show processlist (#925)

yiguolei Sun, 28 Jul 2024 22:07:35 -0700

This is an automated email from the ASF dual-hosted git repository.

yiguolei pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/doris-website.git



The following commit(s) were added to refs/heads/master by this push:
     new ca6af7c97c9 [docs]Add doc for workload group/grant/show processlist 
(#925)
ca6af7c97c9 is described below

commit ca6af7c97c9fb778fc92fca327f2deae35772a3c
Author: wangbo <wan...@apache.org>
AuthorDate: Mon Jul 29 13:07:21 2024 +0800

    [docs]Add doc for workload group/grant/show processlist (#925)
---
 docs/admin-manual/resource-admin/workload-group.md | 48 +++++++++++++++++++++
 .../Account-Management-Statements/REVOKE.md        | 18 ++++++++
 .../Show-Statements/SHOW-PROCESSLIST.md            |  2 +
 .../admin-manual/resource-admin/workload-group.md  | 50 +++++++++++++++++++++-
 .../Account-Management-Statements/REVOKE.md        | 18 ++++++++
 .../Show-Statements/SHOW-PROCESSLIST.md            |  2 +
 .../Account-Management-Statements/REVOKE.md        | 18 ++++++++
 .../Show-Statements/SHOW-PROCESSLIST.md            |  2 +
 .../Account-Management-Statements/REVOKE.md        | 18 ++++++++
 .../Show-Statements/SHOW-PROCESSLIST.md            |  2 +
 10 files changed, 177 insertions(+), 1 deletion(-)

diff --git a/docs/admin-manual/resource-admin/workload-group.md 
b/docs/admin-manual/resource-admin/workload-group.md
index 332dbf42152..ac88a8f1b28 100644
--- a/docs/admin-manual/resource-admin/workload-group.md
+++ b/docs/admin-manual/resource-admin/workload-group.md
@@ -197,3 +197,51 @@ ADMIN SET FRONTEND CONFIG ("enable_cpu_hard_limit" = 
"true");
 
 If user expects to switch back from cpu hard limit to cpu soft limit, then 
they only need to set ```enable_cpu_hard_limit=false```.
 CPU Soft Limit property ```cpu_share``` will be filled with a valid value of 
1024 by default(If the user has never set the cpu_share before), and users can 
adjust cpu_share based on the priority of Workload Group.
+
+# Workload Group权限表
+You can view the Workload Groups that users or roles have access to through 
the Workload Group privilege table. Authorization related usage can refer 
to[grant 
statement](../../sql-manual/sql-statements/Account-Management-Statements/GRANT).
+
+This table currently has row level permission control. Root or admin accounts 
can view all data, while non root/admin accounts can only see data from 
Workload Groups that they have access to。
+
+Schema of Workload Group privilege table is as follow：
+```
+mysql [information_schema]>desc information_schema.workload_group_privileges;
++---------------------+--------------+------+-------+---------+-------+
+| Field               | Type         | Null | Key   | Default | Extra |
++---------------------+--------------+------+-------+---------+-------+
+| GRANTEE             | varchar(64)  | Yes  | false | NULL    |       |
+| WORKLOAD_GROUP_NAME | varchar(256) | Yes  | false | NULL    |       |
+| PRIVILEGE_TYPE      | varchar(64)  | Yes  | false | NULL    |       |
+| IS_GRANTABLE        | varchar(3)   | Yes  | false | NULL    |       |
++---------------------+--------------+------+-------+---------+-------+
+```
+
+Column Description：
+1. grantee, user or role.
+2. workload_group_name, value is the name of Workload Group or '%', where '%' 
represents all Workload Group.
+3. privilege_type，type of privilege, at present, the value of this column is 
only Usage_priv。
+4. is_grantable，value is YES or NO, it means whether the user can grant access 
privilege of Workload Group to other user.Only root/admin user has grant 
privilege.
+
+Basic usage：
+1. Search for Workload Group with authorized access based on username.
+```
+mysql [information_schema]>select * from workload_group_privileges where 
GRANTEE like '%test_wlg_user%';
++---------------------+---------------------+----------------+--------------+
+| GRANTEE             | WORKLOAD_GROUP_NAME | PRIVILEGE_TYPE | IS_GRANTABLE |
++---------------------+---------------------+----------------+--------------+
+| 'test_wlg_user'@'%' | normal              | Usage_priv     | NO           |
+| 'test_wlg_user'@'%' | test_group          | Usage_priv     | NO           |
++---------------------+---------------------+----------------+--------------+
+2 rows in set (0.04 sec)
+```
+
+2. Search for user which has access privilege by Workload Group name. 
+```
+mysql [information_schema]>select * from workload_group_privileges where 
WORKLOAD_GROUP_NAME='test_group';
++---------------------+---------------------+----------------+--------------+
+| GRANTEE             | WORKLOAD_GROUP_NAME | PRIVILEGE_TYPE | IS_GRANTABLE |
++---------------------+---------------------+----------------+--------------+
+| 'test_wlg_user'@'%' | test_group          | Usage_priv     | NO           |
++---------------------+---------------------+----------------+--------------+
+1 row in set (0.03 sec)
+```
\ No newline at end of file
diff --git 
a/docs/sql-manual/sql-statements/Account-Management-Statements/REVOKE.md 
b/docs/sql-manual/sql-statements/Account-Management-Statements/REVOKE.md
index 56b1cd145c0..57be9d94993 100644
--- a/docs/sql-manual/sql-statements/Account-Management-Statements/REVOKE.md
+++ b/docs/sql-manual/sql-statements/Account-Management-Statements/REVOKE.md
@@ -76,6 +76,24 @@ role_list is the list of roles to be revoked, separated by 
commas. The specified
     REVOKE 'role1','role2' FROM 'jack'@'192.%';
     ```
 
+4. Revoke user jack usage privilege on 'g1';
+
+    ```
+    REVOKE USAGE_PRIV ON WORKLOAD GROUP 'g1' FROM 'jack'@'%';
+    ```
+
+5. Revoke user jack usage privilege on all Workload Group;
+
+    ```
+    REVOKE USAGE_PRIV ON WORKLOAD GROUP '%' FROM 'jack'@'%';
+    ```
+
+6. Revoke role test_role usage privilege on Workload Group 'g1';
+
+    ```
+   REVOKE USAGE_PRIV ON WORKLOAD GROUP 'g1' FROM 'test_role';
+   ```
+
 ### Keywords
 
     REVOKE
diff --git a/docs/sql-manual/sql-statements/Show-Statements/SHOW-PROCESSLIST.md 
b/docs/sql-manual/sql-statements/Show-Statements/SHOW-PROCESSLIST.md
index a2910e6cbc9..492bed9dc45 100644
--- a/docs/sql-manual/sql-statements/Show-Statements/SHOW-PROCESSLIST.md
+++ b/docs/sql-manual/sql-statements/Show-Statements/SHOW-PROCESSLIST.md
@@ -34,6 +34,8 @@ SHOW PROCESSLIST
 
 Display the running threads of the user. It should be noted that except the 
root user who can see all running threads, other users can only see their own 
running threads, and cannot see the running threads of other users.
 
+Only display current connected FE's connection list by default, you can set 
session variable ```set show_all_fe_connection = true``` to show all FE's 
connection.
+
 grammar:
 
 ```sql
diff --git 
a/i18n/zh-CN/docusaurus-plugin-content-docs/current/admin-manual/resource-admin/workload-group.md
 
b/i18n/zh-CN/docusaurus-plugin-content-docs/current/admin-manual/resource-admin/workload-group.md
index a73a4354511..016d69a2623 100644
--- 
a/i18n/zh-CN/docusaurus-plugin-content-docs/current/admin-manual/resource-admin/workload-group.md
+++ 
b/i18n/zh-CN/docusaurus-plugin-content-docs/current/admin-manual/resource-admin/workload-group.md
@@ -194,4 +194,52 @@ ADMIN SET FRONTEND CONFIG ("enable_cpu_hard_limit" = 
"true");
 ```
 
 如果用户期望从 CPU 的硬限切换回 CPU 的软限，那么只需要在 FE 修改 enable_cpu_hard_limit 的值为 false 即可。
-CPU 软限的属性 cpu_share 默认会填充一个有效值 1024(如果之前未指定 cpu_share 的值)，用户可以根据 group 的优先级对 
cpu_share 的值进行重新调整。
\ No newline at end of file
+CPU 软限的属性 cpu_share 默认会填充一个有效值 1024(如果之前未指定 cpu_share 的值)，用户可以根据 group 的优先级对 
cpu_share 的值进行重新调整。
+
+# Workload Group权限表
+可以通过Workload Group权限表查看user或者role有权限访问的Workload Group，授权相关的用法可以参考[grant 
语句](../../sql-manual/sql-statements/Account-Management-Statements/GRANT)。
+
+该表目前存在行级别的权限控制，root或者admin账户可以查看所有的数据，非root/admin账户只能看到自己有权限访问的Workload 
Group的数据。
+
+Workload Group权限表结构如下：
+```
+mysql [information_schema]>desc information_schema.workload_group_privileges;
++---------------------+--------------+------+-------+---------+-------+
+| Field               | Type         | Null | Key   | Default | Extra |
++---------------------+--------------+------+-------+---------+-------+
+| GRANTEE             | varchar(64)  | Yes  | false | NULL    |       |
+| WORKLOAD_GROUP_NAME | varchar(256) | Yes  | false | NULL    |       |
+| PRIVILEGE_TYPE      | varchar(64)  | Yes  | false | NULL    |       |
+| IS_GRANTABLE        | varchar(3)   | Yes  | false | NULL    |       |
++---------------------+--------------+------+-------+---------+-------+
+```
+
+字段说明：
+1. grantee，代表user或者role。
+2. workload_group_name，取值为Workload Group的名称或者%，%代表可以访问所有的Workload Group。
+3. privilege_type，权限的类型，目前该列的值只有Usage_priv。
+4. is_grantable，取值为YES或者NO，字段含义为是否可以给其他用户授予Workload 
Group的访问权限。目前只有root用户或者admin用户这个字段为YES，其他用户都为NO。
+
+基本用法：
+1. 根据用户名查找有权限访问的Workload Group
+```
+mysql [information_schema]>select * from workload_group_privileges where 
GRANTEE like '%test_wlg_user%';
++---------------------+---------------------+----------------+--------------+
+| GRANTEE             | WORKLOAD_GROUP_NAME | PRIVILEGE_TYPE | IS_GRANTABLE |
++---------------------+---------------------+----------------+--------------+
+| 'test_wlg_user'@'%' | normal              | Usage_priv     | NO           |
+| 'test_wlg_user'@'%' | test_group          | Usage_priv     | NO           |
++---------------------+---------------------+----------------+--------------+
+2 rows in set (0.04 sec)
+```
+
+2. 查看某个Workload Group可以有哪些用户访问
+```
+mysql [information_schema]>select * from workload_group_privileges where 
WORKLOAD_GROUP_NAME='test_group';
++---------------------+---------------------+----------------+--------------+
+| GRANTEE             | WORKLOAD_GROUP_NAME | PRIVILEGE_TYPE | IS_GRANTABLE |
++---------------------+---------------------+----------------+--------------+
+| 'test_wlg_user'@'%' | test_group          | Usage_priv     | NO           |
++---------------------+---------------------+----------------+--------------+
+1 row in set (0.03 sec)
+```
\ No newline at end of file
diff --git 
a/i18n/zh-CN/docusaurus-plugin-content-docs/current/sql-manual/sql-statements/Account-Management-Statements/REVOKE.md
 
b/i18n/zh-CN/docusaurus-plugin-content-docs/current/sql-manual/sql-statements/Account-Management-Statements/REVOKE.md
index 8c64dcd0dc6..34418cff248 100644
--- 
a/i18n/zh-CN/docusaurus-plugin-content-docs/current/sql-manual/sql-statements/Account-Management-Statements/REVOKE.md
+++ 
b/i18n/zh-CN/docusaurus-plugin-content-docs/current/sql-manual/sql-statements/Account-Management-Statements/REVOKE.md
@@ -77,6 +77,24 @@ role_list 是需要撤销的角色列表，以逗号分隔，指定的角色必
     REVOKE 'role1','role2' FROM 'jack'@'192.%';
     ```
 
+4. 撤销用户jack使用Workload Group 'g1'的权限
+
+    ```
+    REVOKE USAGE_PRIV ON WORKLOAD GROUP 'g1' FROM 'jack'@'%';
+    ```
+
+5. 撤销用户jack使用所有Workload Group的权限
+    
+    ```
+    REVOKE USAGE_PRIV ON WORKLOAD GROUP '%' FROM 'jack'@'%';
+    ```
+
+6. 撤销角色test_role使用Workload Group 'g1'的权限
+    
+    ```
+   REVOKE USAGE_PRIV ON WORKLOAD GROUP 'g1' FROM 'test_role';
+   ```
+
 ### Keywords
 
     REVOKE
diff --git 
a/i18n/zh-CN/docusaurus-plugin-content-docs/current/sql-manual/sql-statements/Show-Statements/SHOW-PROCESSLIST.md
 
b/i18n/zh-CN/docusaurus-plugin-content-docs/current/sql-manual/sql-statements/Show-Statements/SHOW-PROCESSLIST.md
index 255c8d724c0..09278d29a83 100644
--- 
a/i18n/zh-CN/docusaurus-plugin-content-docs/current/sql-manual/sql-statements/Show-Statements/SHOW-PROCESSLIST.md
+++ 
b/i18n/zh-CN/docusaurus-plugin-content-docs/current/sql-manual/sql-statements/Show-Statements/SHOW-PROCESSLIST.md
@@ -34,6 +34,8 @@ SHOW PROCESSLIST
 
 显示用户正在运行的线程，需要注意的是，除了 root 用户能看到所有正在运行的线程外，其他用户都只能看到自己正在运行的线程，看不到其它用户正在运行的线程
 
+默认只限制当前连接的FE的连接列表，可以通过设置session变量```set show_all_fe_connection = 
true```来查看所有FE的连接
+
 语法：
 
 ```sql
diff --git 
a/i18n/zh-CN/docusaurus-plugin-content-docs/version-2.1/sql-manual/sql-statements/Account-Management-Statements/REVOKE.md
 
b/i18n/zh-CN/docusaurus-plugin-content-docs/version-2.1/sql-manual/sql-statements/Account-Management-Statements/REVOKE.md
index 8c64dcd0dc6..039fe8e59e7 100644
--- 
a/i18n/zh-CN/docusaurus-plugin-content-docs/version-2.1/sql-manual/sql-statements/Account-Management-Statements/REVOKE.md
+++ 
b/i18n/zh-CN/docusaurus-plugin-content-docs/version-2.1/sql-manual/sql-statements/Account-Management-Statements/REVOKE.md
@@ -77,6 +77,24 @@ role_list 是需要撤销的角色列表，以逗号分隔，指定的角色必
     REVOKE 'role1','role2' FROM 'jack'@'192.%';
     ```
 
+4. 撤销用户jack使用Workload Group 'g1'的权限
+
+    ```
+    REVOKE USAGE_PRIV ON WORKLOAD GROUP 'g1' FROM 'jack'@'%';
+    ```
+
+5. 撤销用户jack使用所有Workload Group的权限
+
+    ```
+    REVOKE USAGE_PRIV ON WORKLOAD GROUP '%' FROM 'jack'@'%';
+    ```
+
+6. 撤销角色test_role使用Workload Group 'g1'的权限
+
+    ```
+   REVOKE USAGE_PRIV ON WORKLOAD GROUP 'g1' FROM 'test_role';
+   ```
+
 ### Keywords
 
     REVOKE
diff --git 
a/i18n/zh-CN/docusaurus-plugin-content-docs/version-2.1/sql-manual/sql-statements/Show-Statements/SHOW-PROCESSLIST.md
 
b/i18n/zh-CN/docusaurus-plugin-content-docs/version-2.1/sql-manual/sql-statements/Show-Statements/SHOW-PROCESSLIST.md
index 255c8d724c0..09278d29a83 100644
--- 
a/i18n/zh-CN/docusaurus-plugin-content-docs/version-2.1/sql-manual/sql-statements/Show-Statements/SHOW-PROCESSLIST.md
+++ 
b/i18n/zh-CN/docusaurus-plugin-content-docs/version-2.1/sql-manual/sql-statements/Show-Statements/SHOW-PROCESSLIST.md
@@ -34,6 +34,8 @@ SHOW PROCESSLIST
 
 显示用户正在运行的线程，需要注意的是，除了 root 用户能看到所有正在运行的线程外，其他用户都只能看到自己正在运行的线程，看不到其它用户正在运行的线程
 
+默认只限制当前连接的FE的连接列表，可以通过设置session变量```set show_all_fe_connection = 
true```来查看所有FE的连接
+
 语法：
 
 ```sql
diff --git 
a/versioned_docs/version-2.1/sql-manual/sql-statements/Account-Management-Statements/REVOKE.md
 
b/versioned_docs/version-2.1/sql-manual/sql-statements/Account-Management-Statements/REVOKE.md
index 56b1cd145c0..57be9d94993 100644
--- 
a/versioned_docs/version-2.1/sql-manual/sql-statements/Account-Management-Statements/REVOKE.md
+++ 
b/versioned_docs/version-2.1/sql-manual/sql-statements/Account-Management-Statements/REVOKE.md
@@ -76,6 +76,24 @@ role_list is the list of roles to be revoked, separated by 
commas. The specified
     REVOKE 'role1','role2' FROM 'jack'@'192.%';
     ```
 
+4. Revoke user jack usage privilege on 'g1';
+
+    ```
+    REVOKE USAGE_PRIV ON WORKLOAD GROUP 'g1' FROM 'jack'@'%';
+    ```
+
+5. Revoke user jack usage privilege on all Workload Group;
+
+    ```
+    REVOKE USAGE_PRIV ON WORKLOAD GROUP '%' FROM 'jack'@'%';
+    ```
+
+6. Revoke role test_role usage privilege on Workload Group 'g1';
+
+    ```
+   REVOKE USAGE_PRIV ON WORKLOAD GROUP 'g1' FROM 'test_role';
+   ```
+
 ### Keywords
 
     REVOKE
diff --git 
a/versioned_docs/version-2.1/sql-manual/sql-statements/Show-Statements/SHOW-PROCESSLIST.md
 
b/versioned_docs/version-2.1/sql-manual/sql-statements/Show-Statements/SHOW-PROCESSLIST.md
index a2910e6cbc9..492bed9dc45 100644
--- 
a/versioned_docs/version-2.1/sql-manual/sql-statements/Show-Statements/SHOW-PROCESSLIST.md
+++ 
b/versioned_docs/version-2.1/sql-manual/sql-statements/Show-Statements/SHOW-PROCESSLIST.md
@@ -34,6 +34,8 @@ SHOW PROCESSLIST
 
 Display the running threads of the user. It should be noted that except the 
root user who can see all running threads, other users can only see their own 
running threads, and cannot see the running threads of other users.
 
+Only display current connected FE's connection list by default, you can set 
session variable ```set show_all_fe_connection = true``` to show all FE's 
connection.
+
 grammar:
 
 ```sql


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org
For additional commands, e-mail: commits-h...@doris.apache.org

(doris-website) branch master updated: [docs]Add doc for workload group/grant/show processlist (#925)

Reply via email to