This is an automated email from the ASF dual-hosted git repository.
kxiao pushed a commit to branch branch-2.0
in repository https://gitbox.apache.org/repos/asf/doris.git
commit 08ce513227c2d06500d7fdab3e8246abe64e086a
Author: DongLiang-0 <46414265+donglian...@users.noreply.github.com>
AuthorDate: Thu Sep 7 12:55:52 2023 +0800
[fix](auth)Fix create user no permissions of information_schema database
(#23898)
When creating a new user, this user does not have the information_schema
database permission.
---
.../java/org/apache/doris/mysql/privilege/Role.java | 17 ++++++++++++-----
.../org/apache/doris/mysql/privilege/RoleManager.java | 15 +++++++++------
.../suites/account_p0/test_alter_user.groovy | 10 ++++++++++
3 files changed, 31 insertions(+), 11 deletions(-)
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Role.java
b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Role.java
index 025b86fa63..7f1f8bb8ef 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Role.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Role.java
@@ -45,6 +45,7 @@ import org.apache.logging.log4j.Logger;
import java.io.DataInput;
import java.io.DataOutput;
import java.io.IOException;
+import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import java.util.Objects;
@@ -138,17 +139,23 @@ public class Role implements Writable,
GsonPostProcessable {
grantPrivs(workloadGroupPattern, privs.copy());
}
- public Role(String roleName, TablePattern tablePattern, PrivBitSet
tablePrivs,
+ public Role(String roleName, List<TablePattern> tablePatterns, PrivBitSet
tablePrivs,
WorkloadGroupPattern workloadGroupPattern, PrivBitSet
workloadGroupPrivs) {
this.roleName = roleName;
- this.tblPatternToPrivs.put(tablePattern, tablePrivs);
this.workloadGroupPatternToPrivs.put(workloadGroupPattern,
workloadGroupPrivs);
- //for init admin role,will not generate exception
+ tablePatterns.forEach(tablePattern -> {
+ // for init admin role,will not generate exception
+ try {
+ this.tblPatternToPrivs.put(tablePattern, tablePrivs);
+ grantPrivs(tablePattern, tablePrivs.copy());
+ } catch (DdlException e) {
+ LOG.warn("grant table failed,", e);
+ }
+ });
try {
- grantPrivs(tablePattern, tablePrivs.copy());
grantPrivs(workloadGroupPattern, workloadGroupPrivs.copy());
} catch (DdlException e) {
- LOG.warn("grant failed,", e);
+ LOG.warn("grant workload group failed,", e);
}
}
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/RoleManager.java
b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/RoleManager.java
index 7b37b6f40e..7df0baf495 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/RoleManager.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/RoleManager.java
@@ -192,17 +192,20 @@ public class RoleManager implements Writable {
if (roles.containsKey(userDefaultRoleName)) {
return roles.get(userDefaultRoleName);
}
+
// grant read privs to database information_schema & mysql
- TablePattern tblPattern = new TablePattern(Auth.DEFAULT_CATALOG,
InfoSchemaDb.DATABASE_NAME, "*");
+ List<TablePattern> tablePatterns = Lists.newArrayList();
+ TablePattern informationTblPattern = new
TablePattern(Auth.DEFAULT_CATALOG, InfoSchemaDb.DATABASE_NAME, "*");
try {
- tblPattern.analyze(SystemInfoService.DEFAULT_CLUSTER);
+ informationTblPattern.analyze(SystemInfoService.DEFAULT_CLUSTER);
+ tablePatterns.add(informationTblPattern);
} catch (AnalysisException e) {
LOG.warn("should not happen", e);
}
-
- tblPattern = new TablePattern(Auth.DEFAULT_CATALOG,
MysqlDb.DATABASE_NAME, "*");
+ TablePattern mysqlTblPattern = new TablePattern(Auth.DEFAULT_CATALOG,
MysqlDb.DATABASE_NAME, "*");
try {
- tblPattern.analyze(SystemInfoService.DEFAULT_CLUSTER);
+ mysqlTblPattern.analyze(SystemInfoService.DEFAULT_CLUSTER);
+ tablePatterns.add(mysqlTblPattern);
} catch (AnalysisException e) {
LOG.warn("should not happen", e);
}
@@ -214,7 +217,7 @@ public class RoleManager implements Writable {
} catch (AnalysisException e) {
LOG.warn("should not happen", e);
}
- Role role = new Role(userDefaultRoleName, tblPattern,
PrivBitSet.of(Privilege.SELECT_PRIV),
+ Role role = new Role(userDefaultRoleName, tablePatterns,
PrivBitSet.of(Privilege.SELECT_PRIV),
workloadGroupPattern, PrivBitSet.of(Privilege.USAGE_PRIV));
roles.put(role.getRoleName(), role);
return role;
diff --git a/regression-test/suites/account_p0/test_alter_user.groovy
b/regression-test/suites/account_p0/test_alter_user.groovy
index 445e701092..9414025ef0 100644
--- a/regression-test/suites/account_p0/test_alter_user.groovy
+++ b/regression-test/suites/account_p0/test_alter_user.groovy
@@ -192,5 +192,15 @@ suite("test_alter_user", "account") {
result2 = connect(user = 'test_auth_user4', password = '12345', url =
context.config.jdbcUrl) {
sql 'select 1'
}
+
+ // 9. test user default database privileges
+ sql """drop user if exists test_auth_user4"""
+ sql """create user test_auth_user4 identified by '12345'"""
+ sql """grant SELECT_PRIV on regression_test.* to test_auth_user4"""
+ result1 = connect(user = 'test_auth_user4', password = '12345', url =
context.config.jdbcUrl) {
+ sql 'select 1'
+ sql 'use information_schema'
+ sql 'use mysql'
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org
For additional commands, e-mail: commits-h...@doris.apache.org
