[apache#5106] improve(auth-ranger): Filter Catalog securiable object …

…in the onOwnerSet

authorizations/authorization-ranger/src/main/java/org/apache/gravitino/authorization/ranger/RangerAuthorizationPlugin.java

@@ -181,6 +181,10 @@ public Boolean onRoleUpdated(Role role, RoleChange... changes) throws RuntimeExc
   @Override
   public Boolean onOwnerSet(MetadataObject metadataObject, Owner preOwner, Owner newOwner)
       throws RuntimeException {
+    if (metadataObject.type() == MetadataObject.Type.CATALOG) {
+      // The catalog object doesn't support the owner operation
+      return Boolean.FALSE;
+    }
     RangerHelper.check(newOwner != null, "The newOwner must be not null");
 
     // Add the user or group to the Ranger

authorizations/authorization-ranger/src/test/java/org/apache/gravitino/authorization/ranger/integration/test/RangerHiveIT.java

@@ -662,6 +662,16 @@ public void testOnOwnerSet() {
         Lists.newArrayList(groupName1));
   }
 
+  @Test
+  public void testOnOwnerSetCatalog() {
+    MetadataObject metadataObject =
+            MetadataObjects.parse(
+                    String.format("catalog-%s", currentFunName()), MetadataObject.Type.CATALOG);
+    String userName1 = "user1";
+    Owner owner1 = new MockOwner(userName1, Owner.Type.USER);
+    Assertions.assertFalse(rangerAuthPlugin.onOwnerSet(metadataObject, null, owner1));
+  }
+
   @Test
   public void testCreateUser() {
     UserEntity user =