[fix](auth)Fix some issues with incorrect permission verification (apache#39726)

- `show columns` do not have permission to check
- `show sync job`do not have permission to check
- `Show data from db.table` should be the permission to determine the
table, not the admin permission
- users with grant permission should not see all processes through 'SHOW
PROCESS LIST'
- `show tablet storage format`fix permission error prompt

cases will be added uniformly in other PRs

Author: zddr

fe/fe-core/src/main/java/org/apache/doris/analysis/ShowColumnStmt.java

@@ -18,9 +18,14 @@
 package org.apache.doris.analysis;
 
 import org.apache.doris.catalog.Column;
+import org.apache.doris.catalog.Env;
 import org.apache.doris.catalog.InfoSchemaDb;
 import org.apache.doris.catalog.ScalarType;
 import org.apache.doris.common.AnalysisException;
+import org.apache.doris.common.ErrorCode;
+import org.apache.doris.common.ErrorReport;
+import org.apache.doris.mysql.privilege.PrivPredicate;
+import org.apache.doris.qe.ConnectContext;
 import org.apache.doris.qe.ShowResultSetMetaData;
 
 import com.google.common.base.Strings;
@@ -103,6 +108,12 @@ public void analyze(Analyzer analyzer) throws AnalysisException {
         } else {
             metaData = META_DATA;
         }
+        if (!Env.getCurrentEnv().getAccessManager()
+                .checkTblPriv(ConnectContext.get(), tableName.getCtl(), tableName.getDb(),
+                        tableName.getTbl(), PrivPredicate.SHOW)) {
+            ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLE_ACCESS_DENIED_ERROR,
+                    PrivPredicate.SHOW.getPrivs().toString(), tableName);
+        }
     }
 
     @Override

fe/fe-core/src/main/java/org/apache/doris/analysis/ShowDataStmt.java

@@ -115,7 +115,7 @@ public ShowDataStmt(TableName tableName, List<OrderByElement> orderByElements) {
     public void analyze(Analyzer analyzer) throws UserException {
         super.analyze(analyzer);
         dbName = analyzer.getDefaultDb();
-        if (Strings.isNullOrEmpty(dbName)) {
+        if (Strings.isNullOrEmpty(dbName) && tableName == null) {
             getAllDbStats();
             return;
         }

fe/fe-core/src/main/java/org/apache/doris/analysis/ShowSyncJobStmt.java

@@ -18,10 +18,14 @@
 package org.apache.doris.analysis;
 
 import org.apache.doris.catalog.Column;
+import org.apache.doris.catalog.Env;
 import org.apache.doris.catalog.ScalarType;
 import org.apache.doris.common.ErrorCode;
 import org.apache.doris.common.ErrorReport;
 import org.apache.doris.common.UserException;
+import org.apache.doris.datasource.InternalCatalog;
+import org.apache.doris.mysql.privilege.PrivPredicate;
+import org.apache.doris.qe.ConnectContext;
 import org.apache.doris.qe.ShowResultSetMetaData;
 
 import com.google.common.base.Strings;
@@ -60,6 +64,11 @@ public void analyze(Analyzer analyzer) throws UserException {
                 ErrorReport.reportAnalysisException(ErrorCode.ERR_NO_DB_ERROR);
             }
         }
+        if (!Env.getCurrentEnv().getAccessManager()
+                .checkDbPriv(ConnectContext.get(), InternalCatalog.INTERNAL_CATALOG_NAME, dbName, PrivPredicate.SHOW)) {
+            ErrorReport.reportAnalysisException(ErrorCode.ERR_DB_ACCESS_DENIED_ERROR,
+                    PrivPredicate.SHOW.getPrivs().toString(), dbName);
+        }
     }
 
     @Override

fe/fe-core/src/main/java/org/apache/doris/analysis/ShowTabletStorageFormatStmt.java

@@ -38,10 +38,8 @@ public ShowTabletStorageFormatStmt(boolean verbose) {
     public void analyze(Analyzer analyzer) throws UserException {
         // check access first
         if (!Env.getCurrentEnv().getAccessManager().checkGlobalPriv(ConnectContext.get(), PrivPredicate.ADMIN)) {
-            ErrorReport.reportAnalysisException(ErrorCode.ERR_ACCESS_DENIED_ERROR,
-                    toSql(),
-                    ConnectContext.get().getQualifiedUser(),
-                    ConnectContext.get().getRemoteIP(), "ADMIN Privilege needed.");
+            ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR,
+                    PrivPredicate.ADMIN.getPrivs().toString());
         }
 
         super.analyze(analyzer);

fe/fe-core/src/main/java/org/apache/doris/qe/ConnectScheduler.java

@@ -163,7 +163,7 @@ public List<ConnectContext.ThreadInfo> listConnection(String user, boolean isFul
         for (ConnectContext ctx : connectionMap.values()) {
             // Check auth
             if (!ctx.getQualifiedUser().equals(user) && !Env.getCurrentEnv().getAccessManager()
-                    .checkGlobalPriv(ConnectContext.get(), PrivPredicate.GRANT)) {
+                    .checkGlobalPriv(ConnectContext.get(), PrivPredicate.ADMIN)) {
                 continue;
             }