diff --git a/fe/fe-core/src/main/java/org/apache/doris/qe/ConnectScheduler.java b/fe/fe-core/src/main/java/org/apache/doris/qe/ConnectScheduler.java index db60ac84b6..01b41ec3e9 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/qe/ConnectScheduler.java +++ b/fe/fe-core/src/main/java/org/apache/doris/qe/ConnectScheduler.java @@ -17,6 +17,7 @@ package org.apache.doris.qe; +import org.apache.doris.analysis.UserIdentity; import org.apache.doris.catalog.Env; import org.apache.doris.common.ThreadPoolManager; import org.apache.doris.common.util.DebugUtil; @@ -173,10 +174,17 @@ public class ConnectScheduler { } // used for thrift - public List> listConnectionWithoutAuth(boolean isShowFullSql, boolean isShowFeHost) { + public List> listConnectionForRpc(UserIdentity userIdentity, boolean isShowFullSql, + boolean isShowFeHost) { List> list = new ArrayList<>(); long nowMs = System.currentTimeMillis(); for (ConnectContext ctx : connectionMap.values()) { + // Check auth + if (!ctx.getCurrentUserIdentity().equals(userIdentity) && !Env.getCurrentEnv() + .getAccessManager() + .checkGlobalPriv(userIdentity, PrivPredicate.GRANT)) { + continue; + } list.add(ctx.toThreadInfo(isShowFullSql).toRow(-1, nowMs, isShowFeHost)); } return list; diff --git a/fe/fe-core/src/main/java/org/apache/doris/qe/ShowExecutor.java b/fe/fe-core/src/main/java/org/apache/doris/qe/ShowExecutor.java index 683e7a7fc1..7652e8bb2b 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/qe/ShowExecutor.java +++ b/fe/fe-core/src/main/java/org/apache/doris/qe/ShowExecutor.java @@ -483,6 +483,7 @@ public class ShowExecutor { try { TShowProcessListRequest request = new TShowProcessListRequest(); request.setShowFullSql(isShowFullSql); + request.setCurrentUserIdent(ConnectContext.get().getCurrentUserIdentity().toThrift()); List> frontends = FrontendsProcNode.getFrontendWithRpcPort(Env.getCurrentEnv(), false); FrontendService.Client client = null; diff --git a/fe/fe-core/src/main/java/org/apache/doris/service/FrontendServiceImpl.java b/fe/fe-core/src/main/java/org/apache/doris/service/FrontendServiceImpl.java index 7f727c51ba..9a2a083b36 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/service/FrontendServiceImpl.java +++ b/fe/fe-core/src/main/java/org/apache/doris/service/FrontendServiceImpl.java @@ -4006,8 +4006,12 @@ public class FrontendServiceImpl implements FrontendService.Iface { if (request.isSetShowFullSql()) { isShowFullSql = request.isShowFullSql(); } + UserIdentity userIdentity = UserIdentity.ROOT; + if (request.isSetCurrentUserIdent()) { + userIdentity = UserIdentity.fromThrift(request.getCurrentUserIdent()); + } List> processList = ExecuteEnv.getInstance().getScheduler() - .listConnectionWithoutAuth(isShowFullSql, true); + .listConnectionForRpc(userIdentity, isShowFullSql, true); TShowProcessListResult result = new TShowProcessListResult(); result.setProcessList(processList); return result; diff --git a/gensrc/thrift/FrontendService.thrift b/gensrc/thrift/FrontendService.thrift index 157b0a40dd..cda2392be0 100644 --- a/gensrc/thrift/FrontendService.thrift +++ b/gensrc/thrift/FrontendService.thrift @@ -1465,6 +1465,7 @@ struct TGetColumnInfoResult { struct TShowProcessListRequest { 1: optional bool show_full_sql + 2: optional Types.TUserIdentity current_user_ident } struct TShowProcessListResult {