query TTTTTT rowsort
SHOW DATABASES
----
defaultdb  root  NULL  NULL  {}  NULL
postgres   root  NULL  NULL  {}  NULL
system     node  NULL  NULL  {}  NULL
test       root  NULL  NULL  {}  NULL

skipif config local-mixed-24.3
query TTTTT
SELECT schema_name, table_name, type, owner, locality FROM [SHOW TABLES FROM system] 
where table_name IN ('descriptor_id_seq', 'comments', 'locations', 'span_configurations')
ORDER BY 2
----
public  comments             table     node  NULL
public  descriptor_id_seq    sequence  node  NULL
public  locations            table     node  NULL
public  span_configurations  table     node  NULL

skipif config local-mixed-24.3
query I rowsort
SELECT count(id) FROM system.descriptor
----
69

# Verify we can read ID on its own (see #58614).
query I
SELECT id FROM system.descriptor WHERE id=1
----
1

query I
SELECT id FROM (VALUES(1)) AS v(a) INNER LOOKUP JOIN system.descriptor on id=a
----
1

# Verify we can read "protobuf" columns.
query I
SELECT length(descriptor) * (id - 1) FROM system.descriptor WHERE id = 1
----
0


query TTBTTTB rowsort
SHOW COLUMNS FROM system.descriptor
----
id          INT8   false  NULL  ·  {primary}  false
descriptor  BYTES  true   NULL  ·  {primary}  false

query TTBTTTB rowsort
SHOW COLUMNS FROM system.users
----
username        STRING  false  NULL   ·  {primary,users_user_id_idx}  false
hashedPassword  BYTES   true   NULL   ·  {primary}                    false
isRole          BOOL    false  false  ·  {primary}                    false
user_id         OID     false  NULL   ·  {primary,users_user_id_idx}  false

query TTBTTTB rowsort
SHOW COLUMNS FROM system.zones
----
id      INT8   false  NULL  ·  {primary}  false
config  BYTES  true   NULL  ·  {primary}  false

query TTBTTTB rowsort
SHOW COLUMNS FROM system.lease
----
desc_id          INT8   false  NULL  ·  {primary}  false
version          INT8   false  NULL  ·  {primary}  false
sql_instance_id  INT8   false  NULL  ·  {primary}  false
session_id       BYTES  false  NULL  ·  {primary}  false
crdb_region      BYTES  false  NULL  ·  {primary}  false

query TTBTTTB rowsort
SHOW COLUMNS FROM system.lease
----
desc_id          INT8   false  NULL  ·  {primary}  false
version          INT8   false  NULL  ·  {primary}  false
sql_instance_id  INT8   false  NULL  ·  {primary}  false
session_id       BYTES  false  NULL  ·  {primary}  false
crdb_region      BYTES  false  NULL  ·  {primary}  false



query TTBTTTB rowsort
SHOW COLUMNS FROM system.eventlog
----
timestamp    TIMESTAMP  false  NULL       ·  {primary}  false
eventType    STRING     false  NULL       ·  {primary}  false
targetID     INT8       false  NULL       ·  {primary}  false
reportingID  INT8       false  NULL       ·  {primary}  false
info         STRING     true   NULL       ·  {primary}  false
uniqueID     BYTES      false  uuid_v4()  ·  {primary}  false

query TTBTTTB rowsort
SHOW COLUMNS FROM system.rangelog
----
timestamp     TIMESTAMP  false  NULL            ·  {primary}  false
rangeID       INT8       false  NULL            ·  {primary}  false
storeID       INT8       false  NULL            ·  {primary}  false
eventType     STRING     false  NULL            ·  {primary}  false
otherRangeID  INT8       true   NULL            ·  {primary}  false
info          STRING     true   NULL            ·  {primary}  false
uniqueID      INT8       false  unique_rowid()  ·  {primary}  false

query TTBTTTB rowsort
SHOW COLUMNS FROM system.ui
----
key          STRING     false  NULL  ·  {primary}  false
value        BYTES      true   NULL  ·  {primary}  false
lastUpdated  TIMESTAMP  false  NULL  ·  {primary}  false

skipif config local-mixed-24.3
query TTBTTTB rowsort
SHOW COLUMNS FROM system.jobs
----
id                 INT8         false  unique_rowid()  ·  {jobs_created_by_type_created_by_id_idx,jobs_job_type_idx,jobs_run_stats_idx,jobs_status_created_idx,primary}  false
status             STRING       false  NULL            ·  {jobs_created_by_type_created_by_id_idx,jobs_run_stats_idx,jobs_status_created_idx,primary}                    false
created            TIMESTAMP    false  now()           ·  {jobs_run_stats_idx,jobs_status_created_idx,primary}                                                           false
dropped_payload    BYTES        true   NULL            ·  {primary}                                                                                                      true
dropped_progress   BYTES        true   NULL            ·  {primary}                                                                                                      true
created_by_type    STRING       true   NULL            ·  {jobs_created_by_type_created_by_id_idx,primary}                                                               false
created_by_id      INT8         true   NULL            ·  {jobs_created_by_type_created_by_id_idx,primary}                                                               false
claim_session_id   BYTES        true   NULL            ·  {jobs_run_stats_idx,primary}                                                                                   false
claim_instance_id  INT8         true   NULL            ·  {jobs_run_stats_idx,primary}                                                                                   false
num_runs           INT8         true   NULL            ·  {jobs_run_stats_idx,primary}                                                                                   false
last_run           TIMESTAMP    true   NULL            ·  {jobs_run_stats_idx,primary}                                                                                   false
job_type           STRING       true   NULL            ·  {jobs_job_type_idx,primary}                                                                                    false
owner              STRING       true   NULL            ·  {primary}                                                                                                      false
description        STRING       true   NULL            ·  {primary}                                                                                                      false
error_msg          STRING       true   NULL            ·  {primary}                                                                                                      false
finished           TIMESTAMPTZ  true   NULL            ·  {primary}                                                                                                      false

query TTBTTTB rowsort
SHOW COLUMNS FROM system.settings
----
name         STRING     false  NULL   ·  {primary}  false
value        STRING     false  NULL   ·  {primary}  false
lastUpdated  TIMESTAMP  false  now()  ·  {primary}  false
valueType    STRING     true   NULL   ·  {primary}  false

query TTBTTTB rowsort
SHOW COLUMNS FROM system.role_members
----
role       STRING  false  NULL  ·  {primary,role_members_member_id_idx,role_members_member_idx,role_members_role_id_idx,role_members_role_id_member_id_key,role_members_role_idx}  false
member     STRING  false  NULL  ·  {primary,role_members_member_id_idx,role_members_member_idx,role_members_role_id_idx,role_members_role_id_member_id_key,role_members_role_idx}  false
isAdmin    BOOL    false  NULL  ·  {primary}                                                                                                                                       false
role_id    OID     false  NULL  ·  {primary,role_members_role_id_idx,role_members_role_id_member_id_key}                                                                           false
member_id  OID     false  NULL  ·  {primary,role_members_member_id_idx,role_members_role_id_member_id_key}                                                                         false

# Verify default privileges on system tables.
query TTTB rowsort
SHOW GRANTS ON DATABASE system
----
system  admin  CONNECT  true
system  root   CONNECT  true

skipif config local-mixed-24.3
query TTTTTB rowsort
WITH grants AS (SHOW GRANTS ON system.*) SELECT * FROM grants WHERE
  table_name IN ('comments', 'locations', 'tenants')
----
system  public  tenants    admin   SELECT  true
system  public  comments   admin   UPDATE  true
system  public  comments   admin   SELECT  true
system  public  comments   admin   INSERT  true
system  public  comments   admin   DELETE  true
system  public  locations  admin   UPDATE  true
system  public  locations  admin   SELECT  true
system  public  locations  admin   INSERT  true
system  public  locations  admin   DELETE  true
system  public  tenants    root    SELECT  true
system  public  locations  root    DELETE  true
system  public  locations  root    INSERT  true
system  public  locations  root    SELECT  true
system  public  locations  root    UPDATE  true
system  public  comments   public  SELECT  false
system  public  comments   root    DELETE  true
system  public  comments   root    INSERT  true
system  public  comments   root    SELECT  true
system  public  comments   root    UPDATE  true

statement error user root does not have DROP privilege on database system
ALTER DATABASE system RENAME TO not_system

statement error user root does not have DROP privilege on database system
DROP DATABASE system

statement error user root does not have DROP privilege on relation users
DROP TABLE system.users

statement error pq: cannot GRANT on system object
GRANT ALL ON DATABASE system TO testuser

statement error pq: cannot GRANT on system object
GRANT CREATE ON DATABASE system TO testuser

statement error pq: cannot GRANT on system object
GRANT CREATE ON DATABASE system TO testuser

statement error pq: cannot GRANT on system object
GRANT ALL ON system.namespace TO testuser

statement error pq: cannot GRANT on system object
GRANT SELECT, INSERT ON system.namespace TO testuser

statement error pq: cannot GRANT on system object
GRANT SELECT ON system.namespace TO testuser

statement error pq: cannot GRANT on system object
GRANT SELECT ON system.descriptor TO testuser

# Superusers must have exactly the allowed privileges.
statement error pq: cannot GRANT on system object
GRANT ALL ON DATABASE system TO root

statement error pq: cannot GRANT on system object
GRANT CREATE ON DATABASE system TO root

statement error pq: cannot GRANT on system object
GRANT ALL ON system.namespace TO root

statement error pq: cannot GRANT on system object
GRANT DELETE, INSERT ON system.descriptor TO root

statement error pq: cannot GRANT on system object
GRANT ALL ON system.descriptor TO root

statement error pq: cannot REVOKE on system object
REVOKE CREATE ON DATABASE system FROM root

statement error pq: cannot REVOKE on system object
REVOKE CREATE ON system.namespace FROM root

statement error pq: cannot REVOKE on system object
REVOKE ALL ON system.namespace FROM root

statement error pq: cannot REVOKE on system object
REVOKE SELECT ON system.namespace FROM root

statement error pq: cannot GRANT on system object
GRANT ALL ON DATABASE system TO admin

statement error pq: cannot GRANT on system object
GRANT CREATE ON DATABASE system TO admin

statement error pq: cannot REVOKE on system object
REVOKE CREATE ON DATABASE system FROM admin

statement error pq: cannot GRANT on system object
GRANT ALL ON system.namespace TO admin

statement error pq: cannot GRANT on system object
GRANT DELETE, INSERT ON system.descriptor TO admin

statement error pq: cannot GRANT on system object
GRANT ALL ON system.descriptor TO admin

statement error pq: cannot REVOKE on system object
REVOKE CREATE ON system.descriptor FROM admin

statement error pq: cannot REVOKE on system object
REVOKE CREATE ON DATABASE system FROM admin

statement error pq: cannot REVOKE on system object
REVOKE CREATE ON system.namespace FROM admin

statement error pq: cannot REVOKE on system object
REVOKE ALL ON system.namespace FROM admin

statement error pq: cannot REVOKE on system object
REVOKE SELECT ON system.namespace FROM admin

# Some tables (we test system.lease here) used to allow multiple privilege sets for
# backwards compatibility, and superusers were allowed very wide privileges.
# We make sure this is no longer the case.
statement error pq: cannot GRANT on system object
GRANT ALL ON system.lease TO testuser

statement error pq: cannot GRANT on system object
GRANT CREATE on system.lease to root

statement error pq: cannot GRANT on system object
GRANT CREATE on system.lease to admin

statement error pq: cannot GRANT on system object
GRANT CREATE on system.lease to testuser

statement error pq: cannot GRANT on system object
GRANT ALL ON system.lease TO root

statement error pq: cannot GRANT on system object
GRANT ALL ON system.lease TO admin

statement error pq: cannot GRANT on system object
GRANT ALL ON system.lease TO testuser

# NB: the "order by" is necessary or this test is flaky under DistSQL.
# This is somewhat surprising.
# With probabilistic test tenant creation, we have to filter out
# kv.range_merge.queue.enabled (with key name
# kv.range_merge.queue_enabled), since it will only be set in cases
# where a test tenant is not allocated.
query T
SELECT name
FROM system.settings
WHERE name NOT LIKE 'sql.defaults%'
AND name NOT LIKE 'sql.distsql%'
AND name NOT LIKE 'sql.testing%'
AND name NOT LIKE 'sql.stats%'
AND name NOT LIKE 'sql.txn.%_isolation.enabled'
AND name != 'kv.range_merge.queue_enabled'
ORDER BY name
----
cluster.secret
diagnostics.reporting.enabled
sql.crdb_internal.table_row_statistics.as_of_time
version

onlyif config 3node-tenant-default-configs
query T
SELECT name
FROM system.settings
WHERE name NOT LIKE 'sql.defaults%'
AND name NOT LIKE 'sql.distsql%'
AND name NOT LIKE 'sql.testing%'
AND name NOT LIKE 'sql.stats%'
AND name NOT LIKE 'sql.txn.%_isolation.enabled'
ORDER BY name
----
cluster.secret
diagnostics.reporting.enabled
sql.crdb_internal.table_row_statistics.as_of_time
version

statement ok
INSERT INTO system.settings (name, value) VALUES ('somesetting', 'somevalue')

# Have to exclude kv.range_merge.queue.enabled  (with key name
# kv.range_merge.queue_enabled) as it is not accessible
# to tenants.
query TT
SELECT name, value
FROM system.settings
WHERE name NOT LIKE 'sql.defaults%'
AND name NOT LIKE 'sql.distsql%'
AND name NOT LIKE 'sql.testing%'
AND name NOT LIKE 'sql.stats%'
AND name NOT LIKE 'sql.txn.%_isolation.enabled'
AND name NOT IN ('version', 'cluster.secret', 'kv.range_merge.queue_enabled')
ORDER BY name
----
diagnostics.reporting.enabled                      true
somesetting                                        somevalue
sql.crdb_internal.table_row_statistics.as_of_time  -1µs

onlyif config 3node-tenant-default-configs
query TT
SELECT name, value
FROM system.settings
WHERE name NOT LIKE 'sql.defaults%'
AND name NOT LIKE 'sql.distsql%'
AND name NOT LIKE 'sql.testing%'
AND name NOT LIKE 'sql.stats%'
AND name NOT LIKE 'sql.txn.%_isolation.enabled'
AND name NOT IN ('version', 'cluster.secret')
ORDER BY name
----
diagnostics.reporting.enabled                      true
somesetting                                        somevalue
sql.crdb_internal.table_row_statistics.as_of_time  -1µs

user testuser

statement error user testuser does not have SELECT privilege on relation settings
select name from system.settings

statement error user testuser does not have INSERT privilege on relation settings
UPSERT INTO system.settings (name, value) VALUES ('somesetting', 'somevalueother')

user root

query TTBOO
SELECT * from system.role_members
----
admin  root  true  2  1

statement ok
SET DATABASE = "";

query T
SELECT username FROM system.users WHERE username = 'root'
----
root

statement ok
SET DATABASE = test

# system is a database, not a schema.
query error relation ".system.users" does not exist
SELECT username FROM "".system.users WHERE username = 'root'

# Verify that tenant_usage has a reduced TTL.
skipif config 3node-tenant-default-configs
query T
SELECT raw_config_sql FROM [ SHOW ZONE CONFIGURATION FOR TABLE system.tenant_usage ]
----
ALTER TABLE system.public.tenant_usage CONFIGURE ZONE USING
  range_min_bytes = 134217728,
  range_max_bytes = 536870912,
  gc.ttlseconds = 7200,
  num_replicas = 5,
  constraints = '[]',
  lease_preferences = '[]'

# Regression test for 133278, that clusters with sql.defaults.vectorize set to
# old value '1' can still start new connections.

statement ok
UPSERT INTO system.settings (name, value, "valueType") VALUES ('sql.defaults.vectorize', '1', 'e')

query TT
SELECT name, value FROM system.settings WHERE name = 'sql.defaults.vectorize'
----
sql.defaults.vectorize  1

query T retry
SHOW CLUSTER SETTING sql.defaults.vectorize
----
on

statement ok
SET vectorize = DEFAULT

query T
SHOW vectorize
----
on

# Make sure we can open a new connection.
user testuser newsession

user root

statement ok
RESET CLUSTER SETTING sql.defaults.vectorize

statement ok
RESET vectorize

query TT
SELECT name, value FROM system.settings WHERE name = 'sql.defaults.vectorize'
----

query T retry
SHOW CLUSTER SETTING sql.defaults.vectorize
----
on

query T
SHOW vectorize
----
on

user testuser

statement ok
RESET vectorize
