search

StarRocks / starrocks

The world's fastest open query engine for sub-second analytics both on and off the data lakehouse. With the flexibility to support nearly any scenario, StarRocks provides best-in-class performance for multi-dimensional analytics, real-time analytics, and ad-hoc queries. A Linux Foundation project.
https://starrocks.io
Apache License 2.0
8.99k stars 1.81k forks source link

A bug for create materialized view must need root permission #49434

Closed THyyy closed 3 months ago

THyyy commented 3 months ago

After upgrading from version 3.1.8 to 3.2.6, we created a bi_all role and assigned it to the dev_user user. The bi_all role has been granted all permissions on tables and MATERIALIZED VIEWs within the bi database. However, when attempting to create a MATERIALIZED VIEW, we receive an error indicating that the base table does not have the required SELECT permission. This issue prevents us from refreshing partitions, and as a result, we are currently forced to use the root user to perform all creation and partition refresh operations for MATERIALIZED VIEWs. We have since upgraded to version 3.3.0, but the problem persists.

Steps to reproduce the behavior (Required)

-- 授权 bi 权限给 bi_all 角色
GRANT ALL ON DATABASE bi TO ROLE bi_all;
GRANT ALL ON TABLE bi.* TO ROLE bi_all;
GRANT ALL ON VIEW bi.* TO ROLE bi_all;
GRANT ALL ON MATERIALIZED VIEW bi.* TO ROLE bi_all;

-- 授予角色权限
GRANT 'bi_all' TO USER 'dev_user'@'x.x.x.x';

-- 异步物化视图创建sql
CREATE
MATERIALIZED VIEW IF NOT EXISTS bi.business_enter_detail_55 COMMENT '每日进入系统订单毛利表'
PARTITION BY date_trunc('day', dt_format)
DISTRIBUTED BY HASH(`tsale_depart_name`)
REFRESH ASYNC START
('2024-05-27 10:10:00') EVERY (interval 1 hour)
AS
SELECT pi_detail_id,
       account,
       site,
       spu,
       order_id,
       order_number,
       data_type_code,
       send_date,
       pay_date,
       platform,
       original_plat_name,
       original_account_name,
       carrier_name,
       channel_name,
       tracknumber,
       order_recordnumber,
       currency,
       countrysn,
       country_name,
       state,
       continent,
       warehouse,
       order_ppfee,
       sku,
       csku,
       cspu,
       sku_totalcount,
       is_ls_code,
       in_csku_code,
       product_line,
       category,
       category_name,
       category1_name,
       category2_name,
       category3_name,
       category4_name,
       is_resend_code,
       resend_reason,
       sku_weight,
       sku_estimate_weight,
       goods_weight,
       sku_volume,
       sku_volume_weight,
       current2usd_rate,
       usd2cny_rate,
       online_itemprice,
       sku_sales_pay_original,
       sku_sales_pay_usd,
       sku_sales_pay_cny,
       online_skushipfee,
       tsku_sales,
       csku_sales,
       sku_ppfee,
       sku_refundfee,
       sku_platfee,
       sku_shipfee,
       goods_cost,
       check_cost,
       sku_packfee,
       sku_withdrawal_fee,
       sku_disposefee_home,
       sku_disposefee_oversea,
       sku_declared_value,
       sku_vat_tax,
       sku_oceanfee,
       sku_tariff,
       sales_tax,
       sku_grossprofit,
       grossprofit_rate,
       sku_stockup_fee,
       new_sku_grossprofit,
       new_grossprofit_rate,
       amazon_recordnumber,
       amazon_accountid,
       amazon_account,
       amazon_site,
       is_otherfba_code,
       tsale_name,
       tsale_team_name,
       tsale_depart_name,
       csale_name,
       csale_team_name,
       csale_depart_name,
       purchase_name,
       purchase_team_name,
       purchase_depart_name,
       develop_name,
       develop_team_name,
       develop_depart_name,
       gendan_name,
       gendan_team_name,
       gendan_depart_name,
       sku_fba_secondshipfee,
       dt_format,
       user_mail,
       postcode,
       sluggish_status_code,
       changed_type_code,
       sku_cpcfee,
       sku_ocpcfee,
       sku_otherfee,
       sku_refund_return_fee,
       promoter_name,
       category_manager_name,
       sku_create_time,
       sku_publish_time,
       is_new_code,
       director,
       promotionids,
       order_note,
       ph_sluggish_status_code,
       ph_changed_type_code,
       check_time,
       order_type_note_code,
       changed_date,
       ph_changed_date,
       order_status_cny,
       is_promote_order,
       add_date,
       transation_id,
       model_create_date,
       onum,
       leader,
       soft_hard_type_code,
       business_plat,
       real_plat,
       fin_name,
       online_status,
       supplier_second_low_price,
       online_sku,
       season_brand_name,
       sales_tax_original,
       sku_sales_without_tax_original,
       sku_sales_without_tax_cny,
       spu_buz_module,
       dept_buz_module,
       online_itemid,
       sku_shipfee_original_1,
       sku_shipfee_original_currency_1,
       sku_shipfee_original_2,
       sku_shipfee_original_currency_2,
       sku_shipfee_original_3,
       sku_shipfee_original_currency_3,
       sku_shipfee_original_4,
       sku_shipfee_original_currency_4,
       sku_shipfee_original_5,
       sku_shipfee_original_currency_5,
       sku_shipfee_original_6,
       sku_shipfee_original_currency_6,
       is_tax_code,
       is_business_order_code,
       brand_name,
       finance_status_code,
       shipment_status_code,
       pay_type,
       recieve_paypal,
       discard_date,
       carton_sequence_number,
       is_copy,
       wk_sale_tax_original,
       wk_is_include_tax,
       category5_name,
       temu_order_recordnumber,
       star_flag,
       is_offline_code,
       dealer_name,
       dt,
       amazon_order_type,
       primary_level,
       primary_fee,
       first_batch_total,
       final_level
FROM bi.business_enter_detail
WHERE dept_buz_module = '销售中心' and dt_format >= '2024-05-01';

Expected behavior (Required)

We would like to be able to perform the creation and manual refresh of partitions for MATERIALIZED VIEWs using the dev_user user.

Real behavior (Required)

Error message from the result when we execute select * from information_schema.task_runs: Refresh materialized view business_enter_detail_55 failed after retrying 1 times(try-lock 0 times), error-msg : Access denied; you need (at least one of) the SELECT privilege(s) on TABLE business_enter_detail for this operation. Please ask the admin to grant permission(s) or try activating existing roles using <set [default] role>. Current role(s): NONE. Inactivated role(s): NONE.

StarRocks version (Required)

murphyatwork commented 3 months ago