This is an automated email from the ASF dual-hosted git repository.
yiguolei pushed a commit to branch branch-2.1
in repository https://gitbox.apache.org/repos/asf/doris.git
The following commit(s) were added to refs/heads/branch-2.1 by this push:
new 5d20a04b327 branch-2.1: [fix](auth)Only treat admin@% and root@% as
system users. #50904 (#52283)
5d20a04b327 is described below
commit 5d20a04b3273f8cb0acbe459ae49298f8f8574f4
Author: github-actions[bot]
<41898282+github-actions[bot]@users.noreply.github.com>
AuthorDate: Sat Jun 28 10:11:13 2025 +0800
branch-2.1: [fix](auth)Only treat admin@% and root@% as system users.
#50904 (#52283)
Cherry-picked from #50904
Co-authored-by: zhangdong <[email protected]>
---
.../org/apache/doris/analysis/UserIdentity.java | 4 +--
.../suites/account_p0/test_system_user.groovy | 38 ++++++++++++++++++++++
2 files changed, 40 insertions(+), 2 deletions(-)
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/analysis/UserIdentity.java
b/fe/fe-core/src/main/java/org/apache/doris/analysis/UserIdentity.java
index e7450f7e548..3d9ce0438b1 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/analysis/UserIdentity.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/UserIdentity.java
@@ -178,11 +178,11 @@ public class UserIdentity implements Writable,
GsonPostProcessable {
}
public boolean isRootUser() {
- return user.equals(Auth.ROOT_USER);
+ return this.equals(ROOT);
}
public boolean isAdminUser() {
- return user.equals(Auth.ADMIN_USER);
+ return this.equals(ADMIN);
}
public boolean isSystemUser() {
diff --git a/regression-test/suites/account_p0/test_system_user.groovy
b/regression-test/suites/account_p0/test_system_user.groovy
index 5993e1d238b..d7b3ad213fb 100644
--- a/regression-test/suites/account_p0/test_system_user.groovy
+++ b/regression-test/suites/account_p0/test_system_user.groovy
@@ -62,4 +62,42 @@ suite("test_system_user","p0,auth") {
revoke select_priv on *.*.* from `admin`;
"""
+ sql """
+ create user `root`@'8.8.8.8';
+ """
+ sql """
+ grant select_priv on *.*.* to `root`@'8.8.8.8';
+ """
+ sql """
+ revoke select_priv on *.*.* from `root`@'8.8.8.8';
+ """
+ test {
+ sql """
+ grant 'operator' to `root`@'8.8.8.8';
+ """
+ exception "Can not grant role: operator"
+ }
+ sql """
+ drop user `root`@'8.8.8.8';
+ """
+
+ sql """
+ create user `admin`@'8.8.8.8';
+ """
+ sql """
+ grant select_priv on *.*.* to `admin`@'8.8.8.8';
+ """
+ sql """
+ revoke select_priv on *.*.* from `admin`@'8.8.8.8';
+ """
+
+ sql """
+ grant 'admin' to `admin`@'8.8.8.8';
+ """
+ sql """
+ revoke 'admin' from `admin`@'8.8.8.8';
+ """
+ sql """
+ drop user `admin`@'8.8.8.8';
+ """
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
