Function mz_adapter::rbac::generate_read_privileges

source ·

fn generate_read_privileges(
    catalog: &impl SessionCatalog,
    ids: impl Iterator<Item = GlobalId>,
    role_id: RoleId
) -> Vec<(SystemObjectId, AclMode, RoleId)>

Expand description

Generates all the privileges required to execute a read that includes the objects in ids.

Not only do we need to validate that role_id has read privileges on all relations in ids, but if any object is a view or materialized view then we need to validate that the owner of that view has all of the privileges required to execute the query within the view.

For more details see: https://www.postgresql.org/docs/15/rules-privileges.html