StarRocks-3.1.13版本授权bug

💬 StarRocks 用户问答
#1

【StarRocks版本】3.1.12
【集群规模】3fe+3be(fe与be混部)

StarRocks-3.1.13版本授权bug,
1、用户有权限,但是取消不了授权。

2、用户执行SHOW GRANTS;权限统计和实际权限不符合。

mysql> SELECT GRANTEE, OBJECT_DATABASE, OBJECT_NAME, PRIVILEGE_TYPE  FROM sys.grants_to_users  WHERE GRANTEE like '%usr_ads_finance%' and OBJECT_DATABASE like '%dc_ods%';
+-----------------------+---------------------+--------------------------------------------------------+----------------+
| GRANTEE               | OBJECT_DATABASE     | OBJECT_NAME                                            | PRIVILEGE_TYPE |
+-----------------------+---------------------+--------------------------------------------------------+----------------+
| 'usr_ads_finance'@'%' | finance_dc_ods_view | xbl63_bd_bankaccsub_ods                                | SELECT, DROP   |
| 'usr_ads_finance'@'%' | finance_dc_ods_view | iuap_apdoc_basedoc_bd_bank_ods                         | SELECT, DROP   |
| 'usr_ads_finance'@'%' | finance_dc_ods_view | iuap_apdoc_coredoc_product_management_class_ods        | SELECT, DROP   |
| 'usr_ads_finance'@'%' | finance_dc_ods_view | xbl63_bd_defdoc_ods                                    | SELECT, DROP   |
| 'usr_ads_finance'@'%' | finance_dc_ods_view | figl_fi_voucher_ods                                    | SELECT, DROP   |
| 'usr_ads_finance'@'%' | finance_dc_ods_view | iuap_apdoc_coredoc_aa_vendor_ods                       | SELECT, DROP   |
| 'usr_ads_finance'@'%' | finance_dc_ods_view | xbl63_bd_material_v_ods                                | SELECT, DROP   |
| 'usr_ads_finance'@'%' | finance_dc_ods_view | iuap_apdoc_basedoc_bd_cust_doc_ods                     | SELECT, DROP   |
| 'usr_ads_finance'@'%' | finance_dc_ods_view | budget_one24_financial_other_result_rounds_ods         | SELECT, DROP   |
| 'usr_ads_finance'@'%' | finance_dc_ods_view | xbl63_gl_docfree1_ods                                  | SELECT, DROP   |
| 'usr_ads_finance'@'%' | finance_dc_ods_view | etcloud_sb_gl_vat_main_table_general_ods               | SELECT, DROP   |
| 'usr_ads_finance'@'%' | finance_dc_ods_view | etcloud_ovat_tax4_invoice_ods                          | SELECT, DROP   |
| 'usr_ads_finance'@'%' | finance_dc_ods_view | xbl63_bd_address_ods                                   | SELECT, DROP   |
| 'usr_ads_finance'@'%' | finance_dc_ods_view | etcloud_sys_sale_info_ods                              | SELECT, DROP   |
| 'usr_ads_finance'@'%' | finance_dc_ods_view | xbl63_bd_fundplan_ods                                  | SELECT, DROP   |
| 'usr_ads_finance'@'%' | finance_dc_ods_view | xbl63_bd_prodline_ods                                  | SELECT, DROP   |
| 'usr_ads_finance'@'%' | finance_dc_ods_view | xbl63_gl_detail_ods                                    | SELECT, DROP   |

取消授权报错:

mysql> REVOKE SELECT,DROP  ON VIEW finance_dc_ods_view.xbl63_bd_bankaccsub_ods from 'usr_ads_finance'@'%';
ERROR 1064 (HY000): Unexpected exception: There is no such grant defined on VIEW finance_dc_ods_view.xbl63_bd_bankaccsub_ods

使用usr_ads_finance登录,执行查看权限:SHOW GRANTS;看不到有finance_dc_ods_view库,但是有权限可以进行查询。

#2

不明觉厉,反正我也是3.1.13 目前还没测出这个bug,我先占个坑,有进度我回来再看看。

#3

应该是升级遗留的bug,我们从低版本(StarRocks-3.1.5 --> StarRocks-3.1.9 --> StarRocks-3.1.13)升级上来的。这块bug,怎么处理知道吗?

京ICP备2022026421号-1