924060929 commented on PR #61741: URL: https://github.com/apache/doris/pull/61741#issuecomment-4132584305
Hi, @smith1000, It is expected that the entire query statement checks permissions only once, which helps prevent redundant permission checks. In addition, placing the permission flag in the StatementContext is intentional. Consider this scenario: a user has access to view_a, but does not have access to table_b inside view_a. In this case, two CascadeContexts are generated—one for the scope outside view_a, and one for the scope inside view_a. The expected behavior is that if the user has access to view_a, they can bypass the permission check on table_b and query it through the view. This requirement implies that the permission information needs to be shared in a common place (i.e., StatementContext). Therefore, for this issue, the expected behavior is to check permissions on the CTE once, then inline-expand the CTE, and subsequently skip permission checks for the inlined portion -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
