Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sql, security: use stable IDs to key internal user information #76079

Closed
rafiss opened this issue Feb 4, 2022 · 1 comment
Closed

sql, security: use stable IDs to key internal user information #76079

rafiss opened this issue Feb 4, 2022 · 1 comment
Assignees
@Fenil-P
Labels
A-security C-enhancement Solution expected to add code/behavior + preserve backward-compat (pg compat issues are exception) T-sql-foundations SQL Foundations Team (formerly SQL Schema + SQL Sessions)

Comments

@rafiss
Copy link
Collaborator

rafiss commented Feb 4, 2022
edited by exalate-issue-sync bot
Loading

Is your feature request related to a problem? Please describe.
Currently all internal per-user information is keyed by the username. This is not ideal because it makes it difficult to rename a user without breaking things. It's also not ideal because usernames can be considered personal data, but we need to use them in many places in logging.

Currently known places that use username keys: system.users, system.role_options, system.database_role_settings, privilege descriptors, descriptor owner field.

Note: Possibly more places. Please research before trying to complete this issue!

Describe the solution you'd like

  • A long-running migration to give existing users IDs, possible an ID based on a hash of the current username.
  • Use the IDs to key all the above places.
  • Users created going forward get randomly generated IDs.

Describe alternatives you've considered
N/A

Additional context
relates to #50821

Jira issue: CRDB-12968

Epic CRDB-14475
@rafiss rafiss added C-enhancement Solution expected to add code/behavior + preserve backward-compat (pg compat issues are exception) A-security labels Feb 4, 2022
@blathers-crl blathers-crl bot added the T-sql-foundations SQL Foundations Team (formerly SQL Schema + SQL Sessions) label Feb 4, 2022
@rafiss
Copy link
Collaborator Author

rafiss commented Mar 29, 2022

closing this in favor of #78963 which has more detail

@rafiss rafiss closed this as completed Mar 29, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Fenil-P Fenil-P

Labels
A-security C-enhancement Solution expected to add code/behavior + preserve backward-compat (pg compat issues are exception) T-sql-foundations SQL Foundations Team (formerly SQL Schema + SQL Sessions)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rafiss @Fenil-P