sql: introduce INSPECT privilege

The planned `INSPECT` command demands an associated privilege. This
change adds the privilege at the table and database level.

Fixes: #148925
Epic: CRDB-30356

Release note: None.

Author: bghal

pkg/sql/catalog/catpb/privilege_test.go

@@ -87,6 +87,7 @@ func TestPrivilege(t *testing.T) {
 					{Kind: privilege.CREATE},
 					{Kind: privilege.DELETE},
 					{Kind: privilege.DROP},
+					{Kind: privilege.INSPECT},
 					{Kind: privilege.REPLICATIONDEST},
 					{Kind: privilege.REPLICATIONSOURCE},
 					{Kind: privilege.TRIGGER},
@@ -127,23 +128,21 @@ func TestPrivilege(t *testing.T) {
 			},
 			privilege.Type,
 		},
-		// Ensure revoking BACKUP, CHANGEFEED, CREATE, DROP, SELECT, INSERT, DELETE, UPDATE, ZONECONFIG
-		// from a user with ALL privilege on a table leaves the user with no privileges.
+		// Ensure revoking table privileges from a user with ALL
+		// privilege on a table leaves the user with no privileges.
 		{testUser,
 			privilege.List{privilege.ALL},
-			privilege.List{privilege.BACKUP, privilege.CHANGEFEED, privilege.CREATE, privilege.DROP, privilege.SELECT, privilege.INSERT,
-				privilege.DELETE, privilege.REPLICATIONDEST, privilege.REPLICATIONSOURCE, privilege.TRIGGER, privilege.UPDATE, privilege.ZONECONFIG},
+			privilege.TablePrivileges,
 			[]catpb.UserPrivilege{
 				{User: username.AdminRoleName(), Privileges: []privilege.Privilege{{Kind: privilege.ALL, GrantOption: true}}},
 			},
 			privilege.Table,
 		},
-		// Ensure revoking BACKUP, CONNECT, CREATE, DROP, SELECT, INSERT, DELETE, UPDATE, ZONECONFIG, RESTORE, CHANGEFEED
-		// from a user with ALL privilege on a database leaves the user with no privileges.
+		// Ensure revoking database privileges from a user with ALL privilege on
+		// a database leaves the user with no privileges.
 		{testUser,
 			privilege.List{privilege.ALL},
-			privilege.List{privilege.BACKUP, privilege.CONNECT, privilege.CREATE, privilege.DROP, privilege.SELECT,
-				privilege.INSERT, privilege.DELETE, privilege.UPDATE, privilege.ZONECONFIG, privilege.RESTORE, privilege.CHANGEFEED},
+			privilege.DBPrivileges,
 			[]catpb.UserPrivilege{
 				{User: username.AdminRoleName(), Privileges: []privilege.Privilege{{Kind: privilege.ALL, GrantOption: true}}},
 			},
@@ -617,7 +616,7 @@ func TestRevokeWithGrantOption(t *testing.T) {
 			true,
 			privilege.List{privilege.CREATE},
 			privilege.List{privilege.ALL},
-			privilege.List{privilege.BACKUP, privilege.CHANGEFEED, privilege.DROP, privilege.SELECT, privilege.INSERT, privilege.DELETE, privilege.REPLICATIONDEST, privilege.REPLICATIONSOURCE, privilege.TRIGGER, privilege.UPDATE, privilege.ZONECONFIG},
+			privilege.List{privilege.BACKUP, privilege.CHANGEFEED, privilege.DELETE, privilege.DROP, privilege.INSERT, privilege.INSPECT, privilege.REPLICATIONDEST, privilege.REPLICATIONSOURCE, privilege.SELECT, privilege.TRIGGER, privilege.UPDATE, privilege.ZONECONFIG},
 			false},
 		{catpb.NewPrivilegeDescriptor(testUser, privilege.List{privilege.ALL}, privilege.List{privilege.ALL}, username.AdminRoleName()),
 			testUser, privilege.Table,
@@ -651,8 +650,8 @@ func TestRevokeWithGrantOption(t *testing.T) {
 			testUser, privilege.Table,
 			false,
 			privilege.List{privilege.CREATE},
-			privilege.List{privilege.BACKUP, privilege.CHANGEFEED, privilege.DROP, privilege.SELECT, privilege.INSERT, privilege.DELETE, privilege.REPLICATIONDEST, privilege.REPLICATIONSOURCE, privilege.TRIGGER, privilege.UPDATE, privilege.ZONECONFIG},
-			privilege.List{privilege.BACKUP, privilege.CHANGEFEED, privilege.DROP, privilege.SELECT, privilege.INSERT, privilege.DELETE, privilege.REPLICATIONDEST, privilege.REPLICATIONSOURCE, privilege.TRIGGER, privilege.UPDATE, privilege.ZONECONFIG},
+			privilege.List{privilege.BACKUP, privilege.CHANGEFEED, privilege.DELETE, privilege.DROP, privilege.INSERT, privilege.INSPECT, privilege.REPLICATIONDEST, privilege.REPLICATIONSOURCE, privilege.SELECT, privilege.TRIGGER, privilege.UPDATE, privilege.ZONECONFIG},
+			privilege.List{privilege.BACKUP, privilege.CHANGEFEED, privilege.DELETE, privilege.DROP, privilege.INSERT, privilege.INSPECT, privilege.REPLICATIONDEST, privilege.REPLICATIONSOURCE, privilege.SELECT, privilege.TRIGGER, privilege.UPDATE, privilege.ZONECONFIG},
 			false},
 		{catpb.NewPrivilegeDescriptor(testUser, privilege.List{privilege.SELECT, privilege.INSERT}, privilege.List{privilege.INSERT}, username.AdminRoleName()),
 			testUser, privilege.Table,

pkg/sql/logictest/testdata/logic_test/alter_default_privileges_for_table

@@ -266,6 +266,7 @@ d              public       t8          testuser   CREATE             false
 d              public       t8          testuser   DELETE             false
 d              public       t8          testuser   DROP               false
 d              public       t8          testuser   INSERT             false
+d              public       t8          testuser   INSPECT            false
 d              public       t8          testuser   REPLICATIONDEST    false
 d              public       t8          testuser   REPLICATIONSOURCE  false
 d              public       t8          testuser   TRIGGER            false
@@ -277,6 +278,7 @@ d              public       t8          testuser2  CREATE             false
 d              public       t8          testuser2  DELETE             false
 d              public       t8          testuser2  DROP               false
 d              public       t8          testuser2  INSERT             false
+d              public       t8          testuser2  INSPECT            false
 d              public       t8          testuser2  REPLICATIONDEST    false
 d              public       t8          testuser2  REPLICATIONSOURCE  false
 d              public       t8          testuser2  TRIGGER            false

pkg/sql/logictest/testdata/logic_test/crdb_internal_default_privileges

@@ -554,6 +554,7 @@ test           NULL         root      false          tables       bar       ZONE
 test           NULL         root      false          tables       bar       TRIGGER            false
 test           NULL         root      false          tables       bar       REPLICATIONDEST    false
 test           NULL         root      false          tables       bar       REPLICATIONSOURCE  false
+test           NULL         root      false          tables       bar       INSPECT            false
 test           NULL         root      false          tables       foo       BACKUP             false
 test           NULL         root      false          tables       foo       CHANGEFEED         false
 test           NULL         root      false          tables       foo       CREATE             false
@@ -565,6 +566,7 @@ test           NULL         root      false          tables       foo       ZONE
 test           NULL         root      false          tables       foo       TRIGGER            false
 test           NULL         root      false          tables       foo       REPLICATIONDEST    false
 test           NULL         root      false          tables       foo       REPLICATIONSOURCE  false
+test           NULL         root      false          tables       foo       INSPECT            false
 test           NULL         root      false          tables       root      ALL                true
 test           NULL         root      false          sequences    root      ALL                true
 test           NULL         root      false          types        root      ALL                true

pkg/sql/logictest/testdata/logic_test/grant_database

@@ -61,13 +61,15 @@ a  readwrite  BACKUP      true
 a  readwrite  CHANGEFEED  true
 a  readwrite  CREATE      true
 a  readwrite  DROP        true
+a  readwrite  INSPECT     true
 a  readwrite  RESTORE     true
 a  readwrite  ZONECONFIG  true
 a  root       ALL         true
 a  test-user  BACKUP      true
 a  test-user  CHANGEFEED  true
 a  test-user  CREATE      true
 a  test-user  DROP        true
+a  test-user  INSPECT     true
 a  test-user  RESTORE     true
 a  test-user  ZONECONFIG  true
 
@@ -79,12 +81,14 @@ a  readwrite  BACKUP      true
 a  readwrite  CHANGEFEED  true
 a  readwrite  CREATE      true
 a  readwrite  DROP        true
+a  readwrite  INSPECT     true
 a  readwrite  RESTORE     true
 a  readwrite  ZONECONFIG  true
 a  test-user  BACKUP      true
 a  test-user  CHANGEFEED  true
 a  test-user  CREATE      true
 a  test-user  DROP        true
+a  test-user  INSPECT     true
 a  test-user  RESTORE     true
 a  test-user  ZONECONFIG  true
 
@@ -100,12 +104,14 @@ a  readwrite  BACKUP      true
 a  readwrite  CHANGEFEED  true
 a  readwrite  CREATE      true
 a  readwrite  DROP        true
+a  readwrite  INSPECT     true
 a  readwrite  RESTORE     true
 a  readwrite  ZONECONFIG  true
 a  root       ALL         true
 a  test-user  BACKUP      true
 a  test-user  CHANGEFEED  true
 a  test-user  DROP        true
+a  test-user  INSPECT     true
 a  test-user  RESTORE     true
 a  test-user  ZONECONFIG  true
 
@@ -120,6 +126,7 @@ a  readwrite  BACKUP      true
 a  readwrite  CHANGEFEED  true
 a  readwrite  CREATE      true
 a  readwrite  DROP        true
+a  readwrite  INSPECT     true
 a  readwrite  RESTORE     true
 a  readwrite  ZONECONFIG  true
 

pkg/sql/logictest/testdata/logic_test/grant_on_all_tables_in_schema

@@ -74,6 +74,7 @@ test           s            t            table        testuser   CREATE
 test           s            t            table        testuser   DELETE             false
 test           s            t            table        testuser   DROP               false
 test           s            t            table        testuser   INSERT             false
+test           s            t            table        testuser   INSPECT            false
 test           s            t            table        testuser   REPLICATIONDEST    false
 test           s            t            table        testuser   REPLICATIONSOURCE  false
 test           s            t            table        testuser   TRIGGER            false
@@ -85,6 +86,7 @@ test           s            t            table        testuser2  CREATE
 test           s            t            table        testuser2  DELETE             false
 test           s            t            table        testuser2  DROP               false
 test           s            t            table        testuser2  INSERT             false
+test           s            t            table        testuser2  INSPECT            false
 test           s            t            table        testuser2  REPLICATIONDEST    false
 test           s            t            table        testuser2  REPLICATIONSOURCE  false
 test           s            t            table        testuser2  TRIGGER            false
@@ -96,6 +98,7 @@ test           s2           t            table        testuser   CREATE
 test           s2           t            table        testuser   DELETE             false
 test           s2           t            table        testuser   DROP               false
 test           s2           t            table        testuser   INSERT             false
+test           s2           t            table        testuser   INSPECT            false
 test           s2           t            table        testuser   REPLICATIONDEST    false
 test           s2           t            table        testuser   REPLICATIONSOURCE  false
 test           s2           t            table        testuser   TRIGGER            false
@@ -107,6 +110,7 @@ test           s2           t            table        testuser2  CREATE
 test           s2           t            table        testuser2  DELETE             false
 test           s2           t            table        testuser2  DROP               false
 test           s2           t            table        testuser2  INSERT             false
+test           s2           t            table        testuser2  INSPECT            false
 test           s2           t            table        testuser2  REPLICATIONDEST    false
 test           s2           t            table        testuser2  REPLICATIONSOURCE  false
 test           s2           t            table        testuser2  TRIGGER            false

pkg/sql/logictest/testdata/logic_test/grant_revoke_with_grant_option

@@ -307,6 +307,7 @@ test           public       t            table        testuser  CHANGEFEED
 test           public       t            table        testuser  CREATE             true
 test           public       t            table        testuser  DROP               true
 test           public       t            table        testuser  INSERT             true
+test           public       t            table        testuser  INSPECT            true
 test           public       t            table        testuser  REPLICATIONDEST    true
 test           public       t            table        testuser  REPLICATIONSOURCE  true
 test           public       t            table        testuser  SELECT             true

pkg/sql/logictest/testdata/logic_test/grant_table

@@ -1671,6 +1671,7 @@ a  public  t  readwrite  BACKUP             false
 a  public  t  readwrite  CHANGEFEED         false
 a  public  t  readwrite  CREATE             false
 a  public  t  readwrite  DROP               false
+a  public  t  readwrite  INSPECT            false
 a  public  t  readwrite  REPLICATIONDEST    false
 a  public  t  readwrite  REPLICATIONSOURCE  false
 a  public  t  readwrite  SELECT             false
@@ -1682,6 +1683,7 @@ a  public  t  test-user  BACKUP             false
 a  public  t  test-user  CHANGEFEED         false
 a  public  t  test-user  CREATE             false
 a  public  t  test-user  DROP               false
+a  public  t  test-user  INSPECT            false
 a  public  t  test-user  REPLICATIONDEST    false
 a  public  t  test-user  REPLICATIONSOURCE  false
 a  public  t  test-user  SELECT             false
@@ -1696,6 +1698,7 @@ a  public  t  readwrite  BACKUP             false
 a  public  t  readwrite  CHANGEFEED         false
 a  public  t  readwrite  CREATE             false
 a  public  t  readwrite  DROP               false
+a  public  t  readwrite  INSPECT            false
 a  public  t  readwrite  REPLICATIONDEST    false
 a  public  t  readwrite  REPLICATIONSOURCE  false
 a  public  t  readwrite  SELECT             false
@@ -1706,6 +1709,7 @@ a  public  t  test-user  BACKUP             false
 a  public  t  test-user  CHANGEFEED         false
 a  public  t  test-user  CREATE             false
 a  public  t  test-user  DROP               false
+a  public  t  test-user  INSPECT            false
 a  public  t  test-user  REPLICATIONDEST    false
 a  public  t  test-user  REPLICATIONSOURCE  false
 a  public  t  test-user  SELECT             false
@@ -1724,6 +1728,7 @@ a  public  t  readwrite  BACKUP             false
 a  public  t  readwrite  CHANGEFEED         false
 a  public  t  readwrite  CREATE             false
 a  public  t  readwrite  DROP               false
+a  public  t  readwrite  INSPECT            false
 a  public  t  readwrite  REPLICATIONDEST    false
 a  public  t  readwrite  REPLICATIONSOURCE  false
 a  public  t  readwrite  SELECT             false
@@ -1735,6 +1740,7 @@ a  public  t  test-user  BACKUP             false
 a  public  t  test-user  CHANGEFEED         false
 a  public  t  test-user  CREATE             false
 a  public  t  test-user  DROP               false
+a  public  t  test-user  INSPECT            false
 a  public  t  test-user  REPLICATIONDEST    false
 a  public  t  test-user  REPLICATIONSOURCE  false
 a  public  t  test-user  TRIGGER            false
@@ -1748,6 +1754,7 @@ a  public  t  readwrite  BACKUP             false
 a  public  t  readwrite  CHANGEFEED         false
 a  public  t  readwrite  CREATE             false
 a  public  t  readwrite  DROP               false
+a  public  t  readwrite  INSPECT            false
 a  public  t  readwrite  REPLICATIONDEST    false
 a  public  t  readwrite  REPLICATIONSOURCE  false
 a  public  t  readwrite  SELECT             false
@@ -1758,6 +1765,7 @@ a  public  t  test-user  BACKUP             false
 a  public  t  test-user  CHANGEFEED         false
 a  public  t  test-user  CREATE             false
 a  public  t  test-user  DROP               false
+a  public  t  test-user  INSPECT            false
 a  public  t  test-user  REPLICATIONDEST    false
 a  public  t  test-user  REPLICATIONSOURCE  false
 a  public  t  test-user  TRIGGER            false
@@ -1824,6 +1832,7 @@ a  public  v  readwrite  BACKUP             false
 a  public  v  readwrite  CHANGEFEED         false
 a  public  v  readwrite  CREATE             false
 a  public  v  readwrite  DROP               false
+a  public  v  readwrite  INSPECT            false
 a  public  v  readwrite  REPLICATIONDEST    false
 a  public  v  readwrite  REPLICATIONSOURCE  false
 a  public  v  readwrite  SELECT             false
@@ -1835,6 +1844,7 @@ a  public  v  test-user  BACKUP             false
 a  public  v  test-user  CHANGEFEED         false
 a  public  v  test-user  CREATE             false
 a  public  v  test-user  DROP               false
+a  public  v  test-user  INSPECT            false
 a  public  v  test-user  REPLICATIONDEST    false
 a  public  v  test-user  REPLICATIONSOURCE  false
 a  public  v  test-user  SELECT             false
@@ -1849,6 +1859,7 @@ a  public  v  readwrite  BACKUP             false
 a  public  v  readwrite  CHANGEFEED         false
 a  public  v  readwrite  CREATE             false
 a  public  v  readwrite  DROP               false
+a  public  v  readwrite  INSPECT            false
 a  public  v  readwrite  REPLICATIONDEST    false
 a  public  v  readwrite  REPLICATIONSOURCE  false
 a  public  v  readwrite  SELECT             false
@@ -1859,6 +1870,7 @@ a  public  v  test-user  BACKUP             false
 a  public  v  test-user  CHANGEFEED         false
 a  public  v  test-user  CREATE             false
 a  public  v  test-user  DROP               false
+a  public  v  test-user  INSPECT            false
 a  public  v  test-user  REPLICATIONDEST    false
 a  public  v  test-user  REPLICATIONSOURCE  false
 a  public  v  test-user  SELECT             false
@@ -1877,6 +1889,7 @@ a  public  v  readwrite  BACKUP             false
 a  public  v  readwrite  CHANGEFEED         false
 a  public  v  readwrite  CREATE             false
 a  public  v  readwrite  DROP               false
+a  public  v  readwrite  INSPECT            false
 a  public  v  readwrite  REPLICATIONDEST    false
 a  public  v  readwrite  REPLICATIONSOURCE  false
 a  public  v  readwrite  SELECT             false
@@ -1888,6 +1901,7 @@ a  public  v  test-user  BACKUP             false
 a  public  v  test-user  CHANGEFEED         false
 a  public  v  test-user  CREATE             false
 a  public  v  test-user  DROP               false
+a  public  v  test-user  INSPECT            false
 a  public  v  test-user  REPLICATIONDEST    false
 a  public  v  test-user  REPLICATIONSOURCE  false
 a  public  v  test-user  TRIGGER            false
@@ -1901,6 +1915,7 @@ a  public  v  readwrite  BACKUP             false
 a  public  v  readwrite  CHANGEFEED         false
 a  public  v  readwrite  CREATE             false
 a  public  v  readwrite  DROP               false
+a  public  v  readwrite  INSPECT            false
 a  public  v  readwrite  REPLICATIONDEST    false
 a  public  v  readwrite  REPLICATIONSOURCE  false
 a  public  v  readwrite  SELECT             false
@@ -1911,6 +1926,7 @@ a  public  v  test-user  BACKUP             false
 a  public  v  test-user  CHANGEFEED         false
 a  public  v  test-user  CREATE             false
 a  public  v  test-user  DROP               false
+a  public  v  test-user  INSPECT            false
 a  public  v  test-user  REPLICATIONDEST    false
 a  public  v  test-user  REPLICATIONSOURCE  false
 a  public  v  test-user  TRIGGER            false
@@ -1927,6 +1943,7 @@ a  public  v     table     readwrite  BACKUP             false
 a  public  v     table     readwrite  CHANGEFEED         false
 a  public  v     table     readwrite  CREATE             false
 a  public  v     table     readwrite  DROP               false
+a  public  v     table     readwrite  INSPECT            false
 a  public  v     table     readwrite  REPLICATIONDEST    false
 a  public  v     table     readwrite  REPLICATIONSOURCE  false
 a  public  v     table     readwrite  SELECT             false
@@ -1937,6 +1954,7 @@ a  public  v     table     test-user  BACKUP             false
 a  public  v     table     test-user  CHANGEFEED         false
 a  public  v     table     test-user  CREATE             false
 a  public  v     table     test-user  DROP               false
+a  public  v     table     test-user  INSPECT            false
 a  public  v     table     test-user  REPLICATIONDEST    false
 a  public  v     table     test-user  REPLICATIONSOURCE  false
 a  public  v     table     test-user  TRIGGER            false