[Bug]: [privilege_group] List alias is not forbidden when login with the user added in the role granted with the built-in privilege group "ClusterReadOnly"/"ClusterReadWrite"/"ClusterAdmin"

[binbinlv]

Is there an existing issue for this?

• I have searched the existing issues

Environment

- Milvus version: master-latest
- Deployment mode(standalone or cluster): both
- MQ type(rocksmq, pulsar or kafka):   all 
- SDK version(e.g. pymilvus v2.0.0rc2): 2.6.0rc2
- OS(Ubuntu or CentOS): 
- CPU/Memory: 
- GPU: 
- Others:

Current Behavior

List alias is not forbidden when login with the user added in the role granted with the built-in privilege group "ClusterReadOnly"/"ClusterReadWrite"/"ClusterAdmin"

Expected Behavior

List alias is forbidden when login with the user added in the role granted with the built-in privilege group "ClusterReadOnly"/"ClusterReadWrite"/"ClusterAdmin"

Steps To Reproduce

from pymilvus import connections
from pymilvus import CollectionSchema, FieldSchema
from pymilvus import Collection
from pymilvus import connections
from pymilvus import DataType
from pymilvus import Partition
from pymilvus import utility
from pymilvus import MilvusClient
from pymilvus import Role

connections.connect(host="***", user="root", password="Milvus")
client = MilvusClient(uri="http://***:19530", user="root", password="Milvus")
client.create_collection("binbin_new", dimension=128)
role = Role("binbin")
role.create()
utility.list_roles(True)
utility.create_user(user="user1", password="Milvus")
role.add_user("user1")
utility.list_roles(True)
role.list_grants()
role.grant_v2("ClusterReadOnly", "*", "*")
utility.create_alias("binbin_new", "binbin_new_alias")
res = utility.list_aliases("binbin_new")
print(res)
connections.connect(host="***", user="user1", password="Milvus")
res = utility.list_aliases("binbin_new")
print(res)

Milvus Log

No response

Anything else?

No response

[binbinlv]

And the followings in red "N" do not work as expected:

[binbinlv]

/assign @shaoting-huang

[sre-ci-robot]

@binbinlv: GitHub didn't allow me to assign the following users: shaoting-huang.

Note that only milvus-io members, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time.
For more information please see the contributor guide

In response to this:

/assign @shaoting-huang

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[shaoting-huang]

/assign

[shaoting-huang]

• ✅ PrivilegeIndexDetail: https://milvus.io/docs/users_and_roles.md, is built in privilege，no need to fix。
• ✅ PrivilegeShowCollections: it only shows the collections in the condition that the users are granted on the collection with collection object type privileges like Insert, Delete, Upsert, etc.

>>> role.grant_v2("Insert", "default", "binbin_new")
>>> role.list_grants()
GrantInfo groups:
- GrantItem: <object:Collection>, <object_name:binbin_new>, <db_name:default>, <role_name:binbin>, <grantor_name:root>, <privilege:Insert>
>>> connections.disconnect('default')
>>> connections.connect(host="localhost", user="user1", password="Milvus")
>>> utility.list_collections()
['binbin_new']

• ❌ PrivilegeListAliases: legacy issue, should fix in grant v1.
• ✅ PrivilegeDescribeCollection: https://milvus.io/docs/users_and_roles.md, is built in privilege，no need to fix。
• ✅ PrivilegeDescribeAlias: the api for describe alias is below:

client = MilvusClient(uri="http://localhost:19530", user="user1", password="Milvus")
client.describe_alias("binbin_new")
grpc_message:"PrivilegeDescribeAlias: permission deny to user1 in the `default` database"}"

[shaoting-huang]

After discussion, ListAliases is going to be added to public role. Users will have listAliases privilege by default.

[binbinlv]

OK, then it is as designed now, close this issue.