mz_deploy::project::compiler::object_validation::references

Function validate_grant_references

pub(super) fn validate_grant_references(
    fqn: &FullyQualifiedName,
    grants: &[GrantPrivilegesStatement<Raw>],
    offsets: &[usize],
    main_ident: &DatabaseIdent,
    main_object_type: ObjectType,
    errors: &mut Vec<ValidationError>,
)

Expand description

Validates that all GRANT statements reference the main object with the correct type.

Ensures that:

Every grant targets the object defined in the same file
The object type in the GRANT matches the actual object type
Only supported grant types are used (no SYSTEM grants, no ALL TABLES IN SCHEMA)

§Object Type Handling

Materialize’s GRANT syntax has specific requirements:

Tables, views, materialized views, and sources all use GRANT ... ON TABLE
Other objects (connections, secrets, sinks) use their specific type

§Supported Grants

GRANT ... ON TABLE - for tables, views, materialized views, sources
GRANT ... ON CONNECTION - for connections
GRANT ... ON SECRET - for secrets
GRANT ... ON SINK - for sinks

§Example

Valid:

CREATE TABLE users (...);
GRANT SELECT ON TABLE users TO analyst_role;

Invalid:

CREATE TABLE users (...);
GRANT SELECT ON orders TO analyst_role;  -- wrong object

validate_grant_references

Function validate_grant_references Copy item path

§Object Type Handling

§Supported Grants

§Example

Function validate_grant_references