[Bug]: TestMilvusClientRbacAdvance collection privilege cases fail at using_database with PERMISSION_DENIED on branch 2.6

[NicoYuan1986]

Environment

• Milvus Version: unknown-20260601-0abab9cf85
• Deployment Mode: remote branch2.6 test environment
• MQ: unknown
• SDK: pymilvus 2.6.15rc2
• OS: unknown

Reproduction

Option B: Steps

1. Use the branch 2.6 Python client test code.
2. Run the RBAC advance class against the branch2.6 environment:

   cd tests/python_client
   pytest -o addopts=-p no:locust milvus_client/test_milvus_client_rbac.py::TestMilvusClientRbacAdvance -q

3. Observe 8 failures from the following 4 test groups (both with_db=False and with_db=True):
   • test_milvus_client_verify_grant_collection_load_privilege
   • test_milvus_client_verify_grant_collection_release_privilege
   • test_milvus_client_verify_grant_collection_insert_privilege
   • test_milvus_client_verify_grant_collection_delete_privilege
4. In all four cases, the failure happens before the actual collection operation is verified.

Trigger Conditions

• Frequency: always in the tested branch2.6 environment
• First observed after: granting only collection-level privileges and then calling using_database() with the limited user
• Does NOT happen when: not verified yet

Expected Behavior

After granting the intended collection-level privileges for Load/GetLoadingProgress, Release, Insert, or Delete, the corresponding RBAC test should be able to switch to the target database and verify the granted collection operation successfully.

If using_database() requires extra database-level privileges by design, the tests should explicitly grant those privileges before validating the collection-level behavior.

Actual Behavior

All four test groups fail at using_database(user_client, db_name) before reaching the intended collection operation.

The limited user receives PERMISSION_DENIED from DescribeDatabase, so the tests never get to validate the granted Load/Release/Insert/Delete privilege itself.

Error Logs

grpc RpcError: [describe_database], <_InactiveRpcError: StatusCode.PERMISSION_DENIED,
PrivilegeDescribeDatabase: permission deny to user_xxx in the `default` database>

AssertionError: Response of API using_database expect True, but got False

Affected call sites in tests/python_client/milvus_client/test_milvus_client_rbac.py:

• test_milvus_client_verify_grant_collection_load_privilege
• test_milvus_client_verify_grant_collection_release_privilege
• test_milvus_client_verify_grant_collection_insert_privilege
• test_milvus_client_verify_grant_collection_delete_privilege

Non-default Configuration

common.security.authorizationEnabled: true

Analysis Hints (Optional)

• The four failing tests are in TestMilvusClientRbacAdvance and currently grant only collection-level privileges before calling using_database(user_client, db_name).
• The immediate failure suggests using_database() depends on DescribeDatabase permission, which is not covered by the granted collection-level privileges.
• Related open issue: [Bug]: RBAC tests in test_milvus_client_rbac.py expect privileges that public role lacks — test_milvus_client_grant_privilege_with_db_not_exist / test_milvus_client_public_role_privilege_all_dbs fail under standalone-authentication #49699 tracks a similar PrivilegeDescribeDatabase permission mismatch in other RBAC tests, but this issue covers 4 additional TestMilvusClientRbacAdvance test groups (8 failures total).
• Likely resolution directions:
  • update these tests to explicitly grant the required database-level privilege before calling using_database(), or
  • avoid using_database() in these test flows if the purpose is to validate collection-level privileges only, or
  • revisit server-side RBAC semantics if collection-level grants are intended to allow switching into the target database.

[NicoYuan1986]

Follow-up reproduction on the same branch2.6 environment (10.104.19.23, pymilvus 2.6.15rc2):

TestMilvusClientRbacPrivilegeVerify: 26 passed, 1 skipped, 1 failed

The failing case is:

• tests/python_client/milvus_client/test_milvus_client_rbac.py::TestMilvusClientRbacPrivilegeVerify::test_milvus_client_public_role_privilege_all_dbs

Failure point:

• using_database(user_client, db_a)

Observed error:

grpc RpcError: [describe_database], StatusCode.PERMISSION_DENIED
PrivilegeDescribeDatabase: permission deny to user_xxx in the `default` database

This looks like the same root cause as the 4 TestMilvusClientRbacAdvance groups tracked in this issue:

• MilvusClient.using_database() calls describe_database() first
• the limited/public user does not have the required DescribeDatabase privilege
• the test fails before it can validate the intended cross-db/public-role behavior

So the scope is not limited to the 4 TestMilvusClientRbacAdvance groups; test_milvus_client_public_role_privilege_all_dbs is also affected by the same PrivilegeDescribeDatabase permission check on branch 2.6.