databendlabs
diff --git a/‎src/meta/app/src/principal/ownership_object.rs
+11-1 b/‎src/meta/app/src/principal/ownership_object.rs
+11-1
diff --git a/‎src/meta/app/src/principal/tenant_ownership_object_ident.rs
+16 b/‎src/meta/app/src/principal/tenant_ownership_object_ident.rs
+16
diff --git a/‎src/meta/app/src/principal/user_grant.rs
+3-1 b/‎src/meta/app/src/principal/user_grant.rs
+3-1
diff --git a/‎src/meta/app/src/principal/user_privilege.rs
+15-4 b/‎src/meta/app/src/principal/user_privilege.rs
+15-4
diff --git a/‎src/meta/proto-conv/src/ownership_from_to_protobuf_impl.rs
+8 b/‎src/meta/proto-conv/src/ownership_from_to_protobuf_impl.rs
+8
diff --git a/‎src/meta/proto-conv/src/util.rs
+1 b/‎src/meta/proto-conv/src/util.rs
+1
diff --git a/‎src/meta/proto-conv/tests/it/main.rs
+1 b/‎src/meta/proto-conv/tests/it/main.rs
+1
diff --git a/‎src/meta/proto-conv/tests/it/v117_warehouse_ownershipobject.rs
+116 b/‎src/meta/proto-conv/tests/it/v117_warehouse_ownershipobject.rs
+116
diff --git a/‎src/meta/protos/proto/ownership.proto
+5 b/‎src/meta/protos/proto/ownership.proto
+5
diff --git a/‎src/query/ast/src/ast/statements/principal.rs
+3 b/‎src/query/ast/src/ast/statements/principal.rs
+3
diff --git a/‎src/query/ast/src/parser/statement.rs
+8-1 b/‎src/query/ast/src/parser/statement.rs
+8-1
diff --git a/‎src/query/management/src/role/role_mgr.rs
+1 b/‎src/query/management/src/role/role_mgr.rs
+1
@@ -52,6 +52,10 @@ pub enum OwnershipObject {
     UDF {
         name: String,
     },
+
+    Warehouse {
+        uid: String,
+    },
 }
 
 impl OwnershipObject {
@@ -80,6 +84,7 @@ impl fmt::Display for OwnershipObject {
             }
             OwnershipObject::UDF { name } => write!(f, "UDF {name}"),
             OwnershipObject::Stage { name } => write!(f, "STAGE {name}"),
+            OwnershipObject::Warehouse { uid } => write!(f, "Warehouse {uid}"),
         }
     }
 }
@@ -119,6 +124,7 @@ impl KeyCodec for OwnershipObject {
             }
             OwnershipObject::Stage { name } => b.push_raw("stage-by-name").push_str(name),
             OwnershipObject::UDF { name } => b.push_raw("udf-by-name").push_str(name),
+            OwnershipObject::Warehouse { uid } => b.push_raw("warehouse-by-uid").push_str(uid),
         }
     }
 
@@ -165,9 +171,13 @@ impl KeyCodec for OwnershipObject {
                 let name = p.next_str()?;
                 Ok(OwnershipObject::UDF { name })
             }
+            "warehouse-by-uid" => {
+                let uid = p.next_str()?;
+                Ok(OwnershipObject::Warehouse { uid })
+            }
             _ => Err(kvapi::KeyError::InvalidSegment {
                 i: p.index(),
-                expect: "database-by-id|database-by-catalog-id|table-by-id|table-by-catalog-id|stage-by-name|udf-by-name"
+                expect: "database-by-id|database-by-catalog-id|table-by-id|table-by-catalog-id|stage-by-name|udf-by-name|warehouse-by-uid"
                     .to_string(),
                 got: q.to_string(),
             }),
 
@@ -254,6 +254,22 @@ mod tests {
             let parsed = TenantOwnershipObjectIdent::from_str_key(&key).unwrap();
             assert_eq!(role_grantee, parsed);
         }
+
+        // warehouse
+        {
+            let role_grantee = TenantOwnershipObjectIdent::new_unchecked(
+                Tenant::new_literal("test"),
+                OwnershipObject::Warehouse {
+                    uid: "n87s".to_string(),
+                },
+            );
+
+            let key = role_grantee.to_string_key();
+            assert_eq!("__fd_object_owners/test/warehouse-by-uid/n87s", key);
+
+            let parsed = TenantOwnershipObjectIdent::from_str_key(&key).unwrap();
+            assert_eq!(role_grantee, parsed);
+        }
     }
 
     #[test]
 
@@ -111,7 +111,9 @@ impl GrantObject {
             GrantObject::Stage(_) => {
                 UserPrivilegeSet::available_privileges_on_stage(available_ownership)
             }
-            GrantObject::Warehouse(_) => UserPrivilegeSet::available_privileges_on_warehouse(),
+            GrantObject::Warehouse(_) => {
+                UserPrivilegeSet::available_privileges_on_warehouse(available_ownership)
+            }
         }
     }
 
 
@@ -76,6 +76,8 @@ pub enum UserPrivilegeType {
     Write = 1 << 19,
     // Privilege to Create database
     CreateDatabase = 1 << 20,
+    // Privilege to Create warehouse
+    CreateWarehouse = 1 << 21,
     // Discard Privilege Type
     Set = 1 << 4,
 }
@@ -102,6 +104,7 @@ const ALL_PRIVILEGES: BitFlags<UserPrivilegeType> = make_bitflags!(
         | Read
         | Write
         | CreateDatabase
+        | CreateWarehouse
     }
 );
 
@@ -129,6 +132,7 @@ impl Display for UserPrivilegeType {
             UserPrivilegeType::Read => "Read",
             UserPrivilegeType::Write => "Write",
             UserPrivilegeType::CreateDatabase => "CREATE DATABASE",
+            UserPrivilegeType::CreateWarehouse => "CREATE WAREHOUSE",
         })
     }
 }
@@ -166,6 +170,9 @@ impl From<databend_common_ast::ast::UserPrivilegeType> for UserPrivilegeType {
             databend_common_ast::ast::UserPrivilegeType::CreateDatabase => {
                 UserPrivilegeType::CreateDatabase
             }
+            databend_common_ast::ast::UserPrivilegeType::CreateWarehouse => {
+                UserPrivilegeType::CreateWarehouse
+            }
             databend_common_ast::ast::UserPrivilegeType::Set => UserPrivilegeType::Set,
         }
     }
@@ -199,8 +206,8 @@ impl UserPrivilegeSet {
         let database_privs = Self::available_privileges_on_database(false);
         let stage_privs_without_ownership = Self::available_privileges_on_stage(false);
         let udf_privs_without_ownership = Self::available_privileges_on_udf(false);
-        let wh_privs_without_ownership = Self::available_privileges_on_warehouse();
-        let privs = make_bitflags!(UserPrivilegeType::{ Usage | Super | CreateUser | DropUser | CreateRole | DropRole | CreateDatabase | Grant | CreateDataMask });
+        let wh_privs_without_ownership = Self::available_privileges_on_warehouse(false);
+        let privs = make_bitflags!(UserPrivilegeType::{ Usage | Super | CreateUser | DropUser | CreateRole | DropRole | CreateDatabase | Grant | CreateDataMask | CreateWarehouse });
         (database_privs.privileges
             | privs
             | stage_privs_without_ownership.privileges
@@ -234,8 +241,12 @@ impl UserPrivilegeSet {
         }
     }
 
-    pub fn available_privileges_on_warehouse() -> Self {
-        make_bitflags!(UserPrivilegeType::{  Usage }).into()
+    pub fn available_privileges_on_warehouse(available_ownership: bool) -> Self {
+        if available_ownership {
+            make_bitflags!(UserPrivilegeType::{  Usage | Ownership }).into()
+        } else {
+            make_bitflags!(UserPrivilegeType::{  Usage }).into()
+        }
     }
 
     pub fn available_privileges_on_udf(available_ownership: bool) -> Self {
 
@@ -88,6 +88,9 @@ impl FromToProto for mt::principal::OwnershipObject {
             pb::ownership_object::Object::Stage(pb::ownership_object::OwnershipStageObject {
                 stage,
             }) => Ok(mt::principal::OwnershipObject::Stage { name: stage }),
+            pb::ownership_object::Object::Warehouse(
+                pb::ownership_object::OwnershipWarehouseObject { uid },
+            ) => Ok(mt::principal::OwnershipObject::Warehouse { uid }),
         }
     }
 
@@ -123,6 +126,11 @@ impl FromToProto for mt::principal::OwnershipObject {
                     stage: name.clone(),
                 }),
             ),
+            mt::principal::OwnershipObject::Warehouse { uid } => {
+                Some(pb::ownership_object::Object::Warehouse(
+                    pb::ownership_object::OwnershipWarehouseObject { uid: uid.clone() },
+                ))
+            }
         };
         Ok(pb::OwnershipObject {
             ver: VER,
 
@@ -146,6 +146,7 @@ const META_CHANGE_LOG: &[(u64, &str)] = &[
     (114, "2024-12-12: Add: New DataType Interval."),
     (115, "2024-12-16: Add: udf.proto: add UDAFScript and UDAFServer"),
     (116, "2025-01-09: Add: MarkedDeletedIndexMeta"),
+    (117, "2025-01-13: Add: Add new UserPrivilege CreateWarehouse and new OwnershipObject::Warehouse"),
     // Dear developer:
     //      If you're gonna add a new metadata version, you'll have to add a test for it.
     //      You could just copy an existing test file(e.g., `../tests/it/v024_table_meta.rs`)
 
@@ -114,3 +114,4 @@ mod v113_warehouse_grantobject;
 mod v114_interval_datatype;
 mod v115_add_udaf_script;
 mod v116_marked_deleted_index_meta;
+mod v117_warehouse_ownershipobject;
@@ -0,0 +1,116 @@
+// Copyright 2023 Datafuse Labs.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+use std::collections::HashSet;
+
+use chrono::DateTime;
+use chrono::Utc;
+use databend_common_meta_app as mt;
+use databend_common_meta_app::principal::OwnershipObject;
+use databend_common_meta_app::principal::UserGrantSet;
+use databend_common_meta_app::principal::UserPrivilegeType;
+use enumflags2::make_bitflags;
+use fastrace::func_name;
+
+use crate::common;
+
+// These bytes are built when a new version in introduced,
+// and are kept for backward compatibility test.
+//
+// *************************************************************
+// * These messages should never be updated,                   *
+// * only be added when a new version is added,                *
+// * or be removed when an old version is no longer supported. *
+// *************************************************************
+//
+
+#[test]
+fn test_decode_v117_grant_object() -> anyhow::Result<()> {
+    let role_info_v117 = vec![
+        10, 2, 114, 49, 18, 172, 1, 10, 21, 10, 8, 10, 0, 160, 6, 117, 168, 6, 24, 16, 128, 128,
+        128, 1, 160, 6, 117, 168, 6, 24, 10, 31, 10, 21, 18, 13, 10, 7, 100, 101, 102, 97, 117,
+        108, 116, 18, 2, 100, 98, 160, 6, 117, 168, 6, 24, 16, 2, 160, 6, 117, 168, 6, 24, 10, 35,
+        10, 25, 26, 17, 10, 7, 100, 101, 102, 97, 117, 108, 116, 18, 2, 100, 98, 26, 2, 116, 98,
+        160, 6, 117, 168, 6, 24, 16, 2, 160, 6, 117, 168, 6, 24, 10, 22, 10, 12, 34, 4, 10, 2, 102,
+        49, 160, 6, 117, 168, 6, 24, 16, 1, 160, 6, 117, 168, 6, 24, 10, 24, 10, 12, 42, 4, 10, 2,
+        115, 49, 160, 6, 117, 168, 6, 24, 16, 128, 128, 32, 160, 6, 117, 168, 6, 24, 10, 21, 10, 8,
+        10, 0, 160, 6, 117, 168, 6, 24, 16, 254, 255, 191, 1, 160, 6, 117, 168, 6, 24, 160, 6, 117,
+        168, 6, 24, 26, 23, 49, 57, 55, 48, 45, 48, 49, 45, 48, 49, 32, 48, 48, 58, 48, 48, 58, 48,
+        48, 32, 85, 84, 67, 34, 23, 49, 57, 55, 48, 45, 48, 49, 45, 48, 49, 32, 48, 48, 58, 48, 48,
+        58, 48, 48, 32, 85, 84, 67, 160, 6, 117, 168, 6, 24,
+    ];
+    let want = || mt::principal::RoleInfo {
+        name: "r1".to_string(),
+        grants: UserGrantSet::new(
+            vec![
+                mt::principal::GrantEntry::new(
+                    mt::principal::GrantObject::Global,
+                    make_bitflags!(UserPrivilegeType::{CreateWarehouse}),
+                ),
+                mt::principal::GrantEntry::new(
+                    mt::principal::GrantObject::Database("default".to_string(), "db".to_string()),
+                    make_bitflags!(UserPrivilegeType::{Create}),
+                ),
+                mt::principal::GrantEntry::new(
+                    mt::principal::GrantObject::Table(
+                        "default".to_string(),
+                        "db".to_string(),
+                        "tb".to_string(),
+                    ),
+                    make_bitflags!(UserPrivilegeType::{Create}),
+                ),
+                mt::principal::GrantEntry::new(
+                    mt::principal::GrantObject::UDF("f1".to_string()),
+                    make_bitflags!(UserPrivilegeType::{Usage}),
+                ),
+                mt::principal::GrantEntry::new(
+                    mt::principal::GrantObject::Stage("s1".to_string()),
+                    make_bitflags!(UserPrivilegeType::{Write}),
+                ),
+                // test new global privilege CreateWarehouse
+                mt::principal::GrantEntry::new(
+                    mt::principal::GrantObject::Global,
+                    make_bitflags!(UserPrivilegeType::{Create | Select | Insert | Update | Delete | Drop | Alter | Super | CreateUser | DropUser | CreateRole | DropRole | Grant | CreateStage | Set | CreateDataMask | Ownership | Read | Write | CreateWarehouse }),
+                ),
+            ],
+            HashSet::new(),
+        ),
+        created_on: DateTime::<Utc>::default(),
+        update_on: DateTime::<Utc>::default(),
+    };
+
+    common::test_pb_from_to(func_name!(), want())?;
+    common::test_load_old(func_name!(), role_info_v117.as_slice(), 117, want())?;
+
+    Ok(())
+}
+
+#[test]
+fn test_decode_v117_ownership() -> anyhow::Result<()> {
+    let ownership_info_v117 = vec![
+        10, 2, 114, 49, 18, 19, 42, 11, 10, 9, 97, 117, 110, 105, 113, 117, 101, 105, 100, 160, 6,
+        117, 168, 6, 24, 160, 6, 117, 168, 6, 24,
+    ];
+
+    let want = || mt::principal::OwnershipInfo {
+        role: "r1".to_string(),
+        object: OwnershipObject::Warehouse {
+            uid: "auniqueid".to_string(),
+        },
+    };
+    common::test_pb_from_to(func_name!(), want())?;
+    common::test_load_old(func_name!(), ownership_info_v117.as_slice(), 117, want())?;
+
+    Ok(())
+}
@@ -46,10 +46,15 @@ message OwnershipObject {
     string stage = 1;
   }
 
+  message OwnershipWarehouseObject {
+    string uid = 1;
+  }
+
   oneof object {
     OwnershipDatabaseObject database = 1;
     OwnershipTableObject table = 2;
     OwnershipUdfObject udf = 3;
     OwnershipStageObject stage = 4;
+    OwnershipWarehouseObject warehouse = 5;
   }
 }
@@ -150,6 +150,8 @@ pub enum UserPrivilegeType {
     Write,
     // Privilege to Create database
     CreateDatabase,
+    // Privilege to Create warehouse
+    CreateWarehouse,
     // Discard Privilege Type
     Set,
 }
@@ -178,6 +180,7 @@ impl Display for UserPrivilegeType {
             UserPrivilegeType::Read => "Read",
             UserPrivilegeType::Write => "Write",
             UserPrivilegeType::CreateDatabase => "CREATE DATABASE",
+            UserPrivilegeType::CreateWarehouse => "CREATE WAREHOUSE",
         })
     }
 }
 
@@ -3278,6 +3278,10 @@ pub fn priv_type(i: Input) -> IResult<UserPrivilegeType> {
             UserPrivilegeType::CreateDatabase,
             rule! { CREATE ~ DATABASE },
         ),
+        value(
+            UserPrivilegeType::CreateWarehouse,
+            rule! { CREATE ~ WAREHOUSE },
+        ),
         value(UserPrivilegeType::DropUser, rule! { DROP ~ USER }),
         value(UserPrivilegeType::CreateRole, rule! { CREATE ~ ROLE }),
         value(UserPrivilegeType::DropRole, rule! { DROP ~ ROLE }),
@@ -3436,10 +3440,12 @@ pub fn grant_ownership_level(i: Input) -> IResult<AccountMgrLevel> {
     enum Object {
         Stage,
         Udf,
+        Warehouse,
     }
     let object = alt((
         value(Object::Udf, rule! { UDF }),
         value(Object::Stage, rule! { STAGE }),
+        value(Object::Warehouse, rule! { STAGE }),
     ));
 
     // Object object_name
@@ -3448,13 +3454,14 @@ pub fn grant_ownership_level(i: Input) -> IResult<AccountMgrLevel> {
         |(object, object_name)| match object {
             Object::Stage => AccountMgrLevel::Stage(object_name.to_string()),
             Object::Udf => AccountMgrLevel::UDF(object_name.to_string()),
+            Object::Warehouse => AccountMgrLevel::Warehouse(object_name.to_string()),
         },
     );
 
     rule!(
         #db : "<database>.*"
         | #table : "<database>.<table>"
-        | #object : "STAGE | UDF <object_name>"
+        | #object : "STAGE | UDF | WAREHOUSE <object_name>"
     )(i)
 }
 
 
@@ -504,6 +504,7 @@ fn convert_to_grant_obj(owner_obj: &OwnershipObject) -> GrantObject {
         } => GrantObject::TableById(catalog_name.to_string(), *db_id, *table_id),
         OwnershipObject::Stage { name } => GrantObject::Stage(name.to_string()),
         OwnershipObject::UDF { name } => GrantObject::UDF(name.to_string()),
+        OwnershipObject::Warehouse { uid } => GrantObject::Warehouse(uid.to_string()),
     }
 }
Original file line number	Diff line number	Diff line change
`@@ -52,6 +52,10 @@ pub enum OwnershipObject {`
`52`	`52`	`UDF {`
`53`	`53`	`name: String,`
`54`	`54`	`},`
	`55`	`+`
	`56`	`+ Warehouse {`
	`57`	`+ uid: String,`
	`58`	`+ },`
`55`	`59`	`}`
`56`	`60`
`57`	`61`	`impl OwnershipObject {`
`@@ -80,6 +84,7 @@ impl fmt::Display for OwnershipObject {`
`80`	`84`	`}`
`81`	`85`	`OwnershipObject::UDF { name } => write!(f, "UDF {name}"),`
`82`	`86`	`OwnershipObject::Stage { name } => write!(f, "STAGE {name}"),`
	`87`	`+ OwnershipObject::Warehouse { uid } => write!(f, "Warehouse {uid}"),`
`83`	`88`	`}`
`84`	`89`	`}`
`85`	`90`	`}`
`@@ -119,6 +124,7 @@ impl KeyCodec for OwnershipObject {`
`119`	`124`	`}`
`120`	`125`	`OwnershipObject::Stage { name } => b.push_raw("stage-by-name").push_str(name),`
`121`	`126`	`OwnershipObject::UDF { name } => b.push_raw("udf-by-name").push_str(name),`
	`127`	`+ OwnershipObject::Warehouse { uid } => b.push_raw("warehouse-by-uid").push_str(uid),`
`122`	`128`	`}`
`123`	`129`	`}`
`124`	`130`
`@@ -165,9 +171,13 @@ impl KeyCodec for OwnershipObject {`
`165`	`171`	`let name = p.next_str()?;`
`166`	`172`	`Ok(OwnershipObject::UDF { name })`
`167`	`173`	`}`
	`174`	`+ "warehouse-by-uid" => {`
	`175`	`+ let uid = p.next_str()?;`
	`176`	`+ Ok(OwnershipObject::Warehouse { uid })`
	`177`	`+ }`
`168`	`178`	`_ => Err(kvapi::KeyError::InvalidSegment {`
`169`	`179`	`i: p.index(),`
`170`		`- expect: "database-by-id\|database-by-catalog-id\|table-by-id\|table-by-catalog-id\|stage-by-name\|udf-by-name"`
	`180`	`+ expect: "database-by-id\|database-by-catalog-id\|table-by-id\|table-by-catalog-id\|stage-by-name\|udf-by-name\|warehouse-by-uid"`
`171`	`181`	`.to_string(),`
`172`	`182`	`got: q.to_string(),`
`173`	`183`	`}),`
Original file line number	Diff line number	Diff line change
`@@ -111,7 +111,9 @@ impl GrantObject {`
`111`	`111`	`GrantObject::Stage(_) => {`
`112`	`112`	`UserPrivilegeSet::available_privileges_on_stage(available_ownership)`
`113`	`113`	`}`
`114`		`- GrantObject::Warehouse(_) => UserPrivilegeSet::available_privileges_on_warehouse(),`
	`114`	`+ GrantObject::Warehouse(_) => {`
	`115`	`+ UserPrivilegeSet::available_privileges_on_warehouse(available_ownership)`
	`116`	`+ }`
`115`	`117`	`}`
`116`	`118`	`}`
`117`	`119`
Original file line number	Diff line number	Diff line change
`@@ -76,6 +76,8 @@ pub enum UserPrivilegeType {`
`76`	`76`	`Write = 1 << 19,`
`77`	`77`	`// Privilege to Create database`
`78`	`78`	`CreateDatabase = 1 << 20,`
	`79`	`+ // Privilege to Create warehouse`
	`80`	`+ CreateWarehouse = 1 << 21,`
`79`	`81`	`// Discard Privilege Type`
`80`	`82`	`Set = 1 << 4,`
`81`	`83`	`}`
`@@ -102,6 +104,7 @@ const ALL_PRIVILEGES: BitFlags<UserPrivilegeType> = make_bitflags!(`
`102`	`104`	`\| Read`
`103`	`105`	`\| Write`
`104`	`106`	`\| CreateDatabase`
	`107`	`+ \| CreateWarehouse`
`105`	`108`	`}`
`106`	`109`	`);`
`107`	`110`
`@@ -129,6 +132,7 @@ impl Display for UserPrivilegeType {`
`129`	`132`	`UserPrivilegeType::Read => "Read",`
`130`	`133`	`UserPrivilegeType::Write => "Write",`
`131`	`134`	`UserPrivilegeType::CreateDatabase => "CREATE DATABASE",`
	`135`	`+ UserPrivilegeType::CreateWarehouse => "CREATE WAREHOUSE",`
`132`	`136`	`})`
`133`	`137`	`}`
`134`	`138`	`}`
`@@ -166,6 +170,9 @@ impl From<databend_common_ast::ast::UserPrivilegeType> for UserPrivilegeType {`
`166`	`170`	`databend_common_ast::ast::UserPrivilegeType::CreateDatabase => {`
`167`	`171`	`UserPrivilegeType::CreateDatabase`
`168`	`172`	`}`
	`173`	`+ databend_common_ast::ast::UserPrivilegeType::CreateWarehouse => {`
	`174`	`+ UserPrivilegeType::CreateWarehouse`
	`175`	`+ }`
`169`	`176`	`databend_common_ast::ast::UserPrivilegeType::Set => UserPrivilegeType::Set,`
`170`	`177`	`}`
`171`	`178`	`}`
`@@ -199,8 +206,8 @@ impl UserPrivilegeSet {`
`199`	`206`	`let database_privs = Self::available_privileges_on_database(false);`
`200`	`207`	`let stage_privs_without_ownership = Self::available_privileges_on_stage(false);`
`201`	`208`	`let udf_privs_without_ownership = Self::available_privileges_on_udf(false);`
`202`		`- let wh_privs_without_ownership = Self::available_privileges_on_warehouse();`
`203`		`- let privs = make_bitflags!(UserPrivilegeType::{ Usage \| Super \| CreateUser \| DropUser \| CreateRole \| DropRole \| CreateDatabase \| Grant \| CreateDataMask });`
	`209`	`+ let wh_privs_without_ownership = Self::available_privileges_on_warehouse(false);`
	`210`	`+ let privs = make_bitflags!(UserPrivilegeType::{ Usage \| Super \| CreateUser \| DropUser \| CreateRole \| DropRole \| CreateDatabase \| Grant \| CreateDataMask \| CreateWarehouse });`
`204`	`211`	`(database_privs.privileges`
`205`	`212`	`\| privs`
`206`	`213`	`\| stage_privs_without_ownership.privileges`
`@@ -234,8 +241,12 @@ impl UserPrivilegeSet {`
`234`	`241`	`}`
`235`	`242`	`}`
`236`	`243`
`237`		`- pub fn available_privileges_on_warehouse() -> Self {`
`238`		`- make_bitflags!(UserPrivilegeType::{ Usage }).into()`
	`244`	`+ pub fn available_privileges_on_warehouse(available_ownership: bool) -> Self {`
	`245`	`+ if available_ownership {`
	`246`	`+ make_bitflags!(UserPrivilegeType::{ Usage \| Ownership }).into()`
	`247`	`+ } else {`
	`248`	`+ make_bitflags!(UserPrivilegeType::{ Usage }).into()`
	`249`	`+ }`
`239`	`250`	`}`
`240`	`251`
`241`	`252`	`pub fn available_privileges_on_udf(available_ownership: bool) -> Self {`
Original file line number	Diff line number	Diff line change
`@@ -46,10 +46,15 @@ message OwnershipObject {`
`46`	`46`	`string stage = 1;`
`47`	`47`	`}`
`48`	`48`
	`49`	`+ message OwnershipWarehouseObject {`
	`50`	`+ string uid = 1;`
	`51`	`+ }`
	`52`	`+`
`49`	`53`	`oneof object {`
`50`	`54`	`OwnershipDatabaseObject database = 1;`
`51`	`55`	`OwnershipTableObject table = 2;`
`52`	`56`	`OwnershipUdfObject udf = 3;`
`53`	`57`	`OwnershipStageObject stage = 4;`
	`58`	`+ OwnershipWarehouseObject warehouse = 5;`
`54`	`59`	`}`
`55`	`60`	`}`
Original file line number	Diff line number	Diff line change
`@@ -150,6 +150,8 @@ pub enum UserPrivilegeType {`
`150`	`150`	`Write,`
`151`	`151`	`// Privilege to Create database`
`152`	`152`	`CreateDatabase,`
	`153`	`+ // Privilege to Create warehouse`
	`154`	`+ CreateWarehouse,`
`153`	`155`	`// Discard Privilege Type`
`154`	`156`	`Set,`
`155`	`157`	`}`
`@@ -178,6 +180,7 @@ impl Display for UserPrivilegeType {`
`178`	`180`	`UserPrivilegeType::Read => "Read",`
`179`	`181`	`UserPrivilegeType::Write => "Write",`
`180`	`182`	`UserPrivilegeType::CreateDatabase => "CREATE DATABASE",`
	`183`	`+ UserPrivilegeType::CreateWarehouse => "CREATE WAREHOUSE",`
`181`	`184`	`})`
`182`	`185`	`}`
`183`	`186`	`}`
Original file line number	Diff line number	Diff line change
`@@ -504,6 +504,7 @@ fn convert_to_grant_obj(owner_obj: &OwnershipObject) -> GrantObject {`
`504`	`504`	`} => GrantObject::TableById(catalog_name.to_string(), db_id, table_id),`
`505`	`505`	`OwnershipObject::Stage { name } => GrantObject::Stage(name.to_string()),`
`506`	`506`	`OwnershipObject::UDF { name } => GrantObject::UDF(name.to_string()),`
	`507`	`+ OwnershipObject::Warehouse { uid } => GrantObject::Warehouse(uid.to_string()),`
`507`	`508`	`}`
`508`	`509`	`}`
`509`	`510`