[fix](auth) Prohibit deleting admin user (apache#44751)

zddr · Dec 6, 2024 · 49d2427 · 49d2427
1 parent 0f00f11
commit 49d2427
Show file tree

Hide file tree

Showing 3 changed files with 45 additions and 2 deletions.
diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/DropUserStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/DropUserStmt.java
@@ -63,8 +63,8 @@ public void analyze(Analyzer analyzer) throws AnalysisException, UserException {
 
         userIdent.analyze();
 
-        if (userIdent.isRootUser()) {
-            ErrorReport.reportAnalysisException(ErrorCode.ERR_COMMON_ERROR, "Can not drop root user");
+        if (userIdent.isSystemUser()) {
+            ErrorReport.reportAnalysisException(ErrorCode.ERR_COMMON_ERROR, "Can not drop system user");
         }
 
         // only user with GLOBAL level's GRANT_PRIV can drop user.

diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/UserIdentity.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/UserIdentity.java
@@ -189,6 +189,10 @@ public boolean isAdminUser() {
         return user.equals(Auth.ADMIN_USER);
     }
 
+    public boolean isSystemUser() {
+        return isRootUser() || isAdminUser();
+    }
+
     public TUserIdentity toThrift() {
         Preconditions.checkState(isAnalyzed);
         TUserIdentity tUserIdent = new TUserIdentity();

diff --git a/regression-test/suites/account_p0/test_system_user.groovy b/regression-test/suites/account_p0/test_system_user.groovy
@@ -0,0 +1,39 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+import org.junit.Assert;
+
+suite("test_system_user") {
+    test {
+          sql """
+              create user `root`;
+          """
+          exception "root"
+    }
+    test {
+          sql """
+              drop user `root`;
+          """
+          exception "system"
+    }
+    test {
+          sql """
+              drop user `admin`;
+          """
+          exception "system"
+    }
+}