database/doris
2
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

[fix](auth) Disable revoke 'admin' from 'admin'` (#34644)

Browse Source
This commit is contained in:
deardeng
2024-05-11 10:47:36 +08:00
committed by yiguolei
parent db15c811f8
commit c62ff0b672
2 changed files with 52 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
fe/fe-core/src/main/java/org/apache/doris/analysis/RevokeStmt.java
View File

@ -20,6 +20,7 @@ package org.apache.doris.analysis;
import org.apache.doris.catalog.AccessPrivilegeWithCols;
import org.apache.doris.common.AnalysisException;
import org.apache.doris.common.Config;
import org.apache.doris.common.ErrorReport;
import org.apache.doris.common.FeNameFormat;
import org.apache.doris.mysql.privilege.ColPrivilegeKey;
import org.apache.doris.mysql.privilege.Privilege;
@ -34,6 +35,7 @@ import org.apache.commons.collections.MapUtils;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
// REVOKE STMT
// revoke privilege from some user, this is an administrator operation.
@ -159,6 +161,10 @@ public class RevokeStmt extends DdlStmt {
GrantStmt.checkWorkloadGroupPrivileges(privileges, workloadGroupPattern);
} else if (roles != null) {
GrantStmt.checkRolePrivileges();
if (roles.stream().map(String::toLowerCase).collect(Collectors.toList()).contains("admin")
&& userIdent.isAdminUser()) {
ErrorReport.reportAnalysisException("Unsupported operation");
}
}
}