www.cockroachlabs.com
Other
29.88k stars 3.77k forks source link

crosscluster/logical: sharpen access to DLQ table #129738

Open navsetlur opened 2 weeks ago

navsetlur commented 2 weeks ago

Follow up to #128940.

As a V1 (for 24.3): the job should grant all privileges to the user that began the LDR job, who already had the replication privilege (basically admin). The only con to this approach is if two different users began an LDR job on the same table-- it would be a surprise that both have access to the shared DLQ table.

For a V2 (past 24.3): we can create a new LOGICAL_REPLICATION Role that a user is required to have to create an LDR job and to observe the shared DLQ table. If both users have the same role, it is less of surprise that both can observe the dlq.

Jira issue: CRDB-41696

blathers-crl[bot] commented 2 weeks ago

cc @cockroachdb/disaster-recovery

navsetlur commented 2 weeks ago

CC: @msbutler

navsetlur commented 2 weeks ago

Will tackle this after discussing in triage

navsetlur commented 1 week ago

This will require more discussions with the Foundations team.