[TASK][EASY] Support checks for Paimon system procudures in Authz

[SteNicholas]

Code of Conduct

• I agree to follow this project's Code of Conduct

Search before creating

• I have searched in the task list and found no similar tasks.

Mentor

• I have sufficient knowledge and experience of this task, and I volunteer to be the mentor of this task to guide contributors to complete the task.

Skill requirements

• Familiarize the Authz plugin, Ranger and Paimon Spark plugin
• Familiarize the Authz testing

Background and Goals

Paimon provides a series of system procedures for lifecycle management, which are essential for the lakehouse's administrator and users. And multiple plans may be executed in single procedure.
Now the Authz plugin supports checking privileges for DMLs and DDLs on Paimon tables, but system procedures are not in the range. It leaves a permission leaking to the Paimon table management.

This task is targeted to ensure privilege checking on the Spark system procedures of Paimon, including:

• Snapshot management
  • rollback
• Tag management
  • create_tag
  • delete_tag

Implementation steps

• Create e-2-e tests for Paimon in Authz tests for each procedures
• Prepare and provide proper test cases for positive and negative conditions in each procedure
• Solve the unsupported logical plans of the procedures, which may have multiple plans in single procedure

Additional context

No response

[fsk119]

Please assign it to me. I am willing to help