(doris) branch branch-3.0 updated: branch-3.0:[enhance](auth)support ldap user show grants (#54087) (#54765)

Thu, 04 Sep 2025 18:56:55 -0700 

This is an automated email from the ASF dual-hosted git repository.

dataroaring pushed a commit to branch branch-3.0
in repository https://gitbox.apache.org/repos/asf/doris.git


The following commit(s) were added to refs/heads/branch-3.0 by this push:
     new e6899fe1c72 branch-3.0:[enhance](auth)support ldap user show grants 
(#54087) (#54765)
e6899fe1c72 is described below

commit e6899fe1c722dac1782fc40e7815b4309e2ef8da
Author: zhangdong <[email protected]>
AuthorDate: Fri Sep 5 09:56:18 2025 +0800

    branch-3.0:[enhance](auth)support ldap user show grants (#54087) (#54765)
    
    pick: https://github.com/apache/doris/pull/54087
---
 .../src/main/java/org/apache/doris/analysis/ShowGrantsStmt.java  | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git 
a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowGrantsStmt.java 
b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowGrantsStmt.java
index 0439544ae0e..b6e473c4f0e 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowGrantsStmt.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowGrantsStmt.java
@@ -80,16 +80,17 @@ public class ShowGrantsStmt extends ShowStmt implements 
NotFallbackInParser {
                 userIdent = ConnectContext.get().getCurrentUserIdentity();
             }
         }
+        boolean isSelf = userIdent != null && 
ConnectContext.get().getCurrentUserIdentity().equals(userIdent);
         Preconditions.checkState(isAll || userIdent != null);
-        UserIdentity self = ConnectContext.get().getCurrentUserIdentity();
-
         // if show all grants, or show other user's grants, need global GRANT 
priv.
-        if (isAll || !self.equals(userIdent)) {
+        if (isAll || !isSelf) {
             if 
(!Env.getCurrentEnv().getAccessManager().checkGlobalPriv(ConnectContext.get(), 
PrivPredicate.GRANT)) {
                 
ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR, 
"GRANT");
             }
         }
-        if (userIdent != null && 
!Env.getCurrentEnv().getAccessManager().getAuth().doesUserExist(userIdent)) {
+        // ldap user not exist in userManager, so should not check
+        if (userIdent != null && !isSelf && 
!Env.getCurrentEnv().getAccessManager().getAuth()
+                .doesUserExist(userIdent)) {
             throw new AnalysisException(String.format("User: %s does not 
exist", userIdent));
         }
     }


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to