codenotary
diff --git a/‎embedded/sql/engine.go‎
Lines changed: 1 addition & 5 deletions b/‎embedded/sql/engine.go‎
Lines changed: 1 addition & 5 deletions
diff --git a/‎embedded/sql/stmt.go‎
Lines changed: 19 additions & 1 deletion b/‎embedded/sql/stmt.go‎
Lines changed: 19 additions & 1 deletion
diff --git a/‎pkg/api/schema/docs.md‎
Lines changed: 18 additions & 20 deletions b/‎pkg/api/schema/docs.md‎
Lines changed: 18 additions & 20 deletions
@@ -535,12 +535,8 @@ func (e *Engine) checkUserPermissions(ctx context.Context, stmt SQLStmt) error {
 		return err
 	}
 
-	if user.Permission() == PermissionAdmin {
-		return nil
-	}
-
 	if !stmt.readOnly() && user.Permission() == PermissionReadOnly {
-		return ErrAccessDenied
+		return fmt.Errorf("%w: statement requires %s permission", ErrAccessDenied, PermissionReadWrite)
 	}
 
 	requiredPrivileges := stmt.requiredPrivileges()
 
@@ -97,6 +97,24 @@ const (
 	PermissionSysAdmin  Permission = "SYSADMIN"
 )
 
+func PermissionFromCode(code uint32) Permission {
+	switch code {
+	case 1:
+		{
+			return PermissionReadOnly
+		}
+	case 2:
+		{
+			return PermissionReadWrite
+		}
+	case 254:
+		{
+			return PermissionAdmin
+		}
+	}
+	return PermissionSysAdmin
+}
+
 type AggregateFn = string
 
 const (
@@ -5475,7 +5493,7 @@ var allPrivileges = []SQLPrivilege{
 
 func DefaultSQLPrivilegesForPermission(p Permission) []SQLPrivilege {
 	switch p {
-	case PermissionSysAdmin, PermissionAdmin, PermissionReadWrite: // should also contain GRANT/REVOKE
+	case PermissionSysAdmin, PermissionAdmin, PermissionReadWrite:
 		return allPrivileges
 	case PermissionReadOnly:
 		return []SQLPrivilege{SQLPrivilegeSelect}
 
@@ -91,6 +91,7 @@
     - [SQLExecRequest](#immudb.schema.SQLExecRequest)
     - [SQLExecResult](#immudb.schema.SQLExecResult)
     - [SQLGetRequest](#immudb.schema.SQLGetRequest)
+    - [SQLPrivilege](#immudb.schema.SQLPrivilege)
     - [SQLQueryRequest](#immudb.schema.SQLQueryRequest)
     - [SQLQueryResult](#immudb.schema.SQLQueryResult)
     - [SQLValue](#immudb.schema.SQLValue)
@@ -142,7 +143,6 @@
 
     - [EntryTypeAction](#immudb.schema.EntryTypeAction)
     - [PermissionAction](#immudb.schema.PermissionAction)
-    - [SQLPrivilege](#immudb.schema.SQLPrivilege)
     - [TxMode](#immudb.schema.TxMode)
 
     - [ImmuService](#immudb.schema.ImmuService)
@@ -235,7 +235,7 @@ DEPRECATED
 | action | [PermissionAction](#immudb.schema.PermissionAction) |  | Action to perform |
 | username | [string](#string) |  | Name of the user to update |
 | database | [string](#string) |  | Name of the database |
-| privileges | [SQLPrivilege](#immudb.schema.SQLPrivilege) | repeated | SQL privileges to grant / revoke |
+| privileges | [string](#string) | repeated | SQL privileges: SELECT, CREATE, INSERT, UPDATE, DELETE, DROP, ALTER |
 
 
 
@@ -1633,6 +1633,22 @@ Only succeed if given key was not modified after given transaction
 
 
 
+<a name="immudb.schema.SQLPrivilege"></a>
+
+### SQLPrivilege
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| database | [string](#string) |  | Database name |
+| privilege | [string](#string) |  | Privilege: SELECT, CREATE, INSERT, UPDATE, DELETE, DROP, ALTER |
+
+
+
+
+
+
 <a name="immudb.schema.SQLQueryRequest"></a>
 
 ### SQLQueryRequest
@@ -2488,24 +2504,6 @@ Reserved to reply with more advanced response later
 
 
 
-<a name="immudb.schema.SQLPrivilege"></a>
-
-### SQLPrivilege
-
-
-| Name | Number | Description |
-| ---- | ------ | ----------- |
-| UNKNOWN | 0 |  |
-| SELECT | 1 |  |
-| CREATE | 2 |  |
-| INSERT | 3 |  |
-| UPDATE | 4 |  |
-| DELETE | 5 |  |
-| DROP | 6 |  |
-| ALTER | 7 |  |
-
-
-
 <a name="immudb.schema.TxMode"></a>
 
 ### TxMode
Original file line number	Diff line number	Diff line change
`@@ -535,12 +535,8 @@ func (e *Engine) checkUserPermissions(ctx context.Context, stmt SQLStmt) error {`
`535`	`535`	`return err`
`536`	`536`	`}`
`537`	`537`
`538`		`- if user.Permission() == PermissionAdmin {`
`539`		`- return nil`
`540`		`- }`
`541`		`-`
`542`	`538`	`if !stmt.readOnly() && user.Permission() == PermissionReadOnly {`
`543`		`- return ErrAccessDenied`
	`539`	`+ return fmt.Errorf("%w: statement requires %s permission", ErrAccessDenied, PermissionReadWrite)`
`544`	`540`	`}`
`545`	`541`
`546`	`542`	`requiredPrivileges := stmt.requiredPrivileges()`