This is an automated email from the ASF dual-hosted git repository.

jackietien pushed a commit to branch ChangeMaintainToRoot
in repository https://gitbox.apache.org/repos/asf/iotdb.git

commit 32b11f7d1a450187e722f4dd37e0d2f9b5f07403
Author: JackieTien97 <[email protected]>
AuthorDate: Thu Mar 6 18:12:49 2025 +0800

    Delete Maintain Auth
---
 .../it/auth/IoTDBClusterAuthorityRelationalIT.java |  1 -
 .../manual/basic/IoTDBPipeLifeCycleIT.java         | 16 ++---
 .../it/query/recent/IoTDBMaintainAuthIT.java       | 59 ++++++-------------
 .../it/local/IoTDBSubscriptionBasicIT.java         |  8 +--
 .../iotdb/db/queryengine/plan/Coordinator.java     |  4 +-
 .../execution/config/TableConfigTaskVisitor.java   | 68 +++++++++++-----------
 .../analyzer/StatementAnalyzerFactory.java         |  4 ++
 .../plan/relational/security/AccessControl.java    |  8 ---
 .../relational/security/AccessControlImpl.java     |  6 +-
 .../relational/security/AllowAllAccessControl.java |  5 --
 .../relational/security/TableModelPrivilege.java   |  5 --
 .../plan/relational/sql/rewrite/ShowRewrite.java   | 22 ++++---
 .../sql/rewrite/StatementRewriteFactory.java       |  6 +-
 .../plan/relational/analyzer/AnalyzerTest.java     |  4 +-
 .../plan/relational/planner/PlanTester.java        |  9 ++-
 .../iotdb/commons/auth/entity/PrivilegeType.java   |  2 +-
 .../db/relational/grammar/sql/RelationalSql.g4     |  4 +-
 17 files changed, 98 insertions(+), 133 deletions(-)

diff --git 
a/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBClusterAuthorityRelationalIT.java
 
b/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBClusterAuthorityRelationalIT.java
index e18e43211be..7d1eec7e72c 100644
--- 
a/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBClusterAuthorityRelationalIT.java
+++ 
b/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBClusterAuthorityRelationalIT.java
@@ -348,7 +348,6 @@ public class IoTDBClusterAuthorityRelationalIT {
               false));
       grantSysPrivilegeAndCheck(client, "user1", "role1", true, 
PrivilegeType.MANAGE_USER, false);
       grantSysPrivilegeAndCheck(client, "user1", "role1", true, 
PrivilegeType.MANAGE_ROLE, true);
-      grantSysPrivilegeAndCheck(client, "user1", "role1", false, 
PrivilegeType.MAINTAIN, true);
       grantPrivilegeAndCheck(
           client, "user1", "", true, new PrivilegeUnion("database", "table", 
PrivilegeType.SELECT));
       grantPrivilegeAndCheck(
diff --git 
a/integration-test/src/test/java/org/apache/iotdb/pipe/it/dual/tablemodel/manual/basic/IoTDBPipeLifeCycleIT.java
 
b/integration-test/src/test/java/org/apache/iotdb/pipe/it/dual/tablemodel/manual/basic/IoTDBPipeLifeCycleIT.java
index ff84de1f99c..eb16e26623d 100644
--- 
a/integration-test/src/test/java/org/apache/iotdb/pipe/it/dual/tablemodel/manual/basic/IoTDBPipeLifeCycleIT.java
+++ 
b/integration-test/src/test/java/org/apache/iotdb/pipe/it/dual/tablemodel/manual/basic/IoTDBPipeLifeCycleIT.java
@@ -725,35 +725,35 @@ public class IoTDBPipeLifeCycleIT extends 
AbstractPipeTableModelDualManualIT {
             + "  'connector.ip'='127.0.0.1',\n"
             + "  'connector.port'='6668'\n"
             + ")",
-        "803: Access Denied: No permissions for this operation, please add 
privilege MAINTAIN",
+        "803: Access Denied: No permissions for this operation, only root user 
is allowed",
         "test",
         "test123",
         null);
     assertTableNonQueryTestFail(
         senderEnv,
         "drop pipe testPipe",
-        "803: Access Denied: No permissions for this operation, please add 
privilege MAINTAIN",
+        "803: Access Denied: No permissions for this operation, only root user 
is allowed",
         "test",
         "test123",
         null);
     assertTableTestFail(
         senderEnv,
         "show pipes",
-        "803: Access Denied: No permissions for this operation, please add 
privilege MAINTAIN",
+        "803: Access Denied: No permissions for this operation, only root user 
is allowed",
         "test",
         "test123",
         null);
     assertTableNonQueryTestFail(
         senderEnv,
         "start pipe testPipe",
-        "803: Access Denied: No permissions for this operation, please add 
privilege MAINTAIN",
+        "803: Access Denied: No permissions for this operation, only root user 
is allowed",
         "test",
         "test123",
         null);
     assertTableNonQueryTestFail(
         senderEnv,
         "stop pipe testPipe",
-        "803: Access Denied: No permissions for this operation, please add 
privilege MAINTAIN",
+        "803: Access Denied: No permissions for this operation, only root user 
is allowed",
         "test",
         "test123",
         null);
@@ -761,21 +761,21 @@ public class IoTDBPipeLifeCycleIT extends 
AbstractPipeTableModelDualManualIT {
     assertTableNonQueryTestFail(
         senderEnv,
         "create pipePlugin TestProcessor as 
'org.apache.iotdb.db.pipe.example.TestProcessor' USING URI 'xxx'",
-        "803: Access Denied: No permissions for this operation, please add 
privilege MAINTAIN",
+        "803: Access Denied: No permissions for this operation, only root user 
is allowed",
         "test",
         "test123",
         null);
     assertTableNonQueryTestFail(
         senderEnv,
         "drop pipePlugin TestProcessor",
-        "803: Access Denied: No permissions for this operation, please add 
privilege MAINTAIN",
+        "803: Access Denied: No permissions for this operation, only root user 
is allowed",
         "test",
         "test123",
         null);
     assertTableTestFail(
         senderEnv,
         "show pipe plugins",
-        "803: Access Denied: No permissions for this operation, please add 
privilege MAINTAIN",
+        "803: Access Denied: No permissions for this operation, only root user 
is allowed",
         "test",
         "test123",
         null);
diff --git 
a/integration-test/src/test/java/org/apache/iotdb/relational/it/query/recent/IoTDBMaintainAuthIT.java
 
b/integration-test/src/test/java/org/apache/iotdb/relational/it/query/recent/IoTDBMaintainAuthIT.java
index a67113c30e9..e2d1ad48de1 100644
--- 
a/integration-test/src/test/java/org/apache/iotdb/relational/it/query/recent/IoTDBMaintainAuthIT.java
+++ 
b/integration-test/src/test/java/org/apache/iotdb/relational/it/query/recent/IoTDBMaintainAuthIT.java
@@ -34,7 +34,6 @@ import org.junit.runner.RunWith;
 import static org.apache.iotdb.db.auth.AuthorityChecker.ONLY_ADMIN_ALLOWED;
 import static org.apache.iotdb.db.it.utils.TestUtils.prepareTableData;
 import static org.apache.iotdb.db.it.utils.TestUtils.tableAssertTestFail;
-import static org.apache.iotdb.db.it.utils.TestUtils.tableExecuteTest;
 import static 
org.apache.iotdb.db.it.utils.TestUtils.tableQueryNoVerifyResultTest;
 
 @RunWith(IoTDBTestRunner.class)
@@ -53,7 +52,6 @@ public class IoTDBMaintainAuthIT {
         "CREATE TABLE table1(device_id STRING TAG, s1 INT32 FIELD)",
         "INSERT INTO table1(time,device_id,s1) values(1, 'd1', 1)",
         String.format(CREATE_USER_FORMAT, USER_1, PASSWORD),
-        "GRANT MAINTAIN TO USER " + USER_1,
         "GRANT SELECT ON TABLE table1 TO USER " + USER_1,
         "GRANT SELECT ON information_schema.queries TO USER " + USER_1,
         String.format(CREATE_USER_FORMAT, USER_2, PASSWORD)
@@ -123,59 +121,47 @@ public class IoTDBMaintainAuthIT {
     tableQueryNoVerifyResultTest("SHOW CURRENT_TIMESTAMP", expectedHeader, 
USER_2, PASSWORD);
 
     // case 7: show variables
-    expectedHeader = new String[] {"Variable", "Value"};
-    // user1 with MAINTAIN
-    tableQueryNoVerifyResultTest("SHOW VARIABLES", expectedHeader, USER_1, 
PASSWORD);
     // user2 without MAINTAIN
     tableAssertTestFail(
         "SHOW VARIABLES",
         TSStatusCode.NO_PERMISSION.getStatusCode()
-            + ": Access Denied: No permissions for this operation, please add 
privilege MAINTAIN",
+            + ": Access Denied: No permissions for this operation, only root 
user is allowed",
         USER_2,
         PASSWORD);
 
     // case 8: show cluster_id
-    expectedHeader = new String[] {"ClusterId"};
-    // user1 with MAINTAIN
-    tableQueryNoVerifyResultTest("SHOW CLUSTER_ID", expectedHeader, USER_1, 
PASSWORD);
     // user2 without MAINTAIN
     tableAssertTestFail(
         "SHOW CLUSTER_ID",
         TSStatusCode.NO_PERMISSION.getStatusCode()
-            + ": Access Denied: No permissions for this operation, please add 
privilege MAINTAIN",
+            + ": Access Denied: No permissions for this operation, only root 
user is allowed",
         USER_2,
         PASSWORD);
 
     // case 9: flush
-    // user1 with MAINTAIN
-    tableExecuteTest("FLUSH", USER_1, PASSWORD);
     // user2 without MAINTAIN
     tableAssertTestFail(
         "FLUSH",
         TSStatusCode.NO_PERMISSION.getStatusCode()
-            + ": Access Denied: No permissions for this operation, please add 
privilege MAINTAIN",
+            + ": Access Denied: No permissions for this operation, only root 
user is allowed",
         USER_2,
         PASSWORD);
 
     // case 10: clear cache
-    // user1 with MAINTAIN
-    tableExecuteTest("CLEAR CACHE", USER_1, PASSWORD);
     // user2 without MAINTAIN
     tableAssertTestFail(
         "CLEAR CACHE",
         TSStatusCode.NO_PERMISSION.getStatusCode()
-            + ": Access Denied: No permissions for this operation, please add 
privilege MAINTAIN",
+            + ": Access Denied: No permissions for this operation, only root 
user is allowed",
         USER_2,
         PASSWORD);
 
     // case 11: set configuration
-    // user1 with MAINTAIN
-    tableExecuteTest("SET CONFIGURATION query_timeout_threshold='100000'", 
USER_1, PASSWORD);
     // user2 without MAINTAIN
     tableAssertTestFail(
         "SET CONFIGURATION query_timeout_threshold='100000'",
         TSStatusCode.NO_PERMISSION.getStatusCode()
-            + ": Access Denied: No permissions for this operation, please add 
privilege MAINTAIN",
+            + ": Access Denied: No permissions for this operation, only root 
user is allowed",
         USER_2,
         PASSWORD);
 
@@ -183,76 +169,67 @@ public class IoTDBMaintainAuthIT {
     // user1 with select on information_schema.queries
     expectedHeader =
         new String[] {"query_id", "start_time", "datanode_id", "elapsed_time", 
"statement", "user"};
-    tableQueryNoVerifyResultTest("SHOW QUERIES", expectedHeader, USER_1, 
PASSWORD);
+    tableAssertTestFail(
+        "SHOW QUERIES",
+        TSStatusCode.NO_PERMISSION.getStatusCode()
+            + ": Access Denied: No permissions for this operation, only root 
user is allowed",
+        USER_1,
+        PASSWORD);
     // user2 without select on information_schema.queries
     tableAssertTestFail(
         "SHOW QUERIES",
         TSStatusCode.NO_PERMISSION.getStatusCode()
-            + ": Access Denied: No permissions for this operation, please add 
privilege SELECT ON information_schema.queries",
+            + ": Access Denied: No permissions for this operation, only root 
user is allowed",
         USER_2,
         PASSWORD);
 
     // case 13: kill query
-    // user1 with MAINTAIN
-    tableAssertTestFail(
-        "kill query '20250206_093300_00001_1'",
-        TSStatusCode.NO_SUCH_QUERY.getStatusCode() + ": No such query",
-        USER_1,
-        PASSWORD);
     // user2 without MAINTAIN
     tableAssertTestFail(
         "kill query '20250206_093300_00001_1'",
         TSStatusCode.NO_PERMISSION.getStatusCode()
-            + ": Access Denied: No permissions for this operation, please add 
privilege MAINTAIN",
+            + ": Access Denied: No permissions for this operation, only root 
user is allowed",
         USER_2,
         PASSWORD);
 
     // case 14: load configuration
-    // user1 with MAINTAIN
-    tableExecuteTest("LOAD CONFIGURATION", USER_1, PASSWORD);
     // user2 without MAINTAIN
     tableAssertTestFail(
         "LOAD CONFIGURATION",
         TSStatusCode.NO_PERMISSION.getStatusCode()
-            + ": Access Denied: No permissions for this operation, please add 
privilege MAINTAIN",
+            + ": Access Denied: No permissions for this operation, only root 
user is allowed",
         USER_2,
         PASSWORD);
 
     // case 15: set system status
-    // user1 with MAINTAIN
-    tableExecuteTest("SET SYSTEM TO RUNNING", USER_1, PASSWORD);
     // user2 without MAINTAIN
     tableAssertTestFail(
         "SET SYSTEM TO RUNNING",
         TSStatusCode.NO_PERMISSION.getStatusCode()
-            + ": Access Denied: No permissions for this operation, please add 
privilege MAINTAIN",
+            + ": Access Denied: No permissions for this operation, only root 
user is allowed",
         USER_2,
         PASSWORD);
 
     // case 16: start repair data
-    // user1 with MAINTAIN
-    tableExecuteTest("START REPAIR DATA", USER_1, PASSWORD);
     // user2 without MAINTAIN
     tableAssertTestFail(
         "START REPAIR DATA",
         TSStatusCode.NO_PERMISSION.getStatusCode()
-            + ": Access Denied: No permissions for this operation, please add 
privilege MAINTAIN",
+            + ": Access Denied: No permissions for this operation, only root 
user is allowed",
         USER_2,
         PASSWORD);
 
     // case 17: stop repair data
-    // user1 with MAINTAIN
-    tableExecuteTest("STOP REPAIR DATA", USER_1, PASSWORD);
     // user2 without MAINTAIN
     tableAssertTestFail(
         "STOP REPAIR DATA",
         TSStatusCode.NO_PERMISSION.getStatusCode()
-            + ": Access Denied: No permissions for this operation, please add 
privilege MAINTAIN",
+            + ": Access Denied: No permissions for this operation, only root 
user is allowed",
         USER_2,
         PASSWORD);
 
     // case 18: create function
-    // user1 with MAINTAIN
+    // user1 without MAINTAIN
     tableAssertTestFail(
         "create function udsf as 
'org.apache.iotdb.db.query.udf.example.relational.ContainNull'",
         TSStatusCode.NO_PERMISSION.getStatusCode() + ": Access Denied: " + 
ONLY_ADMIN_ALLOWED,
diff --git 
a/integration-test/src/test/java/org/apache/iotdb/subscription/it/local/IoTDBSubscriptionBasicIT.java
 
b/integration-test/src/test/java/org/apache/iotdb/subscription/it/local/IoTDBSubscriptionBasicIT.java
index 93ed3d48406..85b10588415 100644
--- 
a/integration-test/src/test/java/org/apache/iotdb/subscription/it/local/IoTDBSubscriptionBasicIT.java
+++ 
b/integration-test/src/test/java/org/apache/iotdb/subscription/it/local/IoTDBSubscriptionBasicIT.java
@@ -638,28 +638,28 @@ public class IoTDBSubscriptionBasicIT extends 
AbstractSubscriptionLocalIT {
     assertTableNonQueryTestFail(
         EnvFactory.getEnv(),
         "create topic topic1",
-        "803: Access Denied: No permissions for this operation, please add 
privilege MAINTAIN",
+        "803: Access Denied: No permissions for this operation, only root user 
is allowed",
         "test",
         "test123",
         null);
     assertTableTestFail(
         EnvFactory.getEnv(),
         "show topics",
-        "803: Access Denied: No permissions for this operation, please add 
privilege MAINTAIN",
+        "803: Access Denied: No permissions for this operation, only root user 
is allowed",
         "test",
         "test123",
         null);
     assertTableTestFail(
         EnvFactory.getEnv(),
         "show subscriptions",
-        "803: Access Denied: No permissions for this operation, please add 
privilege MAINTAIN",
+        "803: Access Denied: No permissions for this operation, only root user 
is allowed",
         "test",
         "test123",
         null);
     assertTableNonQueryTestFail(
         EnvFactory.getEnv(),
         "drop topic topic1",
-        "803: Access Denied: No permissions for this operation, please add 
privilege MAINTAIN",
+        "803: Access Denied: No permissions for this operation, only root user 
is allowed",
         "test",
         "test123",
         null);
diff --git 
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/Coordinator.java
 
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/Coordinator.java
index d10bac8b878..5b3e283ec7b 100644
--- 
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/Coordinator.java
+++ 
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/Coordinator.java
@@ -180,8 +180,9 @@ public class Coordinator {
     this.executor = getQueryExecutor();
     this.writeOperationExecutor = getWriteExecutor();
     this.scheduledExecutor = getScheduledExecutor();
+    this.accessControl = new AccessControlImpl(new ITableAuthCheckerImpl());
     this.statementRewrite =
-        new 
StatementRewriteFactory(LocalExecutionPlanner.getInstance().metadata)
+        new 
StatementRewriteFactory(LocalExecutionPlanner.getInstance().metadata, 
accessControl)
             .getStatementRewrite();
     this.logicalPlanOptimizers =
         new LogicalOptimizeFactory(
@@ -193,7 +194,6 @@ public class Coordinator {
                 new PlannerContext(
                     LocalExecutionPlanner.getInstance().metadata, new 
InternalTypeManager()))
             .getPlanOptimizers();
-    this.accessControl = new AccessControlImpl(new ITableAuthCheckerImpl());
     this.dataNodeLocationSupplier = 
DataNodeLocationSupplierFactory.getSupplier();
   }
 
diff --git 
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/execution/config/TableConfigTaskVisitor.java
 
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/execution/config/TableConfigTaskVisitor.java
index badd434c67d..553b2788f9e 100644
--- 
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/execution/config/TableConfigTaskVisitor.java
+++ 
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/execution/config/TableConfigTaskVisitor.java
@@ -359,7 +359,7 @@ public class TableConfigTaskVisitor extends 
AstVisitor<IConfigTask, MPPQueryCont
   protected IConfigTask visitShowCluster(
       final ShowCluster showCluster, final MPPQueryContext context) {
     context.setQueryType(QueryType.READ);
-    
accessControl.checkUserHasMaintainPrivilege(context.getSession().getUserName());
+    accessControl.checkUserIsAdmin(context.getSession().getUserName());
     // As the implementation is identical, we'll simply translate to the
     // corresponding tree-model variant and execute that.
     ShowClusterStatement treeStatement = new ShowClusterStatement();
@@ -371,7 +371,7 @@ public class TableConfigTaskVisitor extends 
AstVisitor<IConfigTask, MPPQueryCont
   protected IConfigTask visitShowRegions(
       final ShowRegions showRegions, final MPPQueryContext context) {
     context.setQueryType(QueryType.READ);
-    
accessControl.checkUserHasMaintainPrivilege(context.getSession().getUserName());
+    accessControl.checkUserIsAdmin(context.getSession().getUserName());
     // As the implementation is identical, we'll simply translate to the
     // corresponding tree-model variant and execute that.
     final ShowRegionStatement treeStatement = new ShowRegionStatement();
@@ -385,7 +385,7 @@ public class TableConfigTaskVisitor extends 
AstVisitor<IConfigTask, MPPQueryCont
   protected IConfigTask visitRemoveDataNode(
       final RemoveDataNode removeDataNode, final MPPQueryContext context) {
     context.setQueryType(QueryType.WRITE);
-    
accessControl.checkUserHasMaintainPrivilege(context.getSession().getUserName());
+    accessControl.checkUserIsAdmin(context.getSession().getUserName());
     // As the implementation is identical, we'll simply translate to the
     // corresponding tree-model variant and execute that.
     final RemoveDataNodeStatement treeStatement =
@@ -397,7 +397,7 @@ public class TableConfigTaskVisitor extends 
AstVisitor<IConfigTask, MPPQueryCont
   protected IConfigTask visitRemoveConfigNode(
       final RemoveConfigNode removeConfigNode, final MPPQueryContext context) {
     context.setQueryType(QueryType.WRITE);
-    
accessControl.checkUserHasMaintainPrivilege(context.getSession().getUserName());
+    accessControl.checkUserIsAdmin(context.getSession().getUserName());
     // As the implementation is identical, we'll simply translate to the
     // corresponding tree-model variant and execute that.
     final RemoveConfigNodeStatement treeStatement =
@@ -409,7 +409,7 @@ public class TableConfigTaskVisitor extends 
AstVisitor<IConfigTask, MPPQueryCont
   protected IConfigTask visitShowDataNodes(
       final ShowDataNodes showDataNodesStatement, final MPPQueryContext 
context) {
     context.setQueryType(QueryType.READ);
-    
accessControl.checkUserHasMaintainPrivilege(context.getSession().getUserName());
+    accessControl.checkUserIsAdmin(context.getSession().getUserName());
     return new ShowDataNodesTask();
   }
 
@@ -417,7 +417,7 @@ public class TableConfigTaskVisitor extends 
AstVisitor<IConfigTask, MPPQueryCont
   protected IConfigTask visitShowConfigNodes(
       final ShowConfigNodes showConfigNodesStatement, final MPPQueryContext 
context) {
     context.setQueryType(QueryType.READ);
-    
accessControl.checkUserHasMaintainPrivilege(context.getSession().getUserName());
+    accessControl.checkUserIsAdmin(context.getSession().getUserName());
     return new ShowConfigNodesTask();
   }
 
@@ -425,7 +425,7 @@ public class TableConfigTaskVisitor extends 
AstVisitor<IConfigTask, MPPQueryCont
   protected IConfigTask visitShowAINodes(
       final ShowAINodes showAINodesStatement, final MPPQueryContext context) {
     context.setQueryType(QueryType.READ);
-    
accessControl.checkUserHasMaintainPrivilege(context.getSession().getUserName());
+    accessControl.checkUserIsAdmin(context.getSession().getUserName());
     return new ShowAINodesTask();
   }
 
@@ -433,7 +433,7 @@ public class TableConfigTaskVisitor extends 
AstVisitor<IConfigTask, MPPQueryCont
   protected IConfigTask visitClearCache(
       final ClearCache clearCacheStatement, final MPPQueryContext context) {
     context.setQueryType(QueryType.WRITE);
-    
accessControl.checkUserHasMaintainPrivilege(context.getSession().getUserName());
+    accessControl.checkUserIsAdmin(context.getSession().getUserName());
     return new ClearCacheTask(clearCacheStatement);
   }
 
@@ -796,42 +796,42 @@ public class TableConfigTaskVisitor extends 
AstVisitor<IConfigTask, MPPQueryCont
   @Override
   protected IConfigTask visitFlush(final Flush node, final MPPQueryContext 
context) {
     context.setQueryType(QueryType.WRITE);
-    
accessControl.checkUserHasMaintainPrivilege(context.getSession().getUserName());
+    accessControl.checkUserIsAdmin(context.getSession().getUserName());
     return new FlushTask(((FlushStatement) node.getInnerTreeStatement()));
   }
 
   @Override
   protected IConfigTask visitSetConfiguration(SetConfiguration node, 
MPPQueryContext context) {
     context.setQueryType(QueryType.WRITE);
-    
accessControl.checkUserHasMaintainPrivilege(context.getSession().getUserName());
+    accessControl.checkUserIsAdmin(context.getSession().getUserName());
     return new SetConfigurationTask(((SetConfigurationStatement) 
node.getInnerTreeStatement()));
   }
 
   @Override
   protected IConfigTask visitStartRepairData(StartRepairData node, 
MPPQueryContext context) {
     context.setQueryType(QueryType.WRITE);
-    
accessControl.checkUserHasMaintainPrivilege(context.getSession().getUserName());
+    accessControl.checkUserIsAdmin(context.getSession().getUserName());
     return new StartRepairDataTask(((StartRepairDataStatement) 
node.getInnerTreeStatement()));
   }
 
   @Override
   protected IConfigTask visitStopRepairData(StopRepairData node, 
MPPQueryContext context) {
     context.setQueryType(QueryType.WRITE);
-    
accessControl.checkUserHasMaintainPrivilege(context.getSession().getUserName());
+    accessControl.checkUserIsAdmin(context.getSession().getUserName());
     return new StopRepairDataTask(((StopRepairDataStatement) 
node.getInnerTreeStatement()));
   }
 
   @Override
   protected IConfigTask visitLoadConfiguration(LoadConfiguration node, 
MPPQueryContext context) {
     context.setQueryType(QueryType.WRITE);
-    
accessControl.checkUserHasMaintainPrivilege(context.getSession().getUserName());
+    accessControl.checkUserIsAdmin(context.getSession().getUserName());
     return new LoadConfigurationTask(((LoadConfigurationStatement) 
node.getInnerTreeStatement()));
   }
 
   @Override
   protected IConfigTask visitSetSystemStatus(SetSystemStatus node, 
MPPQueryContext context) {
     context.setQueryType(QueryType.WRITE);
-    
accessControl.checkUserHasMaintainPrivilege(context.getSession().getUserName());
+    accessControl.checkUserIsAdmin(context.getSession().getUserName());
     return new SetSystemStatusTask(((SetSystemStatusStatement) 
node.getInnerTreeStatement()));
   }
 
@@ -882,7 +882,7 @@ public class TableConfigTaskVisitor extends 
AstVisitor<IConfigTask, MPPQueryCont
   @Override
   protected IConfigTask visitCreatePipe(final CreatePipe node, final 
MPPQueryContext context) {
     context.setQueryType(QueryType.WRITE);
-    
accessControl.checkUserHasMaintainPrivilege(context.getSession().getUserName());
+    accessControl.checkUserIsAdmin(context.getSession().getUserName());
 
     for (String ExtractorAttribute : node.getExtractorAttributes().keySet()) {
       if (ExtractorAttribute.startsWith(SystemConstant.SYSTEM_PREFIX_KEY)) {
@@ -903,7 +903,7 @@ public class TableConfigTaskVisitor extends 
AstVisitor<IConfigTask, MPPQueryCont
   @Override
   protected IConfigTask visitAlterPipe(AlterPipe node, MPPQueryContext 
context) {
     context.setQueryType(QueryType.WRITE);
-    
accessControl.checkUserHasMaintainPrivilege(context.getSession().getUserName());
+    accessControl.checkUserIsAdmin(context.getSession().getUserName());
 
     for (String ExtractorAttribute : node.getExtractorAttributes().keySet()) {
       if (ExtractorAttribute.startsWith(SystemConstant.SYSTEM_PREFIX_KEY)) {
@@ -926,35 +926,35 @@ public class TableConfigTaskVisitor extends 
AstVisitor<IConfigTask, MPPQueryCont
   @Override
   protected IConfigTask visitDropPipe(DropPipe node, MPPQueryContext context) {
     context.setQueryType(QueryType.WRITE);
-    
accessControl.checkUserHasMaintainPrivilege(context.getSession().getUserName());
+    accessControl.checkUserIsAdmin(context.getSession().getUserName());
     return new DropPipeTask(node);
   }
 
   @Override
   protected IConfigTask visitStartPipe(StartPipe node, MPPQueryContext 
context) {
     context.setQueryType(QueryType.WRITE);
-    
accessControl.checkUserHasMaintainPrivilege(context.getSession().getUserName());
+    accessControl.checkUserIsAdmin(context.getSession().getUserName());
     return new StartPipeTask(node);
   }
 
   @Override
   protected IConfigTask visitStopPipe(StopPipe node, MPPQueryContext context) {
     context.setQueryType(QueryType.WRITE);
-    
accessControl.checkUserHasMaintainPrivilege(context.getSession().getUserName());
+    accessControl.checkUserIsAdmin(context.getSession().getUserName());
     return new StopPipeTask(node);
   }
 
   @Override
   protected IConfigTask visitShowPipes(ShowPipes node, MPPQueryContext 
context) {
     context.setQueryType(QueryType.READ);
-    
accessControl.checkUserHasMaintainPrivilege(context.getSession().getUserName());
+    accessControl.checkUserIsAdmin(context.getSession().getUserName());
     return new ShowPipeTask(node);
   }
 
   @Override
   protected IConfigTask visitCreatePipePlugin(CreatePipePlugin node, 
MPPQueryContext context) {
     context.setQueryType(QueryType.WRITE);
-    
accessControl.checkUserHasMaintainPrivilege(context.getSession().getUserName());
+    accessControl.checkUserIsAdmin(context.getSession().getUserName());
     if (node.getUriString() != null && isUriTrusted(node.getUriString())) {
       // 1. user specified uri and that uri is trusted
       // 2. user doesn't specify uri
@@ -968,21 +968,21 @@ public class TableConfigTaskVisitor extends 
AstVisitor<IConfigTask, MPPQueryCont
   @Override
   protected IConfigTask visitDropPipePlugin(DropPipePlugin node, 
MPPQueryContext context) {
     context.setQueryType(QueryType.WRITE);
-    
accessControl.checkUserHasMaintainPrivilege(context.getSession().getUserName());
+    accessControl.checkUserIsAdmin(context.getSession().getUserName());
     return new DropPipePluginTask(node);
   }
 
   @Override
   protected IConfigTask visitShowPipePlugins(ShowPipePlugins node, 
MPPQueryContext context) {
     context.setQueryType(QueryType.READ);
-    
accessControl.checkUserHasMaintainPrivilege(context.getSession().getUserName());
+    accessControl.checkUserIsAdmin(context.getSession().getUserName());
     return new ShowPipePluginsTask(node);
   }
 
   @Override
   protected IConfigTask visitCreateTopic(CreateTopic node, MPPQueryContext 
context) {
     context.setQueryType(QueryType.WRITE);
-    
accessControl.checkUserHasMaintainPrivilege(context.getSession().getUserName());
+    accessControl.checkUserIsAdmin(context.getSession().getUserName());
 
     // Inject table model into the topic attributes
     node.getTopicAttributes()
@@ -994,21 +994,21 @@ public class TableConfigTaskVisitor extends 
AstVisitor<IConfigTask, MPPQueryCont
   @Override
   protected IConfigTask visitDropTopic(DropTopic node, MPPQueryContext 
context) {
     context.setQueryType(QueryType.WRITE);
-    
accessControl.checkUserHasMaintainPrivilege(context.getSession().getUserName());
+    accessControl.checkUserIsAdmin(context.getSession().getUserName());
     return new DropTopicTask(node);
   }
 
   @Override
   protected IConfigTask visitShowTopics(ShowTopics node, MPPQueryContext 
context) {
     context.setQueryType(QueryType.READ);
-    
accessControl.checkUserHasMaintainPrivilege(context.getSession().getUserName());
+    accessControl.checkUserIsAdmin(context.getSession().getUserName());
     return new ShowTopicsTask(node);
   }
 
   @Override
   protected IConfigTask visitShowSubscriptions(ShowSubscriptions node, 
MPPQueryContext context) {
     context.setQueryType(QueryType.READ);
-    
accessControl.checkUserHasMaintainPrivilege(context.getSession().getUserName());
+    accessControl.checkUserIsAdmin(context.getSession().getUserName());
     return new ShowSubscriptionsTask(node);
   }
 
@@ -1047,14 +1047,14 @@ public class TableConfigTaskVisitor extends 
AstVisitor<IConfigTask, MPPQueryCont
   @Override
   protected IConfigTask visitShowVariables(ShowVariables node, MPPQueryContext 
context) {
     context.setQueryType(QueryType.READ);
-    
accessControl.checkUserHasMaintainPrivilege(context.getSession().getUserName());
+    accessControl.checkUserIsAdmin(context.getSession().getUserName());
     return new ShowVariablesTask();
   }
 
   @Override
   protected IConfigTask visitShowClusterId(ShowClusterId node, MPPQueryContext 
context) {
     context.setQueryType(QueryType.READ);
-    
accessControl.checkUserHasMaintainPrivilege(context.getSession().getUserName());
+    accessControl.checkUserIsAdmin(context.getSession().getUserName());
     return new ShowClusterIdTask();
   }
 
@@ -1077,7 +1077,7 @@ public class TableConfigTaskVisitor extends 
AstVisitor<IConfigTask, MPPQueryCont
   @Override
   protected IConfigTask visitKillQuery(KillQuery node, MPPQueryContext 
context) {
     context.setQueryType(QueryType.WRITE);
-    
accessControl.checkUserHasMaintainPrivilege(context.getSession().getUserName());
+    accessControl.checkUserIsAdmin(context.getSession().getUserName());
     return new KillQueryTask(node);
   }
 
@@ -1111,7 +1111,7 @@ public class TableConfigTaskVisitor extends 
AstVisitor<IConfigTask, MPPQueryCont
   @Override
   protected IConfigTask visitMigrateRegion(MigrateRegion migrateRegion, 
MPPQueryContext context) {
     context.setQueryType(QueryType.WRITE);
-    
accessControl.checkUserHasMaintainPrivilege(context.getSession().getUserName());
+    accessControl.checkUserIsAdmin(context.getSession().getUserName());
     // As the implementation is identical, we'll simply translate to the
     // corresponding tree-model variant and execute that.
     return new MigrateRegionTask(migrateRegion);
@@ -1121,7 +1121,7 @@ public class TableConfigTaskVisitor extends 
AstVisitor<IConfigTask, MPPQueryCont
   protected IConfigTask visitReconstructRegion(
       ReconstructRegion reconstructRegion, MPPQueryContext context) {
     context.setQueryType(QueryType.WRITE);
-    
accessControl.checkUserHasMaintainPrivilege(context.getSession().getUserName());
+    accessControl.checkUserIsAdmin(context.getSession().getUserName());
     // As the implementation is identical, we'll simply translate to the
     // corresponding tree-model variant and execute that.
     return new ReconstructRegionTask(reconstructRegion);
@@ -1130,7 +1130,7 @@ public class TableConfigTaskVisitor extends 
AstVisitor<IConfigTask, MPPQueryCont
   @Override
   protected IConfigTask visitExtendRegion(ExtendRegion extendRegion, 
MPPQueryContext context) {
     context.setQueryType(QueryType.WRITE);
-    
accessControl.checkUserHasMaintainPrivilege(context.getSession().getUserName());
+    accessControl.checkUserIsAdmin(context.getSession().getUserName());
     // As the implementation is identical, we'll simply translate to the
     // corresponding tree-model variant and execute that.
     return new ExtendRegionTask(extendRegion);
@@ -1139,7 +1139,7 @@ public class TableConfigTaskVisitor extends 
AstVisitor<IConfigTask, MPPQueryCont
   @Override
   protected IConfigTask visitRemoveRegion(RemoveRegion removeRegion, 
MPPQueryContext context) {
     context.setQueryType(QueryType.WRITE);
-    
accessControl.checkUserHasMaintainPrivilege(context.getSession().getUserName());
+    accessControl.checkUserIsAdmin(context.getSession().getUserName());
     // As the implementation is identical, we'll simply translate to the
     // corresponding tree-model variant and execute that.
     return new RemoveRegionTask(removeRegion);
diff --git 
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/analyzer/StatementAnalyzerFactory.java
 
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/analyzer/StatementAnalyzerFactory.java
index 47b03729a51..ba63eb40990 100644
--- 
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/analyzer/StatementAnalyzerFactory.java
+++ 
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/analyzer/StatementAnalyzerFactory.java
@@ -66,4 +66,8 @@ public class StatementAnalyzerFactory {
       Metadata metadata, AccessControl accessControl) {
     return new StatementAnalyzerFactory(metadata, new SqlParser(), 
accessControl);
   }
+
+  public AccessControl getAccessControl() {
+    return accessControl;
+  }
 }
diff --git 
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/AccessControl.java
 
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/AccessControl.java
index a9724b2636c..b7e2d52f417 100644
--- 
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/AccessControl.java
+++ 
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/AccessControl.java
@@ -124,14 +124,6 @@ public interface AccessControl {
    */
   void checkCanShowOrDescTable(String userName, QualifiedObjectName tableName);
 
-  /**
-   * Check if user has global maintain privilege
-   *
-   * @param userName name of user
-   * @throws AccessDeniedException if not allowed
-   */
-  void checkUserHasMaintainPrivilege(String userName);
-
   /**
    * Check if user can run relational author statement.
    *
diff --git 
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/AccessControlImpl.java
 
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/AccessControlImpl.java
index cafdd13b138..6517347da36 100644
--- 
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/AccessControlImpl.java
+++ 
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/AccessControlImpl.java
@@ -92,11 +92,6 @@ public class AccessControlImpl implements AccessControl {
     authChecker.checkTableVisibility(userName, tableName);
   }
 
-  @Override
-  public void checkUserHasMaintainPrivilege(String userName) {
-    authChecker.checkGlobalPrivilege(userName, TableModelPrivilege.MAINTAIN);
-  }
-
   @Override
   public void checkUserCanRunRelationalAuthorStatement(
       String userName, RelationalAuthorStatement statement) {
@@ -274,6 +269,7 @@ public class AccessControlImpl implements AccessControl {
           authChecker.checkGlobalPrivilegeGrantOption(
               userName, TableModelPrivilege.getTableModelType(privilegeType));
         }
+        break;
       default:
         break;
     }
diff --git 
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/AllowAllAccessControl.java
 
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/AllowAllAccessControl.java
index 7843e1601e5..5dae236a2e3 100644
--- 
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/AllowAllAccessControl.java
+++ 
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/AllowAllAccessControl.java
@@ -78,11 +78,6 @@ public class AllowAllAccessControl implements AccessControl {
     // allow anything
   }
 
-  @Override
-  public void checkUserHasMaintainPrivilege(String userName) {
-    // allow anything
-  }
-
   @Override
   public void checkUserCanRunRelationalAuthorStatement(
       String userName, RelationalAuthorStatement statement) {
diff --git 
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/TableModelPrivilege.java
 
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/TableModelPrivilege.java
index 2fd59af8b6d..d8ec3d437a0 100644
--- 
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/TableModelPrivilege.java
+++ 
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/TableModelPrivilege.java
@@ -25,7 +25,6 @@ public enum TableModelPrivilege {
   // global privilege
   MANAGE_USER,
   MANAGE_ROLE,
-  MAINTAIN,
 
   // scope privilege
   CREATE,
@@ -41,8 +40,6 @@ public enum TableModelPrivilege {
         return PrivilegeType.MANAGE_ROLE;
       case MANAGE_USER:
         return PrivilegeType.MANAGE_USER;
-      case MAINTAIN:
-        return PrivilegeType.MAINTAIN;
       case CREATE:
         return PrivilegeType.CREATE;
       case DROP:
@@ -66,8 +63,6 @@ public enum TableModelPrivilege {
         return TableModelPrivilege.MANAGE_ROLE;
       case MANAGE_USER:
         return TableModelPrivilege.MANAGE_USER;
-      case MAINTAIN:
-        return TableModelPrivilege.MAINTAIN;
       case CREATE:
         return TableModelPrivilege.CREATE;
       case DROP:
diff --git 
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/sql/rewrite/ShowRewrite.java
 
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/sql/rewrite/ShowRewrite.java
index d852319169d..4648da64666 100644
--- 
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/sql/rewrite/ShowRewrite.java
+++ 
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/sql/rewrite/ShowRewrite.java
@@ -19,11 +19,13 @@
 
 package org.apache.iotdb.db.queryengine.plan.relational.sql.rewrite;
 
+import org.apache.iotdb.commons.schema.table.InformationSchema;
 import org.apache.iotdb.db.queryengine.common.SessionInfo;
 import org.apache.iotdb.db.queryengine.execution.warnings.WarningCollector;
 import org.apache.iotdb.db.queryengine.plan.relational.analyzer.NodeRef;
 import 
org.apache.iotdb.db.queryengine.plan.relational.analyzer.StatementAnalyzerFactory;
 import org.apache.iotdb.db.queryengine.plan.relational.metadata.Metadata;
+import org.apache.iotdb.db.queryengine.plan.relational.security.AccessControl;
 import org.apache.iotdb.db.queryengine.plan.relational.sql.ast.AllColumns;
 import org.apache.iotdb.db.queryengine.plan.relational.sql.ast.AstVisitor;
 import org.apache.iotdb.db.queryengine.plan.relational.sql.ast.CountStatement;
@@ -54,12 +56,12 @@ public final class ShowRewrite implements 
StatementRewrite.Rewrite {
   private final Metadata metadata;
 
   // private final SqlParser parser;
-  // private final AccessControl accessControl;
+  private final AccessControl accessControl;
 
-  public ShowRewrite(final Metadata metadata) {
+  public ShowRewrite(final Metadata metadata, final AccessControl 
accessControl) {
     this.metadata = requireNonNull(metadata, "metadata is null");
     // this.parser = requireNonNull(parser, "parser is null");
-    // this.accessControl = requireNonNull(accessControl, "accessControl is 
null");
+    this.accessControl = requireNonNull(accessControl, "accessControl is 
null");
   }
 
   @Override
@@ -70,25 +72,27 @@ public final class ShowRewrite implements 
StatementRewrite.Rewrite {
       final List<Expression> parameters,
       final Map<NodeRef<Parameter>, Expression> parameterLookup,
       final WarningCollector warningCollector) {
-    final Visitor visitor = new Visitor(metadata, session);
+    final Visitor visitor = new Visitor(metadata, session, accessControl);
     return (Statement) visitor.process(node, null);
   }
 
   private static class Visitor extends AstVisitor<Node, Void> {
     private final Metadata metadata;
     private final SessionInfo session;
+    private final AccessControl accessControl;
 
-    public Visitor(final Metadata metadata, final SessionInfo session) {
+    public Visitor(
+        final Metadata metadata, final SessionInfo session, final 
AccessControl accessControl) {
       this.metadata = requireNonNull(metadata, "metadata is null");
       this.session = requireNonNull(session, "session is null");
+      this.accessControl = requireNonNull(accessControl, "accessControl is 
null");
     }
 
     @Override
     protected Node visitShowStatement(final ShowStatement showStatement, final 
Void context) {
-      // CatalogSchemaName schema = createCatalogSchemaName(session, 
showQueries,
-      // showQueries.getSchema());
-
-      // accessControl.checkCanShowQueries(session.toSecurityContext(), 
schema);
+      if (InformationSchema.QUERIES.equals(showStatement.getTableName())) {
+        accessControl.checkUserIsAdmin(session.getUserName());
+      }
 
       return simpleQuery(
           selectList(new AllColumns()),
diff --git 
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/sql/rewrite/StatementRewriteFactory.java
 
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/sql/rewrite/StatementRewriteFactory.java
index ca3e850ff27..5536220508a 100644
--- 
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/sql/rewrite/StatementRewriteFactory.java
+++ 
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/sql/rewrite/StatementRewriteFactory.java
@@ -19,14 +19,16 @@
 package org.apache.iotdb.db.queryengine.plan.relational.sql.rewrite;
 
 import org.apache.iotdb.db.queryengine.plan.relational.metadata.Metadata;
+import org.apache.iotdb.db.queryengine.plan.relational.security.AccessControl;
 
 import com.google.common.collect.ImmutableSet;
 
 public class StatementRewriteFactory {
   private final StatementRewrite statementRewrite;
 
-  public StatementRewriteFactory(Metadata metadata) {
-    this.statementRewrite = new StatementRewrite(ImmutableSet.of(new 
ShowRewrite(metadata)));
+  public StatementRewriteFactory(Metadata metadata, AccessControl 
accessControl) {
+    this.statementRewrite =
+        new StatementRewrite(ImmutableSet.of(new ShowRewrite(metadata, 
accessControl)));
   }
 
   public StatementRewrite getStatementRewrite() {
diff --git 
a/iotdb-core/datanode/src/test/java/org/apache/iotdb/db/queryengine/plan/relational/analyzer/AnalyzerTest.java
 
b/iotdb-core/datanode/src/test/java/org/apache/iotdb/db/queryengine/plan/relational/analyzer/AnalyzerTest.java
index 6152c603da1..574d013a2fe 100644
--- 
a/iotdb-core/datanode/src/test/java/org/apache/iotdb/db/queryengine/plan/relational/analyzer/AnalyzerTest.java
+++ 
b/iotdb-core/datanode/src/test/java/org/apache/iotdb/db/queryengine/plan/relational/analyzer/AnalyzerTest.java
@@ -1271,7 +1271,7 @@ public class AnalyzerTest {
               statementAnalyzerFactory,
               Collections.emptyList(),
               Collections.emptyMap(),
-              new StatementRewriteFactory(metadata).getStatementRewrite(),
+              new StatementRewriteFactory(metadata, 
nopAccessControl).getStatementRewrite(),
               NOOP);
       return analyzer.analyze(statement);
     } catch (final Exception e) {
@@ -1296,7 +1296,7 @@ public class AnalyzerTest {
             statementAnalyzerFactory,
             Collections.emptyList(),
             Collections.emptyMap(),
-            new StatementRewriteFactory(metadata).getStatementRewrite(),
+            new StatementRewriteFactory(metadata, 
nopAccessControl).getStatementRewrite(),
             NOOP);
     return analyzer.analyze(statement);
   }
diff --git 
a/iotdb-core/datanode/src/test/java/org/apache/iotdb/db/queryengine/plan/relational/planner/PlanTester.java
 
b/iotdb-core/datanode/src/test/java/org/apache/iotdb/db/queryengine/plan/relational/planner/PlanTester.java
index 1448a97962d..9a98ab96c7b 100644
--- 
a/iotdb-core/datanode/src/test/java/org/apache/iotdb/db/queryengine/plan/relational/planner/PlanTester.java
+++ 
b/iotdb-core/datanode/src/test/java/org/apache/iotdb/db/queryengine/plan/relational/planner/PlanTester.java
@@ -39,6 +39,7 @@ import 
org.apache.iotdb.db.queryengine.plan.relational.metadata.Metadata;
 import 
org.apache.iotdb.db.queryengine.plan.relational.planner.distribute.TableDistributedPlanner;
 import 
org.apache.iotdb.db.queryengine.plan.relational.planner.optimizations.DataNodeLocationSupplierFactory;
 import 
org.apache.iotdb.db.queryengine.plan.relational.planner.optimizations.PlanOptimizer;
+import org.apache.iotdb.db.queryengine.plan.relational.security.AccessControl;
 import 
org.apache.iotdb.db.queryengine.plan.relational.security.AllowAllAccessControl;
 import org.apache.iotdb.db.queryengine.plan.relational.sql.ast.Statement;
 import org.apache.iotdb.db.queryengine.plan.relational.sql.parser.SqlParser;
@@ -161,7 +162,8 @@ public class PlanTester {
             0, "test", ZoneId.systemDefault(), databaseName, 
IClientSession.SqlDialect.TABLE);
     final MPPQueryContext context =
         new MPPQueryContext(sql, new QueryId("test_query"), session, null, 
null);
-    return analyzeStatement(statement, metadata, context, sqlParser, session);
+    return analyzeStatement(
+        statement, metadata, context, sqlParser, session, new 
AllowAllAccessControl());
   }
 
   public static Analysis analyzeStatement(
@@ -169,7 +171,8 @@ public class PlanTester {
       Metadata metadata,
       MPPQueryContext context,
       SqlParser sqlParser,
-      SessionInfo session) {
+      SessionInfo session,
+      AccessControl accessControl) {
     try {
       StatementAnalyzerFactory statementAnalyzerFactory =
           new StatementAnalyzerFactory(metadata, sqlParser, new 
AllowAllAccessControl());
@@ -181,7 +184,7 @@ public class PlanTester {
               statementAnalyzerFactory,
               Collections.emptyList(),
               Collections.emptyMap(),
-              new StatementRewriteFactory(metadata).getStatementRewrite(),
+              new StatementRewriteFactory(metadata, 
accessControl).getStatementRewrite(),
               NOOP);
       return analyzer.analyze(statement);
     } catch (Exception e) {
diff --git 
a/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/entity/PrivilegeType.java
 
b/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/entity/PrivilegeType.java
index d6852d99a86..773a1be38ba 100644
--- 
a/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/entity/PrivilegeType.java
+++ 
b/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/entity/PrivilegeType.java
@@ -93,7 +93,7 @@ public enum PrivilegeType {
   }
 
   public boolean forRelationalSys() {
-    return this == MAINTAIN || this == MANAGE_USER || this == MANAGE_ROLE;
+    return this == MANAGE_USER || this == MANAGE_ROLE;
   }
 
   public PrivilegeModelType getModelType() {
diff --git 
a/iotdb-core/relational-grammar/src/main/antlr4/org/apache/iotdb/db/relational/grammar/sql/RelationalSql.g4
 
b/iotdb-core/relational-grammar/src/main/antlr4/org/apache/iotdb/db/relational/grammar/sql/RelationalSql.g4
index 01da672b0a2..8e1ded08a06 100644
--- 
a/iotdb-core/relational-grammar/src/main/antlr4/org/apache/iotdb/db/relational/grammar/sql/RelationalSql.g4
+++ 
b/iotdb-core/relational-grammar/src/main/antlr4/org/apache/iotdb/db/relational/grammar/sql/RelationalSql.g4
@@ -673,7 +673,6 @@ objectScope
 systemPrivilege
     : MANAGE_USER
     | MANAGE_ROLE
-    | MAINTAIN
     ;
 
 objectPrivilege
@@ -1104,7 +1103,7 @@ nonReserved
     | JSON
     | KEEP | KEY | KEYS | KILL
     | LANGUAGE | LAST | LATERAL | LEADING | LEAVE | LEVEL | LIMIT | LINEAR | 
LOAD | LOCAL | LOGICAL | LOOP
-    | MAP | MATCH | MATCHED | MATCHES | MATCH_RECOGNIZE | MATERIALIZED | 
MEASURES | METHOD | MERGE | MICROSECOND | MIGRATE | MILLISECOND | MINUTE | 
MODIFY | MONTH
+    | MANAGE_ROLE | MANAGE_USER | MAP | MATCH | MATCHED | MATCHES | 
MATCH_RECOGNIZE | MATERIALIZED | MEASURES | METHOD | MERGE | MICROSECOND | 
MIGRATE | MILLISECOND | MINUTE | MODIFY | MONTH
     | NANOSECOND | NESTED | NEXT | NFC | NFD | NFKC | NFKD | NO | NODEID | 
NONE | NULLIF | NULLS
     | OBJECT | OF | OFFSET | OMIT | ONE | ONLY | OPTION | ORDINALITY | OUTPUT 
| OVER | OVERFLOW
     | PARTITION | PARTITIONS | PASSING | PAST | PATH | PATTERN | PER | PERIOD 
| PERMUTE | PIPE | PIPEPLUGIN | PIPEPLUGINS | PIPES | PLAN | POSITION | 
PRECEDING | PRECISION | PRIVILEGES | PREVIOUS | PROCESSLIST | PROCESSOR | 
PROPERTIES | PRUNE
@@ -1302,7 +1301,6 @@ LOCALTIME: 'LOCALTIME';
 LOCALTIMESTAMP: 'LOCALTIMESTAMP';
 LOGICAL: 'LOGICAL';
 LOOP: 'LOOP';
-MAINTAIN: 'MAINTAIN';
 MANAGE_ROLE: 'MANAGE_ROLE';
 MANAGE_USER: 'MANAGE_USER';
 MAP: 'MAP';

Reply via email to