fix(frontend): keep DDL ownership on matche role by ouyuanning · Pull Request #24970 · matrixorigin/matrixone

ouyuanning · 2026-06-12T13:11:14Z

What type of PR is this?

Which issue(s) this PR fixes:

issue #24956

What this PR does / why we need it:

This PR fixes DDL ownership handling when privileges are satisfied by secondary roles or inherited roles.

Track the matched privilege role during authorization and use it as the DDL owner for CREATE DATABASE / CREATE TABLE.
Map inherited privilege matches back to the active root role so ownership follows the active granted role, not the inherited leaf role.
Re-authenticate prepared CREATE DATABASE / CREATE TABLE during EXECUTE so prepared DDL also sets the owner role correctly.
Revoke implicit ownership privileges from the actual object owner role when dropping databases/tables, including multi-table drops.
Add unit tests and BVT coverage for secondary-role DDL ownership and prepared DDL ownership cleanup.

Validation:

go test -mod=mod ./pkg/defines -count=1
go test -mod=mod ./pkg/frontend -run 'TestCreateDatabaseOwnerRoleFollowsActiveInheritedRoleRoot|TestCreateTableOwnerRoleFollowsPrivilegeRole|Test_determineUserHasPrivilegeSet' -count=1 was blocked locally by missing xxhash.h before running tests.

(cherry picked from commit 6f9480a)

(cherry picked from commit 39f66cd)

(cherry picked from commit 3f94ef1)

(cherry picked from commit 43cd20c)

(cherry picked from commit 93aa0e5)

qodo-code-review · 2026-06-12T13:11:19Z

Qodo reviews are paused for this user.

Troubleshooting steps vary by plan Learn more →

On a Teams plan?
Reviews resume once this user has a paid seat and their Git account is linked in Qodo.
Link Git account →

Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center?
These require an Enterprise plan - Contact us
Contact us →

ouyuanning added 5 commits June 12, 2026 20:33

bug fix

da9ace6

(cherry picked from commit 6f9480a)

bug fix

72fc725

(cherry picked from commit 39f66cd)

fix(frontend): propagate implicit ownership revoke errors

6657fa0

(cherry picked from commit 3f94ef1)

test(frontend): align privilege cache case with matched role auth

e17a703

(cherry picked from commit 43cd20c)

fix(frontend): keep DDL owner on active inherited role

33717ee

(cherry picked from commit 93aa0e5)

ouyuanning requested review from XuPeng-SH, gouhongshen and heni02 as code owners June 12, 2026 13:11

ouyuanning had a problem deploying to ci June 12, 2026 13:11 — with GitHub Actions Failure

ouyuanning temporarily deployed to ci June 12, 2026 13:11 — with GitHub Actions Inactive

ouyuanning had a problem deploying to ci June 12, 2026 13:11 — with GitHub Actions Failure

ouyuanning temporarily deployed to ci June 12, 2026 13:11 — with GitHub Actions Inactive

ouyuanning had a problem deploying to ci June 12, 2026 13:11 — with GitHub Actions Failure

matrix-meow added the size/L Denotes a PR that changes [500,999] lines label Jun 12, 2026

mergify Bot added kind/bug Something isn't working kind/test-ci labels Jun 12, 2026

Merge branch '4.0-dev' into fix-ownership-bug-4.0-dev

f484cd5

ouyuanning had a problem deploying to ci June 12, 2026 15:02 — with GitHub Actions Error

ouyuanning temporarily deployed to ci June 12, 2026 15:02 — with GitHub Actions Inactive

fix(frontend): remove unused temp storage helper from ownership fix

3ea95ee

ouyuanning temporarily deployed to ci June 12, 2026 15:06 — with GitHub Actions Inactive

ouyuanning had a problem deploying to ci June 12, 2026 15:06 — with GitHub Actions Failure

ouyuanning temporarily deployed to ci June 12, 2026 15:06 — with GitHub Actions Inactive

ouyuanning had a problem deploying to ci June 12, 2026 15:06 — with GitHub Actions Failure

ouyuanning had a problem deploying to ci June 13, 2026 02:18 — with GitHub Actions Failure

fix(frontend): skip implicit ownership revoke for admin owner

04d1c02

ouyuanning temporarily deployed to ci June 13, 2026 05:31 — with GitHub Actions Inactive

ouyuanning had a problem deploying to ci June 13, 2026 05:31 — with GitHub Actions Failure

ouyuanning temporarily deployed to ci June 13, 2026 05:31 — with GitHub Actions Inactive

ouyuanning had a problem deploying to ci June 13, 2026 05:31 — with GitHub Actions Failure

ouyuanning temporarily deployed to ci June 13, 2026 05:31 — with GitHub Actions Inactive

ouyuanning changed the title ~~fix(frontend): keep DDL ownership on matched active role~~ fix(frontend): keep DDL ownership on matche role Jun 14, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(frontend): keep DDL ownership on matche role#24970

fix(frontend): keep DDL ownership on matche role#24970
ouyuanning wants to merge 8 commits into
matrixorigin:4.0-devfrom
ouyuanning:fix-ownership-bug-4.0-dev

ouyuanning commented Jun 12, 2026

Uh oh!

qodo-code-review Bot commented Jun 12, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

ouyuanning commented Jun 12, 2026

What type of PR is this?

Which issue(s) this PR fixes:

What this PR does / why we need it:

Uh oh!

qodo-code-review Bot commented Jun 12, 2026

Qodo reviews are paused for this user.

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants