MOD: move user to UserProperty

docs/en/administrator-guide/block-rule/sql-block.md

@@ -28,18 +28,32 @@ under the License.
 
 Support SQL block rule by user level, by regex way to deny specify SQL
 
-## Specific operation
+## Rule
 
 SQL block rule CRUD
 - create SQL block rule
-    - user：For users whose rule is in effect, default means that all users are in effect. If both the specified user and the default rule are hit, the default rule takes precedence
     - sql：Regex pattern，Special characters need to be translated
-    - sqlHash: Sql hash value, Used to match exactly, We print it in fe.audit.log 
-    - enable：Whether to enable block rule
-> CREATE SQL_BLOCK_RULE test_rule PROPERTIES("user"="default","sql"="select \\* from test_table","sqlHash":null,"enable"="true")
+    - sqlHash: Sql hash value, Used to match exactly, We print it in fe.audit.log
+    - global: Whether global(all users)is in effect, false by default
+    - enable：Whether to enable block rule，true by default
+```
+CREATE SQL_BLOCK_RULE test_rule PROPERTIES("sql"="select \\* from test_table","sqlHash":null,"global"="false","enable"="true")
+```
 - show configured SQL block rules, or show all rules if you do not specify a rule name
-> SHOW SQL_BLOCK_RULE [FOR RULE_NAME]
-- alter SQL block rule，Allows changes user/sql/enable anyone
-> ALTER SQL_BLOCK_RULE test_rule PROPERTIES("user"="default","sql"="select \\* from test_table","enable"="true")
+```
+SHOW SQL_BLOCK_RULE [FOR RULE_NAME]
+```
+- alter SQL block rule，Allows changes sql/global/enable anyone
+```
+ALTER SQL_BLOCK_RULE test_rule PROPERTIES("sql"="select \\* from test_table","enable"="true")
+```
 - drop SQL block rule，Support multiple rules, separated by `,`
-> DROP SQL_BLOCK_RULE test_rule1,test_rule2
+```
+DROP SQL_BLOCK_RULE test_rule1,test_rule2
+```
+
+## User bind rules
+If global=false is configured, the rules binding for the specified user needs to be configured, with multiple rules separated by ', '
+```
+SET PROPERTY FOR 'jack' 'bind_sql_block_rules' = 'test_rule1,test_rule2'
+```

docs/zh-CN/administrator-guide/block-rule/sql-block.md

@@ -28,18 +28,32 @@ under the License.
 
 支持按用户配置SQL黑名单，通过正则匹配的方式拒绝指定SQL
 
-## 具体操作
+## 规则
 
 对SQL规则增删改查
 - 创建SQL阻止规则
-    - user：规则生效的用户，default代表所有用户都生效，如果同时命中指定用户和default的规则，default规则优先
-    - sql：匹配规则(基于正则匹配,特殊字符需要转译)
-    - sqlHash: sql hash值，用于完全匹配，我们会在`fe.audit.log`打印这个值
-    - enable：是否开启阻止规则
-> CREATE SQL_BLOCK_RULE test_rule PROPERTIES("user"="default","sql"="select \\* from test_table","sqlHash":null,"enable"="true")
+    - sql：匹配规则(基于正则匹配,特殊字符需要转译)，可选
+    - sqlHash: sql hash值，用于完全匹配，我们会在`fe.audit.log`打印这个值，可选
+    - global：是否全局(所有用户)生效，默认为false  
+    - enable：是否开启阻止规则，默认为true
+```
+CREATE SQL_BLOCK_RULE test_rule PROPERTIES("sql"="select \\* from test_table","sqlHash":null,"enable"="true")
+```
 - 查看已配置的SQL阻止规则，不指定规则名则为查看所有规则
-> SHOW SQL_BLOCK_RULE [FOR RULE_NAME]
-- 修改SQL阻止规则，允许对user/sql/enable等每一项进行修改
-> ALTER SQL_BLOCK_RULE test_rule PROPERTIES("user"="default","sql"="select \\* from test_table","enable"="true")
+```
+SHOW SQL_BLOCK_RULE [FOR RULE_NAME]
+```
+- 修改SQL阻止规则，允许对sql/global/enable等每一项进行修改
+```
+ALTER SQL_BLOCK_RULE test_rule PROPERTIES("sql"="select \\* from test_table","enable"="true")
+```
 - 删除SQL阻止规则，支持多规则，以`,`隔开
-> DROP SQL_BLOCK_RULE test_rule1,test_rule2
+```
+DROP SQL_BLOCK_RULE test_rule1,test_rule2
+```
+
+## 用户规则绑定
+如果配置global=false，则需要配置指定用户的规则绑定，多个规则使用`,`分隔
+```
+SET PROPERTY FOR 'jack' 'bind_sql_block_rules' = 'test_rule1,test_rule2'
+```

fe/fe-core/src/main/java/org/apache/doris/analysis/AlterSqlBlockRuleStmt.java

@@ -17,9 +17,7 @@
 
 package org.apache.doris.analysis;
 
-import org.apache.doris.blockrule.SqlBlockRule;
 import org.apache.doris.catalog.Catalog;
-import org.apache.doris.common.AnalysisException;
 import org.apache.doris.common.ErrorCode;
 import org.apache.doris.common.ErrorReport;
 import org.apache.doris.common.UserException;
@@ -29,18 +27,17 @@
 import org.apache.commons.lang3.StringUtils;
 
 import java.util.Map;
-import java.util.Optional;
 
 public class AlterSqlBlockRuleStmt extends DdlStmt {
 
     private final String ruleName;
 
-    private String user;
-
     private String sql;
 
     private String sqlHash;
 
+    private Boolean global;
+
     private Boolean enable;
 
     private final Map<String, String> properties;
@@ -62,18 +59,12 @@ public void analyze(Analyzer analyzer) throws UserException {
         setProperties(properties);
     }
 
-    private void setProperties(Map<String, String> properties) throws UserException {
-        this.user = properties.get(CreateSqlBlockRuleStmt.USER_PROPERTY);
-        // if not default, need check whether user exist
-        if (StringUtils.isNotEmpty(user) &&  !SqlBlockRule.DEFAULT_USER.equals(user)) {
-            boolean existUser = Catalog.getCurrentCatalog().getAuth().getTablePrivTable().doesUsernameExist(user);
-            if (!existUser) {
-                throw new AnalysisException(user + " does not exist");
-            }
-        }
+    private void setProperties(Map<String, String> properties) {
         this.sql = properties.get(CreateSqlBlockRuleStmt.SQL_PROPERTY);
         this.sqlHash = properties.get(CreateSqlBlockRuleStmt.SQL_HASH_PROPERTY);
         // allow null, represents no modification
+        String globalStr = properties.get(CreateSqlBlockRuleStmt.GLOBAL_PROPERTY);
+        this.global = StringUtils.isNotEmpty(globalStr) ? Boolean.parseBoolean(globalStr) : null;
         String enableStr = properties.get(CreateSqlBlockRuleStmt.ENABLE_PROPERTY);
         this.enable = StringUtils.isNotEmpty(enableStr) ? Boolean.parseBoolean(enableStr) : null;
     }
@@ -82,14 +73,14 @@ public String getRuleName() {
         return ruleName;
     }
 
-    public String getUser() {
-        return user;
-    }
-
     public String getSql() {
         return sql;
     }
 
+    public Boolean getGlobal() {
+        return global;
+    }
+
     public Boolean getEnable() {
         return enable;
     }

fe/fe-core/src/main/java/org/apache/doris/analysis/CreateSqlBlockRuleStmt.java

@@ -17,7 +17,6 @@
 
 package org.apache.doris.analysis;
 
-import org.apache.doris.blockrule.SqlBlockRule;
 import org.apache.doris.catalog.Catalog;
 import org.apache.doris.common.AnalysisException;
 import org.apache.doris.common.ErrorCode;
@@ -39,30 +38,30 @@
  syntax:
       CREATE SQL_BLOCK_RULE `rule_name` PROPERTIES
       (
-          user = default,
           sql = select * from a,
+          global = false
           enable = true
       )
 */
 public class CreateSqlBlockRuleStmt extends DdlStmt {
 
-    public static final String USER_PROPERTY = "user";
-
     public static final String SQL_PROPERTY = "sql";
 
     public static final String SQL_HASH_PROPERTY = "sqlHash";
 
+    public static final String GLOBAL_PROPERTY = "global";
+
     public static final String ENABLE_PROPERTY = "enable";
 
     private final String ruleName;
 
-    // default stands for all users
-    private String user;
-
     private String sql;
 
     private String sqlHash;
 
+    // whether effective global
+    private boolean global;
+
     // whether to use the rule
     private boolean enable;
 
@@ -71,9 +70,9 @@ public class CreateSqlBlockRuleStmt extends DdlStmt {
     private static final String NAME_TYPE = "SQL BLOCK RULE NAME";
 
     public static final ImmutableSet<String> PROPERTIES_SET = new ImmutableSet.Builder<String>()
-            .add(USER_PROPERTY)
             .add(SQL_PROPERTY)
             .add(SQL_HASH_PROPERTY)
+            .add(GLOBAL_PROPERTY)
             .add(ENABLE_PROPERTY)
             .build();
 
@@ -96,16 +95,9 @@ public void analyze(Analyzer analyzer) throws UserException {
     }
 
     private void setProperties(Map<String, String> properties) throws UserException {
-        this.user = properties.get(USER_PROPERTY);
-        // if not default, need check whether user exist
-        if (!SqlBlockRule.DEFAULT_USER.equals(user)) {
-            boolean existUser = Catalog.getCurrentCatalog().getAuth().getTablePrivTable().doesUsernameExist(user);
-            if (!existUser) {
-                throw new AnalysisException(user + " does not exist");
-            }
-        }
         this.sql = properties.get(SQL_PROPERTY);
         this.sqlHash = properties.get(SQL_HASH_PROPERTY);
+        this.global = Util.getBooleanPropertyOrDefault(properties.get(GLOBAL_PROPERTY), false, GLOBAL_PROPERTY + " should be a boolean");
         this.enable = Util.getBooleanPropertyOrDefault(properties.get(ENABLE_PROPERTY), true, ENABLE_PROPERTY + " should be a boolean");
     }
 
@@ -124,10 +116,6 @@ public String getRuleName() {
         return ruleName;
     }
 
-    public String getUser() {
-        return user;
-    }
-
     public String getSql() {
         return sql;
     }
@@ -136,6 +124,10 @@ public String getSqlHash() {
         return sqlHash;
     }
 
+    public boolean isGlobal() {
+        return global;
+    }
+
     public boolean isEnable() {
         return enable;
     }

fe/fe-core/src/main/java/org/apache/doris/blockrule/SqlBlockRule.java

@@ -39,45 +39,41 @@ public class SqlBlockRule implements Writable {
     // the rule name, cluster unique
     private String name;
 
-    // default stands for all users
-    private String user;
-
     private String sql;
 
     // sql md5
     private String sqlHash;
 
+    // whether effective global
+    private Boolean global;
+
     // whether to use the rule
     private Boolean enable;
 
     public SqlBlockRule(String name) {
         this.name = name;
     }
 
-    public SqlBlockRule(String name, String user, String sql, String sqlHash, Boolean enable) {
+    public SqlBlockRule(String name, String sql, String sqlHash, Boolean global, Boolean enable) {
         this.name = name;
-        this.user = user;
         this.sql = sql;
         this.sqlHash = sqlHash;
+        this.global = global;
         this.enable = enable;
     }
 
     public static SqlBlockRule fromCreateStmt(CreateSqlBlockRuleStmt stmt) {
-        return new SqlBlockRule(stmt.getRuleName(), stmt.getUser(), stmt.getSql(), stmt.getSqlHash(), stmt.isEnable());
+        return new SqlBlockRule(stmt.getRuleName(), stmt.getSql(), stmt.getSqlHash(), stmt.isGlobal(), stmt.isEnable());
     }
 
     public static SqlBlockRule fromAlterStmt(AlterSqlBlockRuleStmt stmt) {
-        return new SqlBlockRule(stmt.getRuleName(), stmt.getUser(), stmt.getSql(), stmt.getSqlHash(), stmt.getEnable());
+        return new SqlBlockRule(stmt.getRuleName(), stmt.getSql(), stmt.getSqlHash(), stmt.getGlobal(), stmt.getEnable());
     }
 
     public String getName() {
         return name;
     }
 
-    public String getUser() {
-        return user;
-    }
-
     public String getSql() {
         return sql;
     }
@@ -86,12 +82,12 @@ public String getSqlHash() {
         return sqlHash;
     }
 
-    public Boolean getEnable() {
-        return enable;
+    public Boolean getGlobal() {
+        return global;
     }
 
-    public void setUser(String user) {
-        this.user = user;
+    public Boolean getEnable() {
+        return enable;
     }
 
     public void setSql(String sql) {
@@ -102,12 +98,16 @@ public void setSqlHash(String sqlHash) {
         this.sqlHash = sqlHash;
     }
 
+    public void setGlobal(Boolean global) {
+        this.global = global;
+    }
+
     public void setEnable(Boolean enable) {
         this.enable = enable;
     }
 
     public List<String> getShowInfo() {
-        return Lists.newArrayList(this.name, this.user, this.sql, String.valueOf(this.enable));
+        return Lists.newArrayList(this.name, this.sql, String.valueOf(this.enable));
     }
 
     @Override