Skip to content

[fix](auth) restrict skip_catalog_priv_check to SHOW and SELECT on catalog privilege checks#61147

Merged
CalvinKirs merged 1 commit intoapache:masterfrom
CalvinKirs:master_skip_catalog_priv_check
Mar 10, 2026
Merged

[fix](auth) restrict skip_catalog_priv_check to SHOW and SELECT on catalog privilege checks#61147
CalvinKirs merged 1 commit intoapache:masterfrom
CalvinKirs:master_skip_catalog_priv_check

Conversation

@CalvinKirs
Copy link
Copy Markdown
Member

@CalvinKirs CalvinKirs commented Mar 9, 2026
edited by morningman
Loading

followup #60945

What problem does this PR solve?

When skip_catalog_priv_check is enabled, AccessControllerManager#checkCtlPriv() currently skips
catalog privilege checks for external catalogs with a custom access controller.

This behavior is too broad because it also affects non-read-only catalog privileges such as CREATE
and LOAD, which should still be validated by the default internal access controller.

What problem does this PR solve?

Issue Number: close #xxx

Related PR: #xxx

Problem Summary:

Release note

None

Check List (For Author)

  • Test

    • Regression test
    • Unit Test
    • Manual test (add detailed scripts or steps below)
    • No need to test or manual test. Explain why:
      • This is a refactor/code format and no logic has been changed.
      • Previous test can cover this change.
      • No code files have been changed.
      • Other reason

  • Behavior changed:

    • No.
    • Yes.

  • Does this need documentation?

    • No.
    • Yes.

Check List (For Reviewer who merge this PR)

  • Confirm the release note
  • Confirm test cases
  • Confirm document
  • Add branch pick label

@CalvinKirs
[fix](auth) restrict skip_catalog_priv_check to SHOW and SELECT on c…
f590c40 
…atalog privilege checks

  PR Description

  ## What problem does this PR solve?

  When `skip_catalog_priv_check` is enabled, `AccessControllerManager#checkCtlPriv()` currently skips
  catalog privilege checks for external catalogs with a custom access controller.

  This behavior is too broad because it also affects non-read-only catalog privileges such as `CREATE`
  and `LOAD`, which should still be validated by the default internal access controller.
@hello-stephen
Copy link
Copy Markdown
Contributor

hello-stephen commented Mar 9, 2026

Thank you for your contribution to Apache Doris.
Don't know what should be done next? See How to process your PR.

Please clearly describe your PR:

  1. What problem was fixed (it's best to include specific error reporting information). How it was fixed.
  2. Which behaviors were modified. What was the previous behavior, what is it now, why was it modified, and what possible impacts might there be.
  3. What features were added. Why was this function added?
  4. Which code was refactored and why was this part of the code refactored?
  5. Which functions were optimized and what is the difference before and after the optimization?

@CalvinKirs
Copy link
Copy Markdown
Member Author

CalvinKirs commented Mar 9, 2026

run buildall

@doris-robot
Copy link
Copy Markdown

doris-robot commented Mar 9, 2026

TPC-H: Total hot run time: 27564 ms 
machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/tpch-tools
Tpch sf100 test result on commit f590c403b5ff20040e4367502c050e670a80bf75, data reload: false

------ Round 1 ----------------------------------
============================================
q1	17637	4425	4269	4269
q2	q3	10649	767	526	526
q4	4678	364	253	253
q5	7552	1174	1013	1013
q6	180	170	146	146
q7	774	838	661	661
q8	9300	1422	1289	1289
q9	4904	4710	4649	4649
q10	6333	1907	1664	1664
q11	489	258	233	233
q12	740	560	454	454
q13	18037	2925	2182	2182
q14	226	225	208	208
q15	944	796	816	796
q16	738	711	672	672
q17	700	851	401	401
q18	5859	5394	5356	5356
q19	1127	984	597	597
q20	497	500	397	397
q21	4494	1913	1546	1546
q22	362	310	252	252
Total cold run time: 96220 ms
Total hot run time: 27564 ms

----- Round 2, with runtime_filter_mode=off -----
============================================
q1	4641	4630	4623	4623
q2	q3	3856	4308	3788	3788
q4	866	1203	782	782
q5	4033	4336	4316	4316
q6	178	174	139	139
q7	1722	1661	1538	1538
q8	2441	2680	2587	2587
q9	7573	7240	7718	7240
q10	3869	3940	3573	3573
q11	502	432	431	431
q12	480	578	443	443
q13	2795	3228	2489	2489
q14	280	290	269	269
q15	855	826	810	810
q16	747	774	759	759
q17	1132	1392	1359	1359
q18	7148	6944	6653	6653
q19	997	961	878	878
q20	2064	2210	2039	2039
q21	3983	3532	3302	3302
q22	482	424	377	377
Total cold run time: 50644 ms
Total hot run time: 48395 ms

@doris-robot
Copy link
Copy Markdown

doris-robot commented Mar 9, 2026

TPC-DS: Total hot run time: 153011 ms 
machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/tpcds-tools
TPC-DS sf100 test result on commit f590c403b5ff20040e4367502c050e670a80bf75, data reload: false

query5	4372	632	511	511
query6	317	225	211	211
query7	4211	487	293	293
query8	349	247	251	247
query9	8807	2736	2721	2721
query10	478	370	352	352
query11	7396	5785	5550	5550
query12	185	141	125	125
query13	1270	444	360	360
query14	5788	3769	3551	3551
query14_1	2866	2869	2880	2869
query15	204	199	180	180
query16	993	491	483	483
query17	1129	721	655	655
query18	2445	445	349	349
query19	212	215	186	186
query20	133	139	125	125
query21	225	144	125	125
query22	5089	4925	4818	4818
query23	16615	16089	15525	15525
query23_1	15780	15741	16153	15741
query24	7710	1783	1366	1366
query24_1	1287	1259	1321	1259
query25	598	532	497	497
query26	1649	284	174	174
query27	3263	546	336	336
query28	4626	1871	1863	1863
query29	864	568	470	470
query30	313	248	208	208
query31	1330	1282	1214	1214
query32	78	79	69	69
query33	509	325	284	284
query34	925	936	562	562
query35	639	673	605	605
query36	1064	1151	1024	1024
query37	131	96	83	83
query38	2920	2891	2908	2891
query39	870	868	840	840
query39_1	829	830	822	822
query40	232	150	134	134
query41	62	60	58	58
query42	305	308	307	307
query43	243	241	233	233
query44	
query45	205	194	184	184
query46	873	1018	609	609
query47	2134	2135	2070	2070
query48	317	316	236	236
query49	629	484	389	389
query50	687	277	208	208
query51	4178	4167	4077	4077
query52	289	295	282	282
query53	292	338	286	286
query54	318	285	275	275
query55	92	86	83	83
query56	326	322	298	298
query57	1370	1338	1300	1300
query58	287	280	268	268
query59	1349	1416	1264	1264
query60	344	340	322	322
query61	146	147	145	145
query62	607	586	535	535
query63	320	279	280	279
query64	5126	1270	959	959
query65	
query66	1458	446	359	359
query67	16176	16469	16235	16235
query68	
query69	390	318	293	293
query70	1042	979	987	979
query71	330	307	298	298
query72	2875	2658	2401	2401
query73	538	553	327	327
query74	9976	9931	9815	9815
query75	2828	2755	2458	2458
query76	2269	1030	681	681
query77	365	400	319	319
query78	11204	11286	10630	10630
query79	1150	803	605	605
query80	1357	651	520	520
query81	558	272	253	253
query82	1026	153	118	118
query83	350	259	252	252
query84	250	120	103	103
query85	911	478	439	439
query86	414	282	287	282
query87	3203	3102	2977	2977
query88	3504	2654	2602	2602
query89	430	372	345	345
query90	2055	177	172	172
query91	167	159	138	138
query92	78	68	69	68
query93	916	823	503	503
query94	648	324	294	294
query95	579	398	315	315
query96	643	515	229	229
query97	2505	2515	2470	2470
query98	238	224	216	216
query99	999	947	906	906
Total cold run time: 235874 ms
Total hot run time: 153011 ms

@hello-stephen
Copy link
Copy Markdown
Contributor

hello-stephen commented Mar 9, 2026

FE UT Coverage Report

Increment line coverage 100.00% (5/5) 🎉
Increment coverage report
Complete coverage report

@github-actions github-actions Bot added the approved Indicates a PR has been approved by one committer. label Mar 10, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Mar 10, 2026

PR approved by at least one committer and no changes requested.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Mar 10, 2026

PR approved by anyone and no changes requested.

@CalvinKirs CalvinKirs merged commit 711ef9e into apache:master Mar 10, 2026
33 of 35 checks passed
github-actions Bot pushed a commit that referenced this pull request Mar 10, 2026
@CalvinKirs
[fix](auth) restrict skip_catalog_priv_check to SHOW and SELECT on c…
0f76639 
…atalog privilege checks (#61147)

followup #60945

  ## What problem does this PR solve?

When `skip_catalog_priv_check` is enabled,
`AccessControllerManager#checkCtlPriv()` currently skips
catalog privilege checks for external catalogs with a custom access
controller.

This behavior is too broad because it also affects non-read-only catalog
privileges such as `CREATE`
and `LOAD`, which should still be validated by the default internal
access controller.
@github-actions github-actions Bot mentioned this pull request Mar 10, 2026
Merged
yiguolei pushed a commit that referenced this pull request Mar 10, 2026
@github-actions @CalvinKirs
branch-4.0: [fix](auth) restrict skip_catalog_priv_check to SHOW and …
f21ebf9 
…SELECT on catalog privilege checks #61147 (#61163)

Cherry-picked from #61147

Co-authored-by: Calvin Kirs <guoqiang@selectdb.com>
@yiguolei yiguolei mentioned this pull request Mar 27, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@morningman morningman morningman approved these changes

@zhangstar333 zhangstar333 zhangstar333 approved these changes

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by one committer. dev/3.1.x dev/4.0.5-merged dev/4.1.0-merged reviewed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@CalvinKirs @hello-stephen @doris-robot @morningman @zhangstar333 @yiguolei