heguanhui opened a new pull request, #63632:
URL: https://github.com/apache/doris/pull/63632
### What problem does this PR solve?
Issue Number: close #xxx
Problem Summary: When a resource (database, table, resource, workload group,
or catalog) is dropped, the corresponding privilege entries in roles are not
cleaned up. This causes `SHOW GRANTS` to display orphan privileges that
reference non-existent resources. These orphan entries persist across FE
restarts because the original GRANT records are replayed from BDB edit logs
without any corresponding cleanup.
### Release note
Fix orphan privilege entries displayed by `SHOW GRANTS` after dropping
databases, tables, resources, workload groups, or catalogs. Privileges
referencing dropped resources are now cascade-revoked automatically.
### Check List (For Author)
- Test
- [x] Regression test
- [x] Unit Test
- [ ] Manual test (add detailed scripts or steps below)
- [ ] No need to test or manual test. Explain why:
- [ ] This is a refactor/code format and no logic has been changed.
- [ ] Previous test can cover this change.
- [ ] No code files have been changed.
- [ ] Other reason
- Behavior changed:
- [ ] No.
- [x] Yes. Dropping a database/table/resource/workload group/catalog now
cascade-revokes all privilege entries referencing that resource across all
roles.
- Does this need documentation?
- [x] No.
- [ ] Yes.
### Check List (For Reviewer who merge this PR)
- [ ] Confirm the release note
- [ ] Confirm test cases
- [ ] Confirm document
- [ ] Add branch pick label
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
