cherry pick pingcap#3198 to release-3.1

Signed-off-by: ti-srebot <ti-srebot@pingcap.com>
ti-srebot · Jul 8, 2020 · 3a0516c · 3a0516c
1 parent 800a0d7
commit 3a0516c
Show file tree

Hide file tree

Showing 8 changed files with 1,081 additions and 1 deletion.
diff --git a/TOC.md b/TOC.md
@@ -101,6 +101,7 @@
     - [Troubleshoot TiDB Lightning](/troubleshoot-tidb-lightning.md)
 + Reference
   + SQL
+<<<<<<< HEAD
     - [MySQL Compatibility](/mysql-compatibility.md)
     + SQL Language Structure
       - [Literal Values](/literal-values.md)
@@ -111,6 +112,131 @@
       - [Comment Syntax](/comment-syntax.md)
     + Attributes
       - [`AUTO_RANDOM`](/auto-random.md)
+=======
+    + SQL Language Structure and Syntax
+      + Attributes
+        + [AUTO_INCREMENT](/auto-increment.md)
+        + [AUTO_RANDOM](/auto-random.md)
+      + [Literal Values](/literal-values.md)
+      + [Schema Object Names](/schema-object-names.md)
+      + [Keywords and Reserved Words](/keywords.md)
+      + [User-Defined Variables](/user-defined-variables.md)
+      + [Expression Syntax](/expression-syntax.md)
+      + [Comment Syntax](/comment-syntax.md)
+    + SQL Statements
+      + [`ADD COLUMN`](/sql-statements/sql-statement-add-column.md)
+      + [`ADD INDEX`](/sql-statements/sql-statement-add-index.md)
+      + [`ADMIN`](/sql-statements/sql-statement-admin.md)
+      + [`ALTER DATABASE`](/sql-statements/sql-statement-alter-database.md)
+      + [`ALTER INDEX`](/sql-statements/sql-statement-alter-index.md)
+      + [`ALTER INSTANCE`](/sql-statements/sql-statement-alter-instance.md)
+      + [`ALTER TABLE`](/sql-statements/sql-statement-alter-table.md)
+      + [`ALTER USER`](/sql-statements/sql-statement-alter-user.md)
+      + [`ANALYZE TABLE`](/sql-statements/sql-statement-analyze-table.md)
+      + [`BACKUP`](/sql-statements/sql-statement-backup.md)
+      + [`BEGIN`](/sql-statements/sql-statement-begin.md)
+      + [`CHANGE COLUMN`](/sql-statements/sql-statement-change-column.md)
+      + [`COMMIT`](/sql-statements/sql-statement-commit.md)
+      + [`CHANGE DRAINER`](/sql-statements/sql-statement-change-drainer.md)
+      + [`CHANGE PUMP`](/sql-statements/sql-statement-change-pump.md)
+      + [`CREATE BINDING`](/sql-statements/sql-statement-create-binding.md)
+      + [`CREATE DATABASE`](/sql-statements/sql-statement-create-database.md)
+      + [`CREATE INDEX`](/sql-statements/sql-statement-create-index.md)
+      + [`CREATE ROLE`](/sql-statements/sql-statement-create-role.md)
+      + [`CREATE SEQUENCE`](/sql-statements/sql-statement-create-sequence.md)
+      + [`CREATE TABLE LIKE`](/sql-statements/sql-statement-create-table-like.md)
+      + [`CREATE TABLE`](/sql-statements/sql-statement-create-table.md)
+      + [`CREATE USER`](/sql-statements/sql-statement-create-user.md)
+      + [`CREATE VIEW`](/sql-statements/sql-statement-create-view.md)
+      + [`DEALLOCATE`](/sql-statements/sql-statement-deallocate.md)
+      + [`DELETE`](/sql-statements/sql-statement-delete.md)
+      + [`DESC`](/sql-statements/sql-statement-desc.md)
+      + [`DESCRIBE`](/sql-statements/sql-statement-describe.md)
+      + [`DO`](/sql-statements/sql-statement-do.md)
+      + [`DROP BINDING`](/sql-statements/sql-statement-drop-binding.md)
+      + [`DROP COLUMN`](/sql-statements/sql-statement-drop-column.md)
+      + [`DROP DATABASE`](/sql-statements/sql-statement-drop-database.md)
+      + [`DROP INDEX`](/sql-statements/sql-statement-drop-index.md)
+      + [`DROP ROLE`](/sql-statements/sql-statement-drop-role.md)
+      + [`DROP SEQUENCE`](/sql-statements/sql-statement-drop-sequence.md)
+      + [`DROP STATS`](/sql-statements/sql-statement-drop-stats.md)
+      + [`DROP TABLE`](/sql-statements/sql-statement-drop-table.md)
+      + [`DROP USER`](/sql-statements/sql-statement-drop-user.md)
+      + [`DROP VIEW`](/sql-statements/sql-statement-drop-view.md)
+      + [`EXECUTE`](/sql-statements/sql-statement-execute.md)
+      + [`EXPLAIN ANALYZE`](/sql-statements/sql-statement-explain-analyze.md)
+      + [`EXPLAIN`](/sql-statements/sql-statement-explain.md)
+      + [`FLASHBACK TABLE`](/sql-statements/sql-statement-flashback-table.md)
+      + [`FLUSH PRIVILEGES`](/sql-statements/sql-statement-flush-privileges.md)
+      + [`FLUSH STATUS`](/sql-statements/sql-statement-flush-status.md)
+      + [`FLUSH TABLES`](/sql-statements/sql-statement-flush-tables.md)
+      + [`GRANT <privileges>`](/sql-statements/sql-statement-grant-privileges.md)
+      + [`GRANT <role>`](/sql-statements/sql-statement-grant-role.md)
+      + [`INSERT`](/sql-statements/sql-statement-insert.md)
+      + [`KILL [TIDB]`](/sql-statements/sql-statement-kill.md)
+      + [`LOAD DATA`](/sql-statements/sql-statement-load-data.md)
+      + [`LOAD STATS`](/sql-statements/sql-statement-load-stats.md)
+      + [`MODIFY COLUMN`](/sql-statements/sql-statement-modify-column.md)
+      + [`PREPARE`](/sql-statements/sql-statement-prepare.md)
+      + [`RECOVER TABLE`](/sql-statements/sql-statement-recover-table.md)
+      + [`RENAME INDEX`](/sql-statements/sql-statement-rename-index.md)
+      + [`RENAME TABLE`](/sql-statements/sql-statement-rename-table.md)
+      + [`REPLACE`](/sql-statements/sql-statement-replace.md)
+      + [`RESTORE`](/sql-statements/sql-statement-restore.md)
+      + [`REVOKE <privileges>`](/sql-statements/sql-statement-revoke-privileges.md)
+      + [`REVOKE <role>`](/sql-statements/sql-statement-revoke-role.md)
+      + [`ROLLBACK`](/sql-statements/sql-statement-rollback.md)
+      + [`SELECT`](/sql-statements/sql-statement-select.md)
+      + [`SET [NAMES|CHARACTER SET]`](/sql-statements/sql-statement-set-names.md)
+      + [`SET PASSWORD`](/sql-statements/sql-statement-set-password.md)
+      + [`SET ROLE`](/sql-statements/sql-statement-set-role.md)
+      + [`SET TRANSACTION`](/sql-statements/sql-statement-set-transaction.md)
+      + [`SET [GLOBAL|SESSION] <variable>`](/sql-statements/sql-statement-set-variable.md)
+      + [`SHOW ANALYZE STATUS`](/sql-statements/sql-statement-show-analyze-status.md)
+      + [`SHOW [BACKUPS|RESTORES]`](/sql-statements/sql-statement-show-backups.md)
+      + [`SHOW BINDINGS`](/sql-statements/sql-statement-show-bindings.md)
+      + [`SHOW BUILTINS`](/sql-statements/sql-statement-show-builtins.md)
+      + [`SHOW CHARACTER SET`](/sql-statements/sql-statement-show-character-set.md)
+      + [`SHOW COLLATION`](/sql-statements/sql-statement-show-collation.md)
+      + [`SHOW [FULL] COLUMNS FROM`](/sql-statements/sql-statement-show-columns-from.md)
+      + [`SHOW CONFIG`](/sql-statements/sql-statement-show-config.md)
+      + [`SHOW CREATE SEQUENCE`](/sql-statements/sql-statement-show-create-sequence.md)
+      + [`SHOW CREATE TABLE`](/sql-statements/sql-statement-show-create-table.md)
+      + [`SHOW CREATE USER`](/sql-statements/sql-statement-show-create-user.md)
+      + [`SHOW DATABASES`](/sql-statements/sql-statement-show-databases.md)
+      + [`SHOW DRAINER STATUS`](/sql-statements/sql-statement-show-drainer-status.md)
+      + [`SHOW DEFAULT ROLE`](/sql-statements/sql-statement-set-default-role.md)
+      + [`SHOW ENGINES`](/sql-statements/sql-statement-show-engines.md)
+      + [`SHOW ERRORS`](/sql-statements/sql-statement-show-errors.md)
+      + [`SHOW [FULL] FIELDS FROM`](/sql-statements/sql-statement-show-fields-from.md)
+      + [`SHOW GRANTS`](/sql-statements/sql-statement-show-grants.md)
+      + [`SHOW INDEX [FROM|IN]`](/sql-statements/sql-statement-show-index.md)
+      + [`SHOW INDEXES [FROM|IN]`](/sql-statements/sql-statement-show-indexes.md)
+      + [`SHOW KEYS [FROM|IN]`](/sql-statements/sql-statement-show-keys.md)
+      + [`SHOW MASTER STATUS`](/sql-statements/sql-statement-show-master-status.md)
+      + [`SHOW PLUGINS`](/sql-statements/sql-statement-show-plugins.md)
+      + [`SHOW PRIVILEGES`](/sql-statements/sql-statement-show-privileges.md)
+      + [`SHOW [FULL] PROCESSSLIST`](/sql-statements/sql-statement-show-processlist.md)
+      + [`SHOW PROFILES`](/sql-statements/sql-statement-show-profiles.md)
+      + [`SHOW PUMP STATUS`](/sql-statements/sql-statement-show-pump-status.md)
+      + [`SHOW SCHEMAS`](/sql-statements/sql-statement-show-schemas.md)
+      + [`SHOW STATS_HISTOGRAMS`](/sql-statements/sql-statement-show-histograms.md)
+      + [`SHOW STATES_META`](/sql-statements/sql-statement-show-stats-meta.md)
+      + [`SHOW STATUS`](/sql-statements/sql-statement-show-status.md)
+      + [`SHOW TABLE NEXT_ROW_ID`](/sql-statements/sql-statement-show-table-next-rowid.md)
+      + [`SHOW TABLE REGIONS`](/sql-statements/sql-statement-show-table-regions.md)
+      + [`SHOW TABLE STATUS`](/sql-statements/sql-statement-show-table-status.md)
+      + [`SHOW [FULL] TABLES`](/sql-statements/sql-statement-show-tables.md)
+      + [`SHOW [GLOBAL|SESSION] VARIABLES`](/sql-statements/sql-statement-show-variables.md)
+      + [`SHOW WARNINGS`](/sql-statements/sql-statement-show-warnings.md)
+      + [`SHUTDOWN`](/sql-statements/sql-statement-shutdown.md)
+      + [`SPLIT REGION`](/sql-statements/sql-statement-split-region.md)
+      + [`START TRANSACTION`](/sql-statements/sql-statement-start-transaction.md)
+      + [`TRACE`](/sql-statements/sql-statement-trace.md)
+      + [`TRUNCATE`](/sql-statements/sql-statement-truncate.md)
+      + [`UPDATE`](/sql-statements/sql-statement-update.md)
+      + [`USE`](/sql-statements/sql-statement-use.md)
+>>>>>>> 15966df... sql-statements: add statement reference for ROLES (#3198)
     + Data Types
       - [Overview](/data-type-overview.md)
       - [Default Values](/data-type-default-values.md)

diff --git a/sql-statements/sql-statement-create-role.md b/sql-statements/sql-statement-create-role.md
@@ -0,0 +1,169 @@
+---
+title: CREATE ROLE | TiDB SQL Statement Reference
+summary: An overview of the usage of CREATE ROLE for the TiDB database.
+category: reference
+---
+
+# CREATE ROLE
+
+This statement creates a new role, which can be assigned to users as part of role-based access control.
+
+## Synopsis
+
+**CreateRoleStmt:**
+
+![CreateRoleStmt](/media/sqlgram/CreateRoleStmt.png)
+
+**IfNotExists:**
+
+![IfNotExists](/media/sqlgram/IfNotExists.png)
+
+**RoleSpec:**
+
+![RoleSpec](/media/sqlgram/RoleSpec.png)
+
+## Examples
+
+Create a new role for the analytics team, and a new user called `jennifer`:
+
+```sql
+$ mysql -uroot
+Welcome to the MySQL monitor.  Commands end with ; or \g.
+Your MySQL connection id is 37
+Server version: 5.7.25-TiDB-v4.0.0-beta.2-728-ga9177fe84 TiDB Server (Apache License 2.0) Community Edition, MySQL 5.7 compatible
+
+Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
+
+Oracle is a registered trademark of Oracle Corporation and/or its
+affiliates. Other names may be trademarks of their respective
+owners.
+
+Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
+
+mysql> CREATE ROLE analyticsteam;
+Query OK, 0 rows affected (0.02 sec)
+
+mysql> GRANT SELECT ON test.* TO analyticsteam;
+Query OK, 0 rows affected (0.02 sec)
+
+mysql> CREATE USER jennifer;
+Query OK, 0 rows affected (0.01 sec)
+
+mysql> GRANT analyticsteam TO jennifer;
+Query OK, 0 rows affected (0.01 sec)
+```
+
+Note that by default `jennifer` needs to `SET ROLE analyticsteam` in order to be able to use the privileges associated with the role:
+
+```sql
+$ mysql -ujennifer
+Welcome to the MySQL monitor.  Commands end with ; or \g.
+Your MySQL connection id is 32
+Server version: 5.7.25-TiDB-v4.0.0-beta.2-728-ga9177fe84 TiDB Server (Apache License 2.0) Community Edition, MySQL 5.7 compatible
+
+Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
+
+Oracle is a registered trademark of Oracle Corporation and/or its
+affiliates. Other names may be trademarks of their respective
+owners.
+
+Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
+
+mysql> SHOW GRANTS;
++---------------------------------------------+
+| Grants for User                             |
++---------------------------------------------+
+| GRANT USAGE ON *.* TO 'jennifer'@'%'        |
+| GRANT 'analyticsteam'@'%' TO 'jennifer'@'%' |
++---------------------------------------------+
+2 rows in set (0.00 sec)
+
+mysql> SHOW TABLES in test;
+ERROR 1044 (42000): Access denied for user 'jennifer'@'%' to database 'test'
+mysql> SET ROLE analyticsteam;
+Query OK, 0 rows affected (0.00 sec)
+
+mysql> SHOW GRANTS;
++---------------------------------------------+
+| Grants for User                             |
++---------------------------------------------+
+| GRANT USAGE ON *.* TO 'jennifer'@'%'        |
+| GRANT Select ON test.* TO 'jennifer'@'%'    |
+| GRANT 'analyticsteam'@'%' TO 'jennifer'@'%' |
++---------------------------------------------+
+3 rows in set (0.00 sec)
+
+mysql> SHOW TABLES IN test;
++----------------+
+| Tables_in_test |
++----------------+
+| t1             |
++----------------+
+1 row in set (0.00 sec)
+```
+
+The statement `SET DEFAULT ROLE` can be used to associate a role to `jennifer` so that she will not have to execute the statement `SET ROLE` in order to assume the privileges associated with the role:
+
+```sql
+$ mysql -uroot
+Welcome to the MySQL monitor.  Commands end with ; or \g.
+Your MySQL connection id is 34
+Server version: 5.7.25-TiDB-v4.0.0-beta.2-728-ga9177fe84 TiDB Server (Apache License 2.0) Community Edition, MySQL 5.7 compatible
+
+Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
+
+Oracle is a registered trademark of Oracle Corporation and/or its
+affiliates. Other names may be trademarks of their respective
+owners.
+
+Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
+
+mysql> SET DEFAULT ROLE analyticsteam TO jennifer;
+Query OK, 0 rows affected (0.02 sec)
+```
+
+```sql
+$ mysql -ujennifer
+Welcome to the MySQL monitor.  Commands end with ; or \g.
+Your MySQL connection id is 35
+Server version: 5.7.25-TiDB-v4.0.0-beta.2-728-ga9177fe84 TiDB Server (Apache License 2.0) Community Edition, MySQL 5.7 compatible
+
+Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
+
+Oracle is a registered trademark of Oracle Corporation and/or its
+affiliates. Other names may be trademarks of their respective
+owners.
+
+Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
+
+mysql> SHOW GRANTS;
++---------------------------------------------+
+| Grants for User                             |
++---------------------------------------------+
+| GRANT USAGE ON *.* TO 'jennifer'@'%'        |
+| GRANT Select ON test.* TO 'jennifer'@'%'    |
+| GRANT 'analyticsteam'@'%' TO 'jennifer'@'%' |
++---------------------------------------------+
+3 rows in set (0.00 sec)
+
+mysql> SHOW TABLES IN test;
++----------------+
+| Tables_in_test |
++----------------+
+| t1             |
++----------------+
+1 row in set (0.00 sec)
+```
+
+## MySQL compatibility
+
+This statement is understood to be fully compatible with roles, which are a feature of MySQL 8.0. Any compatibility differences should be [reported via an issue](/report-issue.md) on GitHub.
+
+## See also
+
+* [DROP ROLE](/sql-statements/sql-statement-drop-role.md)
+* [GRANT <role>](/sql-statements/sql-statement-grant-role.md)
+* [REVOKE <role>](/sql-statements/sql-statement-revoke-role.md)
+* [SET ROLE](/sql-statements/sql-statement-set-role.md)
+* [SET DEFAULT ROLE](/sql-statements/sql-statement-set-default-role.md)
+* [Role-Based Access Control](/role-based-access-control.md)