[Enhancement](tvf) Backends tvf supports authentication (apache#20333)

Add authentication for backends tvf.

docs/en/docs/sql-manual/sql-functions/table-functions/backends.md

@@ -81,6 +81,8 @@ mysql> desc function backends();
 
 The information displayed by the `backends` tvf is basically consistent with the information displayed by the `show backends` statement. However, the types of each field in the `backends` tvf are more specific, and you can use the `backends` tvf to perform operations such as filtering and joining.
 
+The information displayed by the `backends` tvf is authenticated, which is consistent with the behavior of `show backends`, user must have ADMIN/OPERATOR privelege.
+
 ### example
 ```
 mysql> select * from backends()\G

docs/zh-CN/docs/sql-manual/sql-functions/table-functions/backends.md

@@ -78,7 +78,9 @@ mysql> desc function backends();
 25 rows in set (0.04 sec)
 ```
 
-`backends()` tvf展示出来的信息基本与 `show backends` 语句展示出的信息一致,但是`backends()` tvf的各个字段类型更加明确，且可以利用tvf生成的表去做过滤、join等操作。
+`backends()` tvf展示出来的信息基本与 `show backends` 语句展示出的信息一致,但是 `backends()` tvf的各个字段类型更加明确，且可以利用tvf生成的表去做过滤、join等操作。
+
+对 `backends()` tvf信息展示进行了鉴权，与 `show backends` 行为保持一致，要求用户具有 ADMIN/OPERATOR 权限。
 
 ### example
 ```

fe/fe-core/src/main/java/org/apache/doris/analysis/ShowBackendsStmt.java

@@ -20,9 +20,9 @@
 import org.apache.doris.catalog.Column;
 import org.apache.doris.catalog.Env;
 import org.apache.doris.catalog.ScalarType;
-import org.apache.doris.common.AnalysisException;
 import org.apache.doris.common.ErrorCode;
 import org.apache.doris.common.ErrorReport;
+import org.apache.doris.common.UserException;
 import org.apache.doris.common.proc.BackendsProcDir;
 import org.apache.doris.mysql.privilege.PrivPredicate;
 import org.apache.doris.qe.ConnectContext;
@@ -34,7 +34,9 @@ public ShowBackendsStmt() {
     }
 
     @Override
-    public void analyze(Analyzer analyzer) throws AnalysisException {
+    public void analyze(Analyzer analyzer) throws UserException {
+        super.analyze(analyzer);
+
         if (!Env.getCurrentEnv().getAccessManager().checkGlobalPriv(ConnectContext.get(), PrivPredicate.ADMIN)
                 && !Env.getCurrentEnv().getAccessManager().checkGlobalPriv(ConnectContext.get(),
                                                                           PrivPredicate.OPERATOR)) {

fe/fe-core/src/main/java/org/apache/doris/analysis/TableValuedFunctionRef.java

@@ -17,10 +17,16 @@
 
 package org.apache.doris.analysis;
 
+import org.apache.doris.catalog.Env;
 import org.apache.doris.catalog.Table;
 import org.apache.doris.common.AnalysisException;
+import org.apache.doris.common.ErrorCode;
+import org.apache.doris.common.ErrorReport;
+import org.apache.doris.mysql.privilege.PrivPredicate;
 import org.apache.doris.planner.PlanNodeId;
 import org.apache.doris.planner.ScanNode;
+import org.apache.doris.qe.ConnectContext;
+import org.apache.doris.tablefunction.BackendsTableValuedFunction;
 import org.apache.doris.tablefunction.TableValuedFunctionIf;
 
 import java.util.Map;
@@ -96,6 +102,16 @@ public void analyze(Analyzer analyzer) throws AnalysisException {
         if (isAnalyzed) {
             return;
         }
+
+        // check privilige for backends tvf
+        if (funcName.equalsIgnoreCase(BackendsTableValuedFunction.NAME)) {
+            if (!Env.getCurrentEnv().getAccessManager().checkGlobalPriv(ConnectContext.get(), PrivPredicate.ADMIN)
+                    && !Env.getCurrentEnv().getAccessManager().checkGlobalPriv(ConnectContext.get(),
+                                                                            PrivPredicate.OPERATOR)) {
+                ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR, "ADMIN/OPERATOR");
+            }
+        }
+
         desc = analyzer.registerTableRef(this);
         isAnalyzed = true; // true that we have assigned desc
         analyzeJoin(analyzer);

fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/PrivPredicate.java

@@ -29,7 +29,7 @@ public class PrivPredicate {
             Privilege.CREATE_PRIV,
             Privilege.DROP_PRIV),
             Operator.OR);
-    //show resources
+    // show resources
     public static final PrivPredicate SHOW_RESOURCES = PrivPredicate.of(PrivBitSet.of(Privilege.ADMIN_PRIV,
             Privilege.USAGE_PRIV),
             Operator.OR);