forked from pingcap/docs-cn
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
cherry pick pingcap#3358 to release-3.0
Signed-off-by: ti-srebot <ti-srebot@pingcap.com>
- Loading branch information
Showing
1 changed file
with
113 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,113 @@ | ||
| --- | ||
| title: SET ROLE | ||
| summary: TiDB 数据库中 SET ROLE 的使用概况。 | ||
| category: reference | ||
| --- | ||
|
|
||
| # SET ROLE | ||
|
|
||
| `SET ROLE` 用于在当前用户会话中启用角色。使用 `SET ROLE` 启用角色后,用户可以使用这些角色的权限。 | ||
|
|
||
| ## 语法图 | ||
|
|
||
| **SetRoleStmt:** | ||
|
|
||
|  | ||
|
|
||
| **SetRoleOpt:** | ||
|
|
||
|  | ||
|
|
||
| **SetDefaultRoleOpt:** | ||
|
|
||
|  | ||
|
|
||
| ## 示例 | ||
|
|
||
| 创建一个用户 `'u1'@'%'`, 创建三个角色 `'r1'@'%'`, `'r2'@'%'`, `'r3'@'%'` 并将这些角色授予给 `'u1'@'%'`。 | ||
| 将 `'u1'@'%'` 的默认启用角色设置为 `'r1'@'%'`。 | ||
|
|
||
| {{< copyable "sql" >}} | ||
|
|
||
| ```sql | ||
| CREATE USER 'u1'@'%'; | ||
| CREATE ROLE 'r1', 'r2', 'r3'; | ||
| GRANT 'r1', 'r2', 'r3' TO 'u1'@'%'; | ||
| SET DEFAULT ROLE 'r1' TO 'u1'@'%'; | ||
| ``` | ||
|
|
||
| 使用 `'u1'@'%'` 登录,执行 `SET ROLE` 将启用角色设置为 `ALL`。 | ||
|
|
||
| {{< copyable "sql" >}} | ||
|
|
||
| ```sql | ||
| SET ROLE ALL; | ||
| SELECT CURRENT_ROLE(); | ||
| ``` | ||
|
|
||
| ``` | ||
| +----------------------------+ | ||
| | CURRENT_ROLE() | | ||
| +----------------------------+ | ||
| | `r1`@`%`,`r2`@`%`,`r3`@`%` | | ||
| +----------------------------+ | ||
| 1 row in set (0.000 sec) | ||
| ``` | ||
|
|
||
| 执行 `SET ROLE` 将启用角色设置为 `'r2'` 和 `'r3'`。 | ||
|
|
||
| {{< copyable "sql" >}} | ||
|
|
||
| ```sql | ||
| SET ROLE 'r2', 'r3'; | ||
| SELECT CURRENT_ROLE(); | ||
| ``` | ||
|
|
||
| ``` | ||
| +-------------------+ | ||
| | CURRENT_ROLE() | | ||
| +-------------------+ | ||
| | `r2`@`%`,`r3`@`%` | | ||
| +-------------------+ | ||
| 1 row in set (0.000 sec) | ||
| ``` | ||
|
|
||
| 执行 `SET ROLE` 将启用角色设置为 `DEFALUT`。 | ||
|
|
||
| {{< copyable "sql" >}} | ||
|
|
||
| ```sql | ||
| SET ROLE DEFAULT; | ||
| SELECT CURRENT_ROLE(); | ||
| ``` | ||
|
|
||
| ``` | ||
| +----------------+ | ||
| | CURRENT_ROLE() | | ||
| +----------------+ | ||
| | `r1`@`%` | | ||
| +----------------+ | ||
| 1 row in set (0.000 sec) | ||
| ``` | ||
|
|
||
| 执行 `SET ROLE` 将启用角色设置为 `NONE`。 | ||
|
|
||
| {{< copyable "sql" >}} | ||
|
|
||
| ```sql | ||
| SET ROLE NONE; | ||
| SELECT CURRENT_ROLE(); | ||
| ``` | ||
|
|
||
| ``` | ||
| +----------------+ | ||
| | CURRENT_ROLE() | | ||
| +----------------+ | ||
| | | | ||
| +----------------+ | ||
| 1 row in set (0.000 sec) | ||
| ``` | ||
|
|
||
| ## 另请参阅 | ||
|
|
||
| * [基于角色的访问控制](/role-based-access-control.md) |