src/ast/dcl.rs - datafusion-sqlparser-rs - Git at Google

 // Licensed to the Apache Software Foundation (ASF) under one
 // or more contributor license agreements.  See the NOTICE file
 // distributed with this work for additional information
 // regarding copyright ownership.  The ASF licenses this file
 // to you under the Apache License, Version 2.0 (the
 // "License"); you may not use this file except in compliance
 // with the License.  You may obtain a copy of the License at
 //
 //   http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing,
 // software distributed under the License is distributed on an
 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.

 //! AST types specific to GRANT/REVOKE/ROLE variants of [`Statement`](crate::ast::Statement)
 //! (commonly referred to as Data Control Language, or DCL)

 #[cfg(not(feature = "std"))]
 use alloc::vec::Vec;
 use core::fmt;

 #[cfg(feature = "serde")]
 use serde::{Deserialize, Serialize};

 #[cfg(feature = "visitor")]
 use sqlparser_derive::{Visit, VisitMut};

 use super::{display_comma_separated, Expr, Ident, Password, Spanned};
 use crate::ast::{
     display_separated, CascadeOption, CurrentGrantsKind, GrantObjects, Grantee, ObjectName,
     Privileges,
 };
 use crate::tokenizer::Span;

 /// An option in `ROLE` statement.
 ///
 /// <https://www.postgresql.org/docs/current/sql-createrole.html>
 #[derive(Debug, Clone, PartialEq, PartialOrd, Eq, Ord, Hash)]
 #[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]
 #[cfg_attr(feature = "visitor", derive(Visit, VisitMut))]
 pub enum RoleOption {
     /// Enable or disable BYPASSRLS.
     BypassRLS(bool),
     /// Connection limit expression.
     ConnectionLimit(Expr),
     /// CREATEDB flag.
     CreateDB(bool),
     /// CREATEROLE flag.
     CreateRole(bool),
     /// INHERIT flag.
     Inherit(bool),
     /// LOGIN flag.
     Login(bool),
     /// Password value or NULL password.
     Password(Password),
     /// Replication privilege flag.
     Replication(bool),
     /// SUPERUSER flag.
     SuperUser(bool),
     /// `VALID UNTIL` expression.
     ValidUntil(Expr),
 }

 impl fmt::Display for RoleOption {
     fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
         match self {
             RoleOption::BypassRLS(value) => {
                 write!(f, "{}", if *value { "BYPASSRLS" } else { "NOBYPASSRLS" })
             }
             RoleOption::ConnectionLimit(expr) => {
                 write!(f, "CONNECTION LIMIT {expr}")
             }
             RoleOption::CreateDB(value) => {
                 write!(f, "{}", if *value { "CREATEDB" } else { "NOCREATEDB" })
             }
             RoleOption::CreateRole(value) => {
                 write!(f, "{}", if *value { "CREATEROLE" } else { "NOCREATEROLE" })
             }
             RoleOption::Inherit(value) => {
                 write!(f, "{}", if *value { "INHERIT" } else { "NOINHERIT" })
             }
             RoleOption::Login(value) => {
                 write!(f, "{}", if *value { "LOGIN" } else { "NOLOGIN" })
             }
             RoleOption::Password(password) => match password {
                 Password::Password(expr) => write!(f, "PASSWORD {expr}"),
                 Password::NullPassword => write!(f, "PASSWORD NULL"),
             },
             RoleOption::Replication(value) => {
                 write!(
                     f,
                     "{}",
                     if *value {
                         "REPLICATION"
                     } else {
                         "NOREPLICATION"
                     }
                 )
             }
             RoleOption::SuperUser(value) => {
                 write!(f, "{}", if *value { "SUPERUSER" } else { "NOSUPERUSER" })
             }
             RoleOption::ValidUntil(expr) => {
                 write!(f, "VALID UNTIL {expr}")
             }
         }
     }
 }

 /// SET config value option:
 /// * SET `configuration_parameter` { TO | = } { `value` | DEFAULT }
 /// * SET `configuration_parameter` FROM CURRENT
 #[derive(Debug, Clone, PartialEq, PartialOrd, Eq, Ord, Hash)]
 #[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]
 #[cfg_attr(feature = "visitor", derive(Visit, VisitMut))]
 pub enum SetConfigValue {
     /// Use the default value.
     Default,
     /// Use the current value (`FROM CURRENT`).
     FromCurrent,
     /// Set to the provided expression value.
     Value(Expr),
 }

 /// RESET config option:
 /// * RESET `configuration_parameter`
 /// * RESET ALL
 #[derive(Debug, Clone, PartialEq, PartialOrd, Eq, Ord, Hash)]
 #[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]
 #[cfg_attr(feature = "visitor", derive(Visit, VisitMut))]
 pub enum ResetConfig {
     /// Reset all configuration parameters.
     ALL,
     /// Reset the named configuration parameter.
     ConfigName(ObjectName),
 }

 /// An `ALTER ROLE` (`Statement::AlterRole`) operation
 #[derive(Debug, Clone, PartialEq, PartialOrd, Eq, Ord, Hash)]
 #[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]
 #[cfg_attr(feature = "visitor", derive(Visit, VisitMut))]
 pub enum AlterRoleOperation {
     /// Generic
     RenameRole {
         /// Role name to rename.
         role_name: Ident,
     },
     /// MS SQL Server
     /// <https://learn.microsoft.com/en-us/sql/t-sql/statements/alter-role-transact-sql>
     AddMember {
         /// Member name to add to the role.
         member_name: Ident,
     },
     /// MS SQL Server
     ///
     /// <https://learn.microsoft.com/en-us/sql/t-sql/statements/alter-role-transact-sql>
     DropMember {
         /// Member name to remove from the role.
         member_name: Ident,
     },
     /// PostgreSQL
     /// <https://www.postgresql.org/docs/current/sql-alterrole.html>
     WithOptions {
         /// Role options to apply.
         options: Vec<RoleOption>,
     },
     /// PostgreSQL
     /// <https://www.postgresql.org/docs/current/sql-alterrole.html>
     ///
     /// `SET configuration_parameter { TO | = } { value | DEFAULT }`
     Set {
         /// Configuration name to set.
         config_name: ObjectName,
         /// Value to assign to the configuration.
         config_value: SetConfigValue,
         /// Optional database scope for the setting.
         in_database: Option<ObjectName>,
     },
     /// PostgreSQL
     /// <https://www.postgresql.org/docs/current/sql-alterrole.html>
     ///
     /// `RESET configuration_parameter` | `RESET ALL`
     Reset {
         /// Configuration to reset.
         config_name: ResetConfig,
         /// Optional database scope for the reset.
         in_database: Option<ObjectName>,
     },
 }

 impl fmt::Display for AlterRoleOperation {
     fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
         match self {
             AlterRoleOperation::RenameRole { role_name } => {
                 write!(f, "RENAME TO {role_name}")
             }
             AlterRoleOperation::AddMember { member_name } => {
                 write!(f, "ADD MEMBER {member_name}")
             }
             AlterRoleOperation::DropMember { member_name } => {
                 write!(f, "DROP MEMBER {member_name}")
             }
             AlterRoleOperation::WithOptions { options } => {
                 write!(f, "WITH {}", display_separated(options, " "))
             }
             AlterRoleOperation::Set {
                 config_name,
                 config_value,
                 in_database,
             } => {
                 if let Some(database_name) = in_database {
                     write!(f, "IN DATABASE {database_name} ")?;
                 }

                 match config_value {
                     SetConfigValue::Default => write!(f, "SET {config_name} TO DEFAULT"),
                     SetConfigValue::FromCurrent => write!(f, "SET {config_name} FROM CURRENT"),
                     SetConfigValue::Value(expr) => write!(f, "SET {config_name} TO {expr}"),
                 }
             }
             AlterRoleOperation::Reset {
                 config_name,
                 in_database,
             } => {
                 if let Some(database_name) = in_database {
                     write!(f, "IN DATABASE {database_name} ")?;
                 }

                 match config_name {
                     ResetConfig::ALL => write!(f, "RESET ALL"),
                     ResetConfig::ConfigName(name) => write!(f, "RESET {name}"),
                 }
             }
         }
     }
 }

 /// A `USE` (`Statement::Use`) operation
 #[derive(Debug, Clone, PartialEq, PartialOrd, Eq, Ord, Hash)]
 #[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]
 #[cfg_attr(feature = "visitor", derive(Visit, VisitMut))]
 pub enum Use {
     /// Switch to the given catalog (e.g. `USE CATALOG ...`).
     Catalog(ObjectName),
     /// Switch to the given schema (e.g. `USE SCHEMA ...`).
     Schema(ObjectName),
     /// Switch to the given database (e.g. `USE DATABASE ...`).
     Database(ObjectName),
     /// Switch to the given warehouse (e.g. `USE WAREHOUSE ...`).
     Warehouse(ObjectName),
     /// Switch to the given role (e.g. `USE ROLE ...`).
     Role(ObjectName),
     /// Use secondary roles specification (e.g. `USE SECONDARY ROLES ...`).
     SecondaryRoles(SecondaryRoles),
     /// Use the specified object (e.g. `USE foo.bar`).
     Object(ObjectName),
     /// Reset to default (e.g. `USE DEFAULT`).
     Default,
 }

 impl fmt::Display for Use {
     fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
         f.write_str("USE ")?;
         match self {
             Use::Catalog(name) => write!(f, "CATALOG {name}"),
             Use::Schema(name) => write!(f, "SCHEMA {name}"),
             Use::Database(name) => write!(f, "DATABASE {name}"),
             Use::Warehouse(name) => write!(f, "WAREHOUSE {name}"),
             Use::Role(name) => write!(f, "ROLE {name}"),
             Use::SecondaryRoles(secondary_roles) => {
                 write!(f, "SECONDARY ROLES {secondary_roles}")
             }
             Use::Object(name) => write!(f, "{name}"),
             Use::Default => write!(f, "DEFAULT"),
         }
     }
 }

 /// Snowflake `SECONDARY ROLES` USE variant
 /// See: <https://docs.snowflake.com/en/sql-reference/sql/use-secondary-roles>
 #[derive(Debug, Clone, PartialEq, PartialOrd, Eq, Ord, Hash)]
 #[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]
 #[cfg_attr(feature = "visitor", derive(Visit, VisitMut))]
 pub enum SecondaryRoles {
     /// Use all secondary roles.
     All,
     /// Use no secondary roles.
     None,
     /// Explicit list of secondary roles.
     List(Vec<Ident>),
 }

 impl fmt::Display for SecondaryRoles {
     fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
         match self {
             SecondaryRoles::All => write!(f, "ALL"),
             SecondaryRoles::None => write!(f, "NONE"),
             SecondaryRoles::List(roles) => write!(f, "{}", display_comma_separated(roles)),
         }
     }
 }

 /// CREATE ROLE statement
 /// See [PostgreSQL](https://www.postgresql.org/docs/current/sql-createrole.html)
 #[derive(Debug, Clone, PartialEq, PartialOrd, Eq, Ord, Hash)]
 #[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]
 #[cfg_attr(feature = "visitor", derive(Visit, VisitMut))]
 pub struct CreateRole {
     /// Role names to create.
     pub names: Vec<ObjectName>,
     /// Whether `IF NOT EXISTS` was specified.
     pub if_not_exists: bool,
     // Postgres
     /// Whether `LOGIN` was specified.
     pub login: Option<bool>,
     /// Whether `INHERIT` was specified.
     pub inherit: Option<bool>,
     /// Whether `BYPASSRLS` was specified.
     pub bypassrls: Option<bool>,
     /// Optional password for the role.
     pub password: Option<Password>,
     /// Whether `SUPERUSER` was specified.
     pub superuser: Option<bool>,
     /// Whether `CREATEDB` was specified.
     pub create_db: Option<bool>,
     /// Whether `CREATEROLE` was specified.
     pub create_role: Option<bool>,
     /// Whether `REPLICATION` privilege was specified.
     pub replication: Option<bool>,
     /// Optional connection limit expression.
     pub connection_limit: Option<Expr>,
     /// Optional account validity expression.
     pub valid_until: Option<Expr>,
     /// Members of `IN ROLE` clause.
     pub in_role: Vec<Ident>,
     /// Members of `IN GROUP` clause.
     pub in_group: Vec<Ident>,
     /// Roles listed in `ROLE` clause.
     pub role: Vec<Ident>,
     /// Users listed in `USER` clause.
     pub user: Vec<Ident>,
     /// Admin users listed in `ADMIN` clause.
     pub admin: Vec<Ident>,
     // MSSQL
     /// Optional authorization owner.
     pub authorization_owner: Option<ObjectName>,
 }

 impl fmt::Display for CreateRole {
     fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
         write!(
             f,
             "CREATE ROLE {if_not_exists}{names}{superuser}{create_db}{create_role}{inherit}{login}{replication}{bypassrls}",
             if_not_exists = if self.if_not_exists { "IF NOT EXISTS " } else { "" },
             names = display_separated(&self.names, ", "),
             superuser = match self.superuser {
                 Some(true) => " SUPERUSER",
                 Some(false) => " NOSUPERUSER",
                 None => ""
             },
             create_db = match self.create_db {
                 Some(true) => " CREATEDB",
                 Some(false) => " NOCREATEDB",
                 None => ""
             },
             create_role = match self.create_role {
                 Some(true) => " CREATEROLE",
                 Some(false) => " NOCREATEROLE",
                 None => ""
             },
             inherit = match self.inherit {
                 Some(true) => " INHERIT",
                 Some(false) => " NOINHERIT",
                 None => ""
             },
             login = match self.login {
                 Some(true) => " LOGIN",
                 Some(false) => " NOLOGIN",
                 None => ""
             },
             replication = match self.replication {
                 Some(true) => " REPLICATION",
                 Some(false) => " NOREPLICATION",
                 None => ""
             },
             bypassrls = match self.bypassrls {
                 Some(true) => " BYPASSRLS",
                 Some(false) => " NOBYPASSRLS",
                 None => ""
             }
         )?;
         if let Some(limit) = &self.connection_limit {
             write!(f, " CONNECTION LIMIT {limit}")?;
         }
         match &self.password {
             Some(Password::Password(pass)) => write!(f, " PASSWORD {pass}")?,
             Some(Password::NullPassword) => write!(f, " PASSWORD NULL")?,
             None => {}
         };
         if let Some(until) = &self.valid_until {
             write!(f, " VALID UNTIL {until}")?;
         }
         if !self.in_role.is_empty() {
             write!(f, " IN ROLE {}", display_comma_separated(&self.in_role))?;
         }
         if !self.in_group.is_empty() {
             write!(f, " IN GROUP {}", display_comma_separated(&self.in_group))?;
         }
         if !self.role.is_empty() {
             write!(f, " ROLE {}", display_comma_separated(&self.role))?;
         }
         if !self.user.is_empty() {
             write!(f, " USER {}", display_comma_separated(&self.user))?;
         }
         if !self.admin.is_empty() {
             write!(f, " ADMIN {}", display_comma_separated(&self.admin))?;
         }
         if let Some(owner) = &self.authorization_owner {
             write!(f, " AUTHORIZATION {owner}")?;
         }
         Ok(())
     }
 }

 impl Spanned for CreateRole {
     fn span(&self) -> Span {
         Span::empty()
     }
 }

 /// GRANT privileges ON objects TO grantees
 #[derive(Debug, Clone, PartialEq, PartialOrd, Eq, Ord, Hash)]
 #[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]
 #[cfg_attr(feature = "visitor", derive(Visit, VisitMut))]
 pub struct Grant {
     /// Privileges being granted.
     pub privileges: Privileges,
     /// Optional objects the privileges apply to.
     pub objects: Option<GrantObjects>,
     /// List of grantees receiving the privileges.
     pub grantees: Vec<Grantee>,
     /// Whether `WITH GRANT OPTION` is present.
     pub with_grant_option: bool,
     /// Optional `AS GRANTOR` identifier.
     pub as_grantor: Option<Ident>,
     /// Optional `GRANTED BY` identifier.
     ///
     /// [BigQuery](https://cloud.google.com/bigquery/docs/reference/standard-sql/dcl-statements)
     pub granted_by: Option<Ident>,
     /// Optional `CURRENT GRANTS` modifier.
     ///
     /// [Snowflake](https://docs.snowflake.com/en/sql-reference/sql/grant-privilege)
     pub current_grants: Option<CurrentGrantsKind>,
 }

 impl fmt::Display for Grant {
     fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
         write!(f, "GRANT {privileges}", privileges = self.privileges)?;
         if let Some(ref objects) = self.objects {
             write!(f, " ON {objects}")?;
         }
         write!(f, " TO {}", display_comma_separated(&self.grantees))?;
         if let Some(ref current_grants) = self.current_grants {
             write!(f, " {current_grants}")?;
         }
         if self.with_grant_option {
             write!(f, " WITH GRANT OPTION")?;
         }
         if let Some(ref as_grantor) = self.as_grantor {
             write!(f, " AS {as_grantor}")?;
         }
         if let Some(ref granted_by) = self.granted_by {
             write!(f, " GRANTED BY {granted_by}")?;
         }
         Ok(())
     }
 }

 impl From<Grant> for crate::ast::Statement {
     fn from(v: Grant) -> Self {
         crate::ast::Statement::Grant(v)
     }
 }

 /// REVOKE privileges ON objects FROM grantees
 #[derive(Debug, Clone, PartialEq, PartialOrd, Eq, Ord, Hash)]
 #[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]
 #[cfg_attr(feature = "visitor", derive(Visit, VisitMut))]
 pub struct Revoke {
     /// Privileges to revoke.
     pub privileges: Privileges,
     /// Optional objects from which to revoke.
     pub objects: Option<GrantObjects>,
     /// Grantees affected by the revoke.
     pub grantees: Vec<Grantee>,
     /// Optional `GRANTED BY` identifier.
     ///
     /// [BigQuery](https://cloud.google.com/bigquery/docs/reference/standard-sql/dcl-statements)
     pub granted_by: Option<Ident>,
     /// Optional `CASCADE`/`RESTRICT` behavior.
     pub cascade: Option<CascadeOption>,
 }

 impl fmt::Display for Revoke {
     fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
         write!(f, "REVOKE {privileges}", privileges = self.privileges)?;
         if let Some(ref objects) = self.objects {
             write!(f, " ON {objects}")?;
         }
         write!(f, " FROM {}", display_comma_separated(&self.grantees))?;
         if let Some(ref granted_by) = self.granted_by {
             write!(f, " GRANTED BY {granted_by}")?;
         }
         if let Some(ref cascade) = self.cascade {
             write!(f, " {cascade}")?;
         }
         Ok(())
     }
 }

 impl From<Revoke> for crate::ast::Statement {
     fn from(v: Revoke) -> Self {
         crate::ast::Statement::Revoke(v)
     }
 }
	// Licensed to the Apache Software Foundation (ASF) under one
	// or more contributor license agreements. See the NOTICE file
	// distributed with this work for additional information
	// regarding copyright ownership. The ASF licenses this file
	// to you under the Apache License, Version 2.0 (the
	// "License"); you may not use this file except in compliance
	// with the License. You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing,
	// software distributed under the License is distributed on an
	// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	// KIND, either express or implied. See the License for the
	// specific language governing permissions and limitations
	// under the License.

	//! AST types specific to GRANT/REVOKE/ROLE variants of [`Statement`](crate::ast::Statement)
	//! (commonly referred to as Data Control Language, or DCL)

	#[cfg(not(feature = "std"))]
	use alloc::vec::Vec;
	use core::fmt;

	#[cfg(feature = "serde")]
	use serde::{Deserialize, Serialize};

	#[cfg(feature = "visitor")]
	use sqlparser_derive::{Visit, VisitMut};

	use super::{display_comma_separated, Expr, Ident, Password, Spanned};
	use crate::ast::{
	display_separated, CascadeOption, CurrentGrantsKind, GrantObjects, Grantee, ObjectName,
	Privileges,
	};
	use crate::tokenizer::Span;

	/// An option in `ROLE` statement.
	///
	/// <https://www.postgresql.org/docs/current/sql-createrole.html>
	#[derive(Debug, Clone, PartialEq, PartialOrd, Eq, Ord, Hash)]
	#[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]
	#[cfg_attr(feature = "visitor", derive(Visit, VisitMut))]
	pub enum RoleOption {
	/// Enable or disable BYPASSRLS.
	BypassRLS(bool),
	/// Connection limit expression.
	ConnectionLimit(Expr),
	/// CREATEDB flag.
	CreateDB(bool),
	/// CREATEROLE flag.
	CreateRole(bool),
	/// INHERIT flag.
	Inherit(bool),
	/// LOGIN flag.
	Login(bool),
	/// Password value or NULL password.
	Password(Password),
	/// Replication privilege flag.
	Replication(bool),
	/// SUPERUSER flag.
	SuperUser(bool),
	/// `VALID UNTIL` expression.
	ValidUntil(Expr),
	}

	impl fmt::Display for RoleOption {
	fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
	match self {
	RoleOption::BypassRLS(value) => {
	write!(f, "{}", if *value { "BYPASSRLS" } else { "NOBYPASSRLS" })
	}
	RoleOption::ConnectionLimit(expr) => {
	write!(f, "CONNECTION LIMIT {expr}")
	}
	RoleOption::CreateDB(value) => {
	write!(f, "{}", if *value { "CREATEDB" } else { "NOCREATEDB" })
	}
	RoleOption::CreateRole(value) => {
	write!(f, "{}", if *value { "CREATEROLE" } else { "NOCREATEROLE" })
	}
	RoleOption::Inherit(value) => {
	write!(f, "{}", if *value { "INHERIT" } else { "NOINHERIT" })
	}
	RoleOption::Login(value) => {
	write!(f, "{}", if *value { "LOGIN" } else { "NOLOGIN" })
	}
	RoleOption::Password(password) => match password {
	Password::Password(expr) => write!(f, "PASSWORD {expr}"),
	Password::NullPassword => write!(f, "PASSWORD NULL"),
	},
	RoleOption::Replication(value) => {
	write!(
	f,
	"{}",
	if *value {
	"REPLICATION"
	} else {
	"NOREPLICATION"
	}
	)
	}
	RoleOption::SuperUser(value) => {
	write!(f, "{}", if *value { "SUPERUSER" } else { "NOSUPERUSER" })
	}
	RoleOption::ValidUntil(expr) => {
	write!(f, "VALID UNTIL {expr}")
	}
	}
	}
	}

	/// SET config value option:
	/// * SET `configuration_parameter` { TO \| = } { `value` \| DEFAULT }
	/// * SET `configuration_parameter` FROM CURRENT
	#[derive(Debug, Clone, PartialEq, PartialOrd, Eq, Ord, Hash)]
	#[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]
	#[cfg_attr(feature = "visitor", derive(Visit, VisitMut))]
	pub enum SetConfigValue {
	/// Use the default value.
	Default,
	/// Use the current value (`FROM CURRENT`).
	FromCurrent,
	/// Set to the provided expression value.
	Value(Expr),
	}

	/// RESET config option:
	/// * RESET `configuration_parameter`
	/// * RESET ALL
	#[derive(Debug, Clone, PartialEq, PartialOrd, Eq, Ord, Hash)]
	#[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]
	#[cfg_attr(feature = "visitor", derive(Visit, VisitMut))]
	pub enum ResetConfig {
	/// Reset all configuration parameters.
	ALL,
	/// Reset the named configuration parameter.
	ConfigName(ObjectName),
	}

	/// An `ALTER ROLE` (`Statement::AlterRole`) operation
	#[derive(Debug, Clone, PartialEq, PartialOrd, Eq, Ord, Hash)]
	#[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]
	#[cfg_attr(feature = "visitor", derive(Visit, VisitMut))]
	pub enum AlterRoleOperation {
	/// Generic
	RenameRole {
	/// Role name to rename.
	role_name: Ident,
	},
	/// MS SQL Server
	/// <https://learn.microsoft.com/en-us/sql/t-sql/statements/alter-role-transact-sql>
	AddMember {
	/// Member name to add to the role.
	member_name: Ident,
	},
	/// MS SQL Server
	///
	/// <https://learn.microsoft.com/en-us/sql/t-sql/statements/alter-role-transact-sql>
	DropMember {
	/// Member name to remove from the role.
	member_name: Ident,
	},
	/// PostgreSQL
	/// <https://www.postgresql.org/docs/current/sql-alterrole.html>
	WithOptions {
	/// Role options to apply.
	options: Vec<RoleOption>,
	},
	/// PostgreSQL
	/// <https://www.postgresql.org/docs/current/sql-alterrole.html>
	///
	/// `SET configuration_parameter { TO \| = } { value \| DEFAULT }`
	Set {
	/// Configuration name to set.
	config_name: ObjectName,
	/// Value to assign to the configuration.
	config_value: SetConfigValue,
	/// Optional database scope for the setting.
	in_database: Option<ObjectName>,
	},
	/// PostgreSQL
	/// <https://www.postgresql.org/docs/current/sql-alterrole.html>
	///
	/// `RESET configuration_parameter` \| `RESET ALL`
	Reset {
	/// Configuration to reset.
	config_name: ResetConfig,
	/// Optional database scope for the reset.
	in_database: Option<ObjectName>,
	},
	}

	impl fmt::Display for AlterRoleOperation {
	fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
	match self {
	AlterRoleOperation::RenameRole { role_name } => {
	write!(f, "RENAME TO {role_name}")
	}
	AlterRoleOperation::AddMember { member_name } => {
	write!(f, "ADD MEMBER {member_name}")
	}
	AlterRoleOperation::DropMember { member_name } => {
	write!(f, "DROP MEMBER {member_name}")
	}
	AlterRoleOperation::WithOptions { options } => {
	write!(f, "WITH {}", display_separated(options, " "))
	}
	AlterRoleOperation::Set {
	config_name,
	config_value,
	in_database,
	} => {
	if let Some(database_name) = in_database {
	write!(f, "IN DATABASE {database_name} ")?;
	}

	match config_value {
	SetConfigValue::Default => write!(f, "SET {config_name} TO DEFAULT"),
	SetConfigValue::FromCurrent => write!(f, "SET {config_name} FROM CURRENT"),
	SetConfigValue::Value(expr) => write!(f, "SET {config_name} TO {expr}"),
	}
	}
	AlterRoleOperation::Reset {
	config_name,
	in_database,
	} => {
	if let Some(database_name) = in_database {
	write!(f, "IN DATABASE {database_name} ")?;
	}

	match config_name {
	ResetConfig::ALL => write!(f, "RESET ALL"),
	ResetConfig::ConfigName(name) => write!(f, "RESET {name}"),
	}
	}
	}
	}
	}

	/// A `USE` (`Statement::Use`) operation
	#[derive(Debug, Clone, PartialEq, PartialOrd, Eq, Ord, Hash)]
	#[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]
	#[cfg_attr(feature = "visitor", derive(Visit, VisitMut))]
	pub enum Use {
	/// Switch to the given catalog (e.g. `USE CATALOG ...`).
	Catalog(ObjectName),
	/// Switch to the given schema (e.g. `USE SCHEMA ...`).
	Schema(ObjectName),
	/// Switch to the given database (e.g. `USE DATABASE ...`).
	Database(ObjectName),
	/// Switch to the given warehouse (e.g. `USE WAREHOUSE ...`).
	Warehouse(ObjectName),
	/// Switch to the given role (e.g. `USE ROLE ...`).
	Role(ObjectName),
	/// Use secondary roles specification (e.g. `USE SECONDARY ROLES ...`).
	SecondaryRoles(SecondaryRoles),
	/// Use the specified object (e.g. `USE foo.bar`).
	Object(ObjectName),
	/// Reset to default (e.g. `USE DEFAULT`).
	Default,
	}

	impl fmt::Display for Use {
	fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
	f.write_str("USE ")?;
	match self {
	Use::Catalog(name) => write!(f, "CATALOG {name}"),
	Use::Schema(name) => write!(f, "SCHEMA {name}"),
	Use::Database(name) => write!(f, "DATABASE {name}"),
	Use::Warehouse(name) => write!(f, "WAREHOUSE {name}"),
	Use::Role(name) => write!(f, "ROLE {name}"),
	Use::SecondaryRoles(secondary_roles) => {
	write!(f, "SECONDARY ROLES {secondary_roles}")
	}
	Use::Object(name) => write!(f, "{name}"),
	Use::Default => write!(f, "DEFAULT"),
	}
	}
	}

	/// Snowflake `SECONDARY ROLES` USE variant
	/// See: <https://docs.snowflake.com/en/sql-reference/sql/use-secondary-roles>
	#[derive(Debug, Clone, PartialEq, PartialOrd, Eq, Ord, Hash)]
	#[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]
	#[cfg_attr(feature = "visitor", derive(Visit, VisitMut))]
	pub enum SecondaryRoles {
	/// Use all secondary roles.
	All,
	/// Use no secondary roles.
	None,
	/// Explicit list of secondary roles.
	List(Vec<Ident>),
	}

	impl fmt::Display for SecondaryRoles {
	fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
	match self {
	SecondaryRoles::All => write!(f, "ALL"),
	SecondaryRoles::None => write!(f, "NONE"),
	SecondaryRoles::List(roles) => write!(f, "{}", display_comma_separated(roles)),
	}
	}
	}

	/// CREATE ROLE statement
	/// See [PostgreSQL](https://www.postgresql.org/docs/current/sql-createrole.html)
	#[derive(Debug, Clone, PartialEq, PartialOrd, Eq, Ord, Hash)]
	#[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]
	#[cfg_attr(feature = "visitor", derive(Visit, VisitMut))]
	pub struct CreateRole {
	/// Role names to create.
	pub names: Vec<ObjectName>,
	/// Whether `IF NOT EXISTS` was specified.
	pub if_not_exists: bool,
	// Postgres
	/// Whether `LOGIN` was specified.
	pub login: Option<bool>,
	/// Whether `INHERIT` was specified.
	pub inherit: Option<bool>,
	/// Whether `BYPASSRLS` was specified.
	pub bypassrls: Option<bool>,
	/// Optional password for the role.
	pub password: Option<Password>,
	/// Whether `SUPERUSER` was specified.
	pub superuser: Option<bool>,
	/// Whether `CREATEDB` was specified.
	pub create_db: Option<bool>,
	/// Whether `CREATEROLE` was specified.
	pub create_role: Option<bool>,
	/// Whether `REPLICATION` privilege was specified.
	pub replication: Option<bool>,
	/// Optional connection limit expression.
	pub connection_limit: Option<Expr>,
	/// Optional account validity expression.
	pub valid_until: Option<Expr>,
	/// Members of `IN ROLE` clause.
	pub in_role: Vec<Ident>,
	/// Members of `IN GROUP` clause.
	pub in_group: Vec<Ident>,
	/// Roles listed in `ROLE` clause.
	pub role: Vec<Ident>,
	/// Users listed in `USER` clause.
	pub user: Vec<Ident>,
	/// Admin users listed in `ADMIN` clause.
	pub admin: Vec<Ident>,
	// MSSQL
	/// Optional authorization owner.
	pub authorization_owner: Option<ObjectName>,
	}

	impl fmt::Display for CreateRole {
	fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
	write!(
	f,
	"CREATE ROLE {if_not_exists}{names}{superuser}{create_db}{create_role}{inherit}{login}{replication}{bypassrls}",
	if_not_exists = if self.if_not_exists { "IF NOT EXISTS " } else { "" },
	names = display_separated(&self.names, ", "),
	superuser = match self.superuser {
	Some(true) => " SUPERUSER",
	Some(false) => " NOSUPERUSER",
	None => ""
	},
	create_db = match self.create_db {
	Some(true) => " CREATEDB",
	Some(false) => " NOCREATEDB",
	None => ""
	},
	create_role = match self.create_role {
	Some(true) => " CREATEROLE",
	Some(false) => " NOCREATEROLE",
	None => ""
	},
	inherit = match self.inherit {
	Some(true) => " INHERIT",
	Some(false) => " NOINHERIT",
	None => ""
	},
	login = match self.login {
	Some(true) => " LOGIN",
	Some(false) => " NOLOGIN",
	None => ""
	},
	replication = match self.replication {
	Some(true) => " REPLICATION",
	Some(false) => " NOREPLICATION",
	None => ""
	},
	bypassrls = match self.bypassrls {
	Some(true) => " BYPASSRLS",
	Some(false) => " NOBYPASSRLS",
	None => ""
	}
	)?;
	if let Some(limit) = &self.connection_limit {
	write!(f, " CONNECTION LIMIT {limit}")?;
	}
	match &self.password {
	Some(Password::Password(pass)) => write!(f, " PASSWORD {pass}")?,
	Some(Password::NullPassword) => write!(f, " PASSWORD NULL")?,
	None => {}
	};
	if let Some(until) = &self.valid_until {
	write!(f, " VALID UNTIL {until}")?;
	}
	if !self.in_role.is_empty() {
	write!(f, " IN ROLE {}", display_comma_separated(&self.in_role))?;
	}
	if !self.in_group.is_empty() {
	write!(f, " IN GROUP {}", display_comma_separated(&self.in_group))?;
	}
	if !self.role.is_empty() {
	write!(f, " ROLE {}", display_comma_separated(&self.role))?;
	}
	if !self.user.is_empty() {
	write!(f, " USER {}", display_comma_separated(&self.user))?;
	}
	if !self.admin.is_empty() {
	write!(f, " ADMIN {}", display_comma_separated(&self.admin))?;
	}
	if let Some(owner) = &self.authorization_owner {
	write!(f, " AUTHORIZATION {owner}")?;
	}
	Ok(())
	}
	}

	impl Spanned for CreateRole {
	fn span(&self) -> Span {
	Span::empty()
	}
	}

	/// GRANT privileges ON objects TO grantees
	#[derive(Debug, Clone, PartialEq, PartialOrd, Eq, Ord, Hash)]
	#[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]
	#[cfg_attr(feature = "visitor", derive(Visit, VisitMut))]
	pub struct Grant {
	/// Privileges being granted.
	pub privileges: Privileges,
	/// Optional objects the privileges apply to.
	pub objects: Option<GrantObjects>,
	/// List of grantees receiving the privileges.
	pub grantees: Vec<Grantee>,
	/// Whether `WITH GRANT OPTION` is present.
	pub with_grant_option: bool,
	/// Optional `AS GRANTOR` identifier.
	pub as_grantor: Option<Ident>,
	/// Optional `GRANTED BY` identifier.
	///
	/// [BigQuery](https://cloud.google.com/bigquery/docs/reference/standard-sql/dcl-statements)
	pub granted_by: Option<Ident>,
	/// Optional `CURRENT GRANTS` modifier.
	///
	/// [Snowflake](https://docs.snowflake.com/en/sql-reference/sql/grant-privilege)
	pub current_grants: Option<CurrentGrantsKind>,
	}

	impl fmt::Display for Grant {
	fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
	write!(f, "GRANT {privileges}", privileges = self.privileges)?;
	if let Some(ref objects) = self.objects {
	write!(f, " ON {objects}")?;
	}
	write!(f, " TO {}", display_comma_separated(&self.grantees))?;
	if let Some(ref current_grants) = self.current_grants {
	write!(f, " {current_grants}")?;
	}
	if self.with_grant_option {
	write!(f, " WITH GRANT OPTION")?;
	}
	if let Some(ref as_grantor) = self.as_grantor {
	write!(f, " AS {as_grantor}")?;
	}
	if let Some(ref granted_by) = self.granted_by {
	write!(f, " GRANTED BY {granted_by}")?;
	}
	Ok(())
	}
	}

	impl From<Grant> for crate::ast::Statement {
	fn from(v: Grant) -> Self {
	crate::ast::Statement::Grant(v)
	}
	}

	/// REVOKE privileges ON objects FROM grantees
	#[derive(Debug, Clone, PartialEq, PartialOrd, Eq, Ord, Hash)]
	#[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]
	#[cfg_attr(feature = "visitor", derive(Visit, VisitMut))]
	pub struct Revoke {
	/// Privileges to revoke.
	pub privileges: Privileges,
	/// Optional objects from which to revoke.
	pub objects: Option<GrantObjects>,
	/// Grantees affected by the revoke.
	pub grantees: Vec<Grantee>,
	/// Optional `GRANTED BY` identifier.
	///
	/// [BigQuery](https://cloud.google.com/bigquery/docs/reference/standard-sql/dcl-statements)
	pub granted_by: Option<Ident>,
	/// Optional `CASCADE`/`RESTRICT` behavior.
	pub cascade: Option<CascadeOption>,
	}

	impl fmt::Display for Revoke {
	fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
	write!(f, "REVOKE {privileges}", privileges = self.privileges)?;
	if let Some(ref objects) = self.objects {
	write!(f, " ON {objects}")?;
	}
	write!(f, " FROM {}", display_comma_separated(&self.grantees))?;
	if let Some(ref granted_by) = self.granted_by {
	write!(f, " GRANTED BY {granted_by}")?;
	}
	if let Some(ref cascade) = self.cascade {
	write!(f, " {cascade}")?;
	}
	Ok(())
	}
	}

	impl From<Revoke> for crate::ast::Statement {
	fn from(v: Revoke) -> Self {
	crate::ast::Statement::Revoke(v)
	}
	}