static RESTRICT_TO_USER_OBJECTS_ALLOWED_OIDS: LazyLock<BTreeSet<u32>>Expand description
System catalog objects exempted from check_restrict_to_user_objects.
The mz_mcp_data_product* views are how the MCP agent endpoint
discovers data products; blocking them defeats the isolation model.
mz_show_my_cluster_privileges is joined by read_data_product to
check cluster USAGE (it replaces a has_cluster_privilege call whose
body referenced mz_roles) and only exposes the session role’s own
privileges.