gravitino icon indicating copy to clipboard operation
gravitino copied to clipboard
Published 4 days ago verified publisher icon apache

[Bug report] Auth: a user having "manage_grants" privilege, but the user isn't allowed to get all roles

Open danhuawang opened this issue 1 month ago • 0 comments

Version

main branch

Describe what's wrong

There're role1,role2 in metalake test. And role2 definition as following.

A user missy is granted role2 , she is supposed to have the access to the roles role1,role2.

But currently she failed to get role1

{
    "code": 0,
    "role": {
        "name": "role2",
        "audit": {
            "creator": "anonymous",
            "createTime": "2025-11-13T07:15:40.015212Z"
        },
        "properties": {
            "k1": "v1"
        },
        "securableObjects": [
            {
                "type": "metalake",
                "privileges": [
                    {
                        "name": "manage_grants",
                        "condition": "allow"
                    }
                ],
                "fullName": "test"
            }
        ]
    }
}

Error message and/or stacktrace

N/A

How to reproduce

  1. Create role1 role2 in metalake test.
  2. Grant role2 by manage_grants privileges.
  3. Add a user missy, then granted role2 to she
  4. Use missy to get role1

Additional context

No response

danhuawang avatar Nov 13 '25 07:11 danhuawang