[enhance](auth)Remove restrictions on user creation and other operations when enabling ranger/LDAP (#50137)

### What problem does this PR solve?
- In version 2.1, the global permission check still calls the internal
permission interface. If grant is not allowed, it will be impossible to
assign admin and other permissions to users
- According to the current design of LDAP, if there is no user in LDAP,
Doris will check again to see if the user exists internally. If there
is, login will also be allowed. Therefore, creating users should not be
prohibited

fe/fe-core/src/main/java/org/apache/doris/analysis/CreateRoleStmt.java

@@ -18,8 +18,6 @@
 package org.apache.doris.analysis;
 
 import org.apache.doris.catalog.Env;
-import org.apache.doris.common.AnalysisException;
-import org.apache.doris.common.Config;
 import org.apache.doris.common.ErrorCode;
 import org.apache.doris.common.ErrorReport;
 import org.apache.doris.common.FeNameFormat;
@@ -63,10 +61,6 @@ public class CreateRoleStmt extends DdlStmt {
     public void analyze(Analyzer analyzer) throws UserException {
         super.analyze(analyzer);
 
-        if (Config.access_controller_type.equalsIgnoreCase("ranger-doris")) {
-            throw new AnalysisException("Create role is prohibited when Ranger is enabled.");
-        }
-
         FeNameFormat.checkRoleName(role, false /* can not be admin */, "Can not create role");
 
         // check if current user has GRANT priv on GLOBAL level.

fe/fe-core/src/main/java/org/apache/doris/analysis/CreateUserStmt.java

@@ -18,13 +18,10 @@
 package org.apache.doris.analysis;
 
 import org.apache.doris.catalog.Env;
-import org.apache.doris.common.AnalysisException;
-import org.apache.doris.common.Config;
 import org.apache.doris.common.ErrorCode;
 import org.apache.doris.common.ErrorReport;
 import org.apache.doris.common.FeNameFormat;
 import org.apache.doris.common.UserException;
-import org.apache.doris.mysql.authenticate.AuthenticateType;
 import org.apache.doris.mysql.privilege.PrivPredicate;
 import org.apache.doris.mysql.privilege.Role;
 import org.apache.doris.qe.ConnectContext;
@@ -119,11 +116,6 @@ public class CreateUserStmt extends DdlStmt {
     public void analyze(Analyzer analyzer) throws UserException {
         super.analyze(analyzer);
 
-        if (Config.access_controller_type.equalsIgnoreCase("ranger-doris")
-                && AuthenticateType.getAuthTypeConfig() == AuthenticateType.LDAP) {
-            throw new AnalysisException("Create user is prohibited when Ranger and LDAP are enabled at same time.");
-        }
-
         userIdent.analyze();
 
         if (userIdent.isRootUser()) {

fe/fe-core/src/main/java/org/apache/doris/analysis/DropRoleStmt.java

@@ -18,8 +18,6 @@
 package org.apache.doris.analysis;
 
 import org.apache.doris.catalog.Env;
-import org.apache.doris.common.AnalysisException;
-import org.apache.doris.common.Config;
 import org.apache.doris.common.ErrorCode;
 import org.apache.doris.common.ErrorReport;
 import org.apache.doris.common.FeNameFormat;
@@ -53,10 +51,6 @@ public class DropRoleStmt extends DdlStmt {
     public void analyze(Analyzer analyzer) throws UserException {
         super.analyze(analyzer);
 
-        if (Config.access_controller_type.equalsIgnoreCase("ranger-doris")) {
-            throw new AnalysisException("Drop role is prohibited when Ranger is enabled.");
-        }
-
         FeNameFormat.checkRoleName(role, false /* can not be superuser */, "Can not drop role");
 
         // check if current user has GRANT priv on GLOBAL level.

fe/fe-core/src/main/java/org/apache/doris/analysis/DropUserStmt.java

@@ -19,11 +19,9 @@ package org.apache.doris.analysis;
 
 import org.apache.doris.catalog.Env;
 import org.apache.doris.common.AnalysisException;
-import org.apache.doris.common.Config;
 import org.apache.doris.common.ErrorCode;
 import org.apache.doris.common.ErrorReport;
 import org.apache.doris.common.UserException;
-import org.apache.doris.mysql.authenticate.AuthenticateType;
 import org.apache.doris.mysql.privilege.PrivPredicate;
 import org.apache.doris.qe.ConnectContext;
 
@@ -56,11 +54,6 @@ public class DropUserStmt extends DdlStmt {
     public void analyze(Analyzer analyzer) throws AnalysisException, UserException {
         super.analyze(analyzer);
 
-        if (Config.access_controller_type.equalsIgnoreCase("ranger-doris")
-                && AuthenticateType.getAuthTypeConfig() == AuthenticateType.LDAP) {
-            throw new AnalysisException("Drop user is prohibited when Ranger and LDAP are enabled at same time.");
-        }
-
         userIdent.analyze();
 
         if (userIdent.isSystemUser()) {

fe/fe-core/src/main/java/org/apache/doris/analysis/GrantStmt.java

@@ -21,7 +21,6 @@ import org.apache.doris.analysis.CompoundPredicate.Operator;
 import org.apache.doris.catalog.AccessPrivilegeWithCols;
 import org.apache.doris.catalog.Env;
 import org.apache.doris.common.AnalysisException;
-import org.apache.doris.common.Config;
 import org.apache.doris.common.ErrorCode;
 import org.apache.doris.common.ErrorReport;
 import org.apache.doris.common.FeNameFormat;
@@ -139,10 +138,6 @@ public class GrantStmt extends DdlStmt {
     public void analyze(Analyzer analyzer) throws UserException {
         super.analyze(analyzer);
 
-        if (Config.access_controller_type.equalsIgnoreCase("ranger-doris")) {
-            throw new AnalysisException("Grant is prohibited when Ranger is enabled.");
-        }
-
         if (userIdent != null) {
             userIdent.analyze();
         } else {

fe/fe-core/src/main/java/org/apache/doris/analysis/RevokeStmt.java

@@ -19,7 +19,6 @@ package org.apache.doris.analysis;
 
 import org.apache.doris.catalog.AccessPrivilegeWithCols;
 import org.apache.doris.common.AnalysisException;
-import org.apache.doris.common.Config;
 import org.apache.doris.common.ErrorReport;
 import org.apache.doris.common.FeNameFormat;
 import org.apache.doris.mysql.privilege.ColPrivilegeKey;
@@ -119,10 +118,6 @@ public class RevokeStmt extends DdlStmt {
 
     @Override
     public void analyze(Analyzer analyzer) throws AnalysisException {
-        if (Config.access_controller_type.equalsIgnoreCase("ranger-doris")) {
-            throw new AnalysisException("Revoke is prohibited when Ranger is enabled.");
-        }
-
         if (userIdent != null) {
             userIdent.analyze();
         } else {