[feature](privilege) Support su user and other privilege feature

[seawinde]

What problem does this PR solve?

Overview

• admin_readonly is a built‑in role created at startup. It grants global read privileges (SELECT + SHOW VIEW) and is registered by the role manager.
• SU is implemented as a command that switches the current session user and sets an explicit role override list. It requires the current user to be root; otherwise it throws.

Role resolution flow

• When privileges are checked, the system builds a PrivilegeContext for the current session. If currentRoles is set on the session and the current user matches, that set is used for role resolution; otherwise the user’s default roles are used.
• Role resolution can also include LDAP roles when LDAP auth is enabled.

How admin_readonly affects behavior

• If the resolved role set contains admin_readonly, some “read‑only admin” shortcuts kick in:
  • SHOW RESOURCES is allowed.
  • SHOW WORKLOAD GROUP is allowed.
  • Process list visibility is expanded (both local and RPC paths check for admin_readonly).

How SU interacts with admin_readonly

• SU sets currentRoles explicitly. If admin_readonly is in that list (or comes from LDAP/local roles depending on resolution rules), the session gains the read‑only admin behaviors above.
• If SU specifies no roles, the current code falls back to the target user’s local roles (and then merges LDAP roles). So “no roles” does not mean “no privileges” by default.

Issue Number: close #xxx

Related PR: #xxx

Problem Summary:

Release note

None

Check List (For Author)

• Test

  • Regression test
  • Unit Test
  • Manual test (add detailed scripts or steps below)
  • No need to test or manual test. Explain why:
    • This is a refactor/code format and no logic has been changed.
    • Previous test can cover this change.
    • No code files have been changed.
    • Other reason

• Behavior changed:

  • No.
  • Yes.

• Does this need documentation?

  • No.
  • Yes.

Check List (For Reviewer who merge this PR)

• Confirm the release note
• Confirm test cases
• Confirm document
• Add branch pick label

[Thearas]

Thank you for your contribution to Apache Doris.
Don't know what should be done next? See How to process your PR.

Please clearly describe your PR:

1. What problem was fixed (it's best to include specific error reporting information). How it was fixed.
2. Which behaviors were modified. What was the previous behavior, what is it now, why was it modified, and what possible impacts might there be.
3. What features were added. Why was this function added?
4. Which code was refactored and why was this part of the code refactored?
5. Which functions were optimized and what is the difference before and after the optimization?

[seawinde]

run buildall

[hello-stephen]

Cloud UT Coverage Report

Increment line coverage 🎉

Increment coverage report
Complete coverage report

Category	Coverage
Function Coverage	79.32% (1795/2263)
Line Coverage	64.84% (31966/49300)
Region Coverage	65.56% (15951/24330)
Branch Coverage	56.07% (8480/15124)

[doris-robot]

TPC-H: Total hot run time: 30196 ms

machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/tpch-tools
Tpch sf100 test result on commit d1b85b6f3558381f17a94d5f422842efa8d37024, data reload: false

------ Round 1 ----------------------------------
q1	17630	4526	4329	4329
q2	1995	383	227	227
q3	10506	1324	740	740
q4	10366	783	311	311
q5	9469	2152	2132	2132
q6	219	176	145	145
q7	886	719	615	615
q8	9272	1383	1092	1092
q9	5004	4687	4614	4614
q10	6873	1958	1517	1517
q11	467	268	237	237
q12	401	378	220	220
q13	17835	4080	3237	3237
q14	230	232	220	220
q15	898	818	800	800
q16	696	674	618	618
q17	779	861	480	480
q18	6839	5942	5625	5625
q19	1293	990	619	619
q20	494	500	400	400
q21	2567	1851	1771	1771
q22	332	291	247	247
Total cold run time: 105051 ms
Total hot run time: 30196 ms

----- Round 2, with runtime_filter_mode=off -----
q1	4439	4343	4336	4336
q2	265	337	252	252
q3	2095	2665	2223	2223
q4	1343	1707	1326	1326
q5	4333	4179	4311	4179
q6	203	174	137	137
q7	1870	1783	1875	1783
q8	2623	2425	2378	2378
q9	7608	7449	7522	7449
q10	2902	3118	2719	2719
q11	525	463	439	439
q12	695	788	611	611
q13	3859	4297	3842	3842
q14	285	313	276	276
q15	856	825	816	816
q16	686	733	709	709
q17	1167	1387	1384	1384
q18	8336	8032	7869	7869
q19	873	863	852	852
q20	2028	2138	1991	1991
q21	4956	4339	4126	4126
q22	520	490	400	400
Total cold run time: 52467 ms
Total hot run time: 50097 ms

[doris-robot]

TPC-DS: Total hot run time: 190662 ms

machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/tpcds-tools
TPC-DS sf100 test result on commit d1b85b6f3558381f17a94d5f422842efa8d37024, data reload: false

query5	4365	602	478	478
query6	326	221	211	211
query7	4224	481	262	262
query8	333	236	240	236
query9	8681	2733	2714	2714
query10	506	377	332	332
query11	16516	16448	16240	16240
query12	180	117	118	117
query13	1241	430	339	339
query14	5661	3214	2951	2951
query14_1	2832	2774	2809	2774
query15	204	189	178	178
query16	984	484	434	434
query17	1096	690	585	585
query18	2443	445	346	346
query19	213	207	187	187
query20	131	124	123	123
query21	220	148	124	124
query22	5075	4932	4961	4932
query23	19250	18550	18372	18372
query23_1	18566	18379	18538	18379
query24	7177	1575	1220	1220
query24_1	1213	1239	1214	1214
query25	547	454	413	413
query26	1251	267	159	159
query27	2760	473	320	320
query28	4536	1871	1859	1859
query29	797	519	434	434
query30	317	261	221	221
query31	865	743	656	656
query32	84	79	71	71
query33	508	332	280	280
query34	943	900	564	564
query35	639	701	599	599
query36	1093	1128	997	997
query37	146	101	87	87
query38	2992	2963	2863	2863
query39	942	902	915	902
query39_1	851	886	877	877
query40	220	132	121	121
query41	68	62	65	62
query42	102	98	102	98
query43	457	444	401	401
query44	1326	718	712	712
query45	199	192	184	184
query46	882	973	603	603
query47	2051	2111	2030	2030
query48	304	331	221	221
query49	599	438	349	349
query50	667	274	211	211
query51	4097	4098	4074	4074
query52	103	101	93	93
query53	287	324	265	265
query54	298	267	263	263
query55	88	82	79	79
query56	315	323	308	308
query57	1406	1386	1295	1295
query58	295	257	257	257
query59	2032	2197	1966	1966
query60	345	326	310	310
query61	150	143	142	142
query62	594	578	502	502
query63	296	270	263	263
query64	4904	1218	929	929
query65	4572	4379	4460	4379
query66	1454	437	333	333
query67	16388	16286	16347	16286
query68	2456	1067	703	703
query69	408	310	281	281
query70	1030	919	979	919
query71	333	319	295	295
query72	2938	2779	2507	2507
query73	508	547	314	314
query74	9742	9732	9567	9567
query75	2883	2753	2539	2539
query76	2283	1052	677	677
query77	348	388	307	307
query78	11383	11390	10835	10835
query79	1080	942	595	595
query80	660	589	532	532
query81	506	292	247	247
query82	1344	148	117	117
query83	365	270	244	244
query84	257	129	108	108
query85	912	557	428	428
query86	384	305	316	305
query87	3120	3075	2993	2993
query88	3498	2648	2642	2642
query89	382	344	315	315
query90	1940	177	169	169
query91	178	164	125	125
query92	80	75	66	66
query93	874	882	485	485
query94	448	322	287	287
query95	582	327	384	327
query96	648	507	227	227
query97	2443	2509	2447	2447
query98	216	214	207	207
query99	928	919	829	829
Total cold run time: 261912 ms
Total hot run time: 190662 ms

[doris-robot]

ClickBench: Total hot run time: 28.13 s

machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/clickbench-tools
ClickBench test result on commit d1b85b6f3558381f17a94d5f422842efa8d37024, data reload: false

query1	0.06	0.05	0.05
query2	0.13	0.07	0.07
query3	0.30	0.08	0.08
query4	1.61	0.10	0.10
query5	0.26	0.24	0.25
query6	1.14	0.65	0.65
query7	0.03	0.02	0.02
query8	0.08	0.06	0.06
query9	0.59	0.50	0.50
query10	0.55	0.56	0.55
query11	0.26	0.14	0.13
query12	0.27	0.15	0.14
query13	0.64	0.61	0.60
query14	0.99	0.97	0.98
query15	0.92	0.82	0.83
query16	0.40	0.37	0.38
query17	1.08	0.99	1.03
query18	0.25	0.22	0.23
query19	1.90	1.86	1.71
query20	0.02	0.01	0.02
query21	15.39	0.35	0.30
query22	4.89	0.12	0.13
query23	15.33	0.45	0.29
query24	2.39	0.57	0.39
query25	0.11	0.12	0.11
query26	0.19	0.18	0.18
query27	0.12	0.12	0.11
query28	3.69	1.16	0.98
query29	12.51	4.16	3.32
query30	0.32	0.12	0.11
query31	2.80	0.68	0.45
query32	3.24	0.62	0.50
query33	3.00	3.12	3.14
query34	16.15	5.10	4.37
query35	4.56	4.53	4.48
query36	0.62	0.49	0.49
query37	0.31	0.09	0.08
query38	0.27	0.06	0.06
query39	0.08	0.05	0.05
query40	0.20	0.17	0.17
query41	0.14	0.07	0.07
query42	0.09	0.05	0.05
query43	0.06	0.06	0.05
Total cold run time: 97.94 s
Total hot run time: 28.13 s

[hello-stephen]

BE UT Coverage Report

Increment line coverage 🎉

Increment coverage report
Complete coverage report

Category	Coverage
Function Coverage	52.74% (19475/36923)
Line Coverage	36.25% (181487/500655)
Region Coverage	32.62% (140724/431358)
Branch Coverage	33.67% (61042/181313)

[seawinde]

run buildall

[hello-stephen]

Cloud UT Coverage Report

Increment line coverage 🎉

Increment coverage report
Complete coverage report

Category	Coverage
Function Coverage	79.32% (1795/2263)
Line Coverage	64.81% (31957/49311)
Region Coverage	65.50% (15941/24339)
Branch Coverage	56.00% (8474/15132)

[doris-robot]

TPC-H: Total hot run time: 30539 ms

machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/tpch-tools
Tpch sf100 test result on commit 543b0efa9b9d349a077d426412fc708f2f2be948, data reload: false

------ Round 1 ----------------------------------
q1	17606	4494	4312	4312
q2	2004	355	242	242
q3	10172	1351	745	745
q4	10185	778	323	323
q5	7551	2229	1961	1961
q6	209	177	148	148
q7	898	752	604	604
q8	9266	1423	1123	1123
q9	4969	4734	4659	4659
q10	6868	1948	1550	1550
q11	491	286	261	261
q12	408	374	224	224
q13	17763	4050	3268	3268
q14	234	231	209	209
q15	907	812	812	812
q16	686	671	610	610
q17	692	836	550	550
q18	6615	5933	5836	5836
q19	1135	1010	649	649
q20	502	497	383	383
q21	2602	1845	1821	1821
q22	331	283	249	249
Total cold run time: 102094 ms
Total hot run time: 30539 ms

----- Round 2, with runtime_filter_mode=off -----
q1	4352	4341	4354	4341
q2	260	328	247	247
q3	2049	2669	2217	2217
q4	1339	1725	1285	1285
q5	4273	4147	4211	4147
q6	228	176	137	137
q7	1867	1817	1662	1662
q8	2531	2770	2498	2498
q9	7563	7533	7564	7533
q10	2963	2969	2705	2705
q11	510	445	426	426
q12	700	786	621	621
q13	3974	4344	3465	3465
q14	314	311	296	296
q15	847	788	795	788
q16	690	743	675	675
q17	1146	1290	1411	1290
q18	8261	8269	7812	7812
q19	939	873	897	873
q20	2067	2166	2000	2000
q21	4808	4542	4562	4542
q22	544	487	411	411
Total cold run time: 52225 ms
Total hot run time: 49971 ms

[doris-robot]

TPC-DS: Total hot run time: 188737 ms

machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/tpcds-tools
TPC-DS sf100 test result on commit 543b0efa9b9d349a077d426412fc708f2f2be948, data reload: false

query5	4752	650	485	485
query6	369	217	195	195
query7	4210	469	296	296
query8	326	255	234	234
query9	8738	2745	2768	2745
query10	523	377	352	352
query11	17204	17010	16761	16761
query12	184	121	121	121
query13	1256	434	352	352
query14	6217	3203	2950	2950
query14_1	2750	2769	2747	2747
query15	202	190	169	169
query16	982	466	447	447
query17	1076	697	623	623
query18	2460	423	337	337
query19	201	199	176	176
query20	137	127	126	126
query21	226	139	118	118
query22	4853	5008	4905	4905
query23	17312	16898	16597	16597
query23_1	16756	16806	16714	16714
query24	7138	1567	1208	1208
query24_1	1203	1206	1204	1204
query25	557	433	390	390
query26	1228	286	154	154
query27	2754	455	295	295
query28	4556	1867	1870	1867
query29	758	576	451	451
query30	318	266	218	218
query31	877	709	658	658
query32	86	80	78	78
query33	511	329	300	300
query34	924	926	570	570
query35	651	706	597	597
query36	1083	1144	1020	1020
query37	136	99	84	84
query38	2983	2950	2900	2900
query39	867	852	842	842
query39_1	833	802	833	802
query40	224	139	122	122
query41	76	88	67	67
query42	107	105	106	105
query43	387	402	359	359
query44	1325	721	714	714
query45	203	199	186	186
query46	881	985	611	611
query47	2143	2175	2066	2066
query48	313	321	235	235
query49	618	440	360	360
query50	686	289	226	226
query51	4196	4141	4136	4136
query52	111	112	103	103
query53	305	339	285	285
query54	311	287	278	278
query55	92	95	81	81
query56	324	326	315	315
query57	1443	1343	1282	1282
query58	297	281	287	281
query59	2612	2660	2557	2557
query60	350	340	327	327
query61	171	173	176	173
query62	609	594	551	551
query63	314	282	284	282
query64	4976	1312	1054	1054
query65	4625	4567	4556	4556
query66	1449	457	351	351
query67	16519	16536	16215	16215
query68	2651	1100	707	707
query69	406	313	278	278
query70	1039	939	992	939
query71	337	329	303	303
query72	2970	2759	2522	2522
query73	526	551	319	319
query74	9680	9575	9341	9341
query75	2829	2747	2424	2424
query76	2398	1065	659	659
query77	365	386	301	301
query78	11100	11124	10392	10392
query79	1064	905	608	608
query80	822	560	506	506
query81	544	287	248	248
query82	1347	156	120	120
query83	359	265	241	241
query84	254	126	101	101
query85	886	465	432	432
query86	400	333	295	295
query87	3119	3096	2986	2986
query88	3608	2676	2655	2655
query89	432	372	350	350
query90	1799	188	173	173
query91	167	158	130	130
query92	78	75	67	67
query93	877	880	480	480
query94	500	310	301	301
query95	593	404	317	317
query96	649	517	232	232
query97	2498	2465	2417	2417
query98	232	216	212	212
query99	999	977	929	929
Total cold run time: 261228 ms
Total hot run time: 188737 ms

[doris-robot]

ClickBench: Total hot run time: 28.62 s

machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/clickbench-tools
ClickBench test result on commit 543b0efa9b9d349a077d426412fc708f2f2be948, data reload: false

query1	0.06	0.04	0.04
query2	0.09	0.04	0.04
query3	0.26	0.09	0.08
query4	1.61	0.12	0.11
query5	0.27	0.26	0.26
query6	1.19	0.70	0.67
query7	0.03	0.03	0.02
query8	0.05	0.03	0.04
query9	0.58	0.50	0.50
query10	0.54	0.55	0.53
query11	0.13	0.09	0.10
query12	0.14	0.11	0.10
query13	0.63	0.63	0.61
query14	1.07	1.06	1.04
query15	0.88	0.86	0.86
query16	0.39	0.39	0.44
query17	1.15	1.13	1.07
query18	0.23	0.22	0.22
query19	2.10	2.04	2.03
query20	0.02	0.01	0.01
query21	15.39	0.26	0.16
query22	5.36	0.05	0.06
query23	16.08	0.28	0.11
query24	1.75	0.60	0.62
query25	0.11	0.07	0.07
query26	0.16	0.13	0.14
query27	0.08	0.05	0.05
query28	5.17	1.13	0.97
query29	12.61	3.88	3.20
query30	0.27	0.13	0.14
query31	2.81	0.64	0.41
query32	3.24	0.59	0.51
query33	3.26	3.23	3.22
query34	16.21	5.40	4.71
query35	4.88	4.76	4.73
query36	0.66	0.50	0.49
query37	0.12	0.07	0.07
query38	0.07	0.05	0.04
query39	0.04	0.03	0.04
query40	0.21	0.16	0.14
query41	0.08	0.03	0.03
query42	0.04	0.03	0.03
query43	0.04	0.04	0.04
Total cold run time: 100.06 s
Total hot run time: 28.62 s

[hello-stephen]

BE UT Coverage Report

Increment line coverage 🎉

Increment coverage report
Complete coverage report

Category	Coverage
Function Coverage	52.70% (19491/36984)
Line Coverage	36.25% (181704/501264)
Region Coverage	32.59% (140838/432132)
Branch Coverage	33.62% (61056/181613)

[hello-stephen]

BE Regression && UT Coverage Report

Increment line coverage 100% (0/0) 🎉

Increment coverage report
Complete coverage report

Category	Coverage
Function Coverage	57.37% (20790/36240)
Line Coverage	40.37% (201847/500027)
Region Coverage	37.00% (161488/436512)
Branch Coverage	37.78% (68873/182317)

[hello-stephen]

FE Regression Coverage Report

Increment line coverage 49.57% (116/234) 🎉
Increment coverage report
Complete coverage report