This is an automated email from the ASF dual-hosted git repository.
dataroaring pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/doris-website.git
The following commit(s) were added to refs/heads/master by this push:
new 170d4daf76 [feat] add compute group to set property and grant (#1107)
170d4daf76 is described below
commit 170d4daf765d41610347178f1f205eb5530ecbf1
Author: Yongqiang YANG <98214048+dataroar...@users.noreply.github.com>
AuthorDate: Thu Sep 19 13:59:05 2024 +0800
[feat] add compute group to set property and grant (#1107)
# Versions
- [x] dev
- [x] 3.0
- [ ] 2.1
- [ ] 2.0
# Languages
- [x] Chinese
- [x] English
---
.../Account-Management-Statements/GRANT.md | 197 ++++++++-------
.../Account-Management-Statements/REVOKE.md | 146 +++++++----
.../Account-Management-Statements/SET-PROPERTY.md | 60 +++--
.../SET-DEFAULT-STORAGE-VAULT.md | 47 ++--
.../Show-Statements/SHOW-COMPUTE-GROUPS.md | 57 +++++
.../Show-Statements/SHOW-STORAGE-VAULTS.md | 55 +++++
.../sql-statements/Utility-Statements/USE.md | 40 +--
.../Account-Management-Statements/GRANT.md | 271 +++++++++++----------
.../Account-Management-Statements/REVOKE.md | 160 ++++++++----
.../Account-Management-Statements/SET-PROPERTY.md | 136 ++++++-----
.../SET-DEFAULT-STORAGE-VAULT.md} | 43 ++--
.../Show-Statements/SHOW-COMPUTE-GROUPS.md | 57 +++++
.../Show-Statements/SHOW-STORAGE-VAULTS.md | 55 +++++
.../sql-statements/Utility-Statements/USE.md | 36 +--
.../Account-Management-Statements/GRANT.md | 271 +++++++++++----------
.../Account-Management-Statements/REVOKE.md | 150 +++++++++---
.../Account-Management-Statements/SET-PROPERTY.md | 132 +++++-----
.../SET-DEFAULT-STORAGE-VAULT.md} | 43 ++--
.../Show-Statements/SHOW-COMPUTE-GROUPS.md | 57 +++++
.../Show-Statements/SHOW-STORAGE-VAULTS.md | 55 +++++
.../sql-statements/Utility-Statements/USE.md | 36 +--
.../Account-Management-Statements/GRANT.md | 198 ++++++++-------
.../Account-Management-Statements/REVOKE.md | 142 ++++++++---
.../Account-Management-Statements/SET-PROPERTY.md | 60 +++--
.../SET-DEFAULT-STORAGE-VAULT.md} | 47 ++--
.../Show-Statements/SHOW-COMPUTE-GROUPS.md | 58 +++++
.../Show-Statements/SHOW-STORAGE-VAULTS.md | 55 +++++
.../sql-statements/Utility-Statements/USE.md | 40 +--
28 files changed, 1743 insertions(+), 961 deletions(-)
diff --git
a/docs/sql-manual/sql-statements/Account-Management-Statements/GRANT.md
b/docs/sql-manual/sql-statements/Account-Management-Statements/GRANT.md
index a7ab38b52f..e98dca4809 100644
--- a/docs/sql-manual/sql-statements/Account-Management-Statements/GRANT.md
+++ b/docs/sql-manual/sql-statements/Account-Management-Statements/GRANT.md
@@ -24,152 +24,165 @@ specific language governing permissions and limitations
under the License.
-->
-## GRANT
+## Description
-### Name
+The GRANT command is used to:
-GRANT
+1. Grant specified privileges to a user or role.
+2. Grant specified roles to a user.
-### Description
+## Syntax
-The GRANT command has the following functions:
+GRANT privilege_list ON priv_level TO user_identity [ROLE role_name]
-1. Grant the specified permissions to a user or role.
-2. Grant the specified role to a user.
+GRANT privilege_list ON RESOURCE resource_name TO user_identity [ROLE
role_name]
->Note that.
->
->"Grant specified roles to user" is supported in versions 2.0 and later
+GRANT privilege_list ON WORKLOAD GROUP workload_group_name TO user_identity
[ROLE role_name]
-```sql
-GRANT privilege_list ON priv_level TO user_identity [ROLE role_name]
+GRANT privilege_list ON COMPUTE GROUP compute_group_name TO user_identity
[ROLE role_name]
-GRANT privilege_list ON RESOURCE resource_name TO user_identity [ROLE
role_name]
+GRANT privilege_list ON STORAGE VAULT storage_vault_name TO user_identity
[ROLE role_name]
GRANT role_list TO user_identity
-```
-GRANT privilege_list ON WORKLOAD GROUP workload_group_name TO user_identity
[ROLE role_name]
+## Parameters
+
+### privilege_list
+
+A comma-separated list of privileges to be granted. Currently supported
privileges include:
+
+- NODE_PRIV: Cluster node operation permissions, including node online and
offline operations.
+- ADMIN_PRIV: All privileges except NODE_PRIV.
+- GRANT_PRIV: Privilege for operation privileges, including creating and
deleting users, roles, authorization and revocation, setting passwords, etc.
+- SELECT_PRIV: Read permission on the specified database or table.
+- LOAD_PRIV: Import privileges on the specified database or table.
+- ALTER_PRIV: Schema change permission for the specified database or table.
+- CREATE_PRIV: Create permission on the specified database or table.
+- DROP_PRIV: Drop privilege on the specified database or table.
+- USAGE_PRIV: Access to the specified resource and Workload Group permissions.
+- SHOW_VIEW_PRIV: Permission to view `view` creation statements.
+
+Legacy privilege conversion:
+- ALL and READ_WRITE will be converted to: SELECT_PRIV, LOAD_PRIV, ALTER_PRIV,
CREATE_PRIV, DROP_PRIV.
+- READ_ONLY is converted to SELECT_PRIV.
+
+### priv_level
+
+Supports the following four forms:
+
+- *.*.*: Privileges can be applied to all catalogs and all databases and
tables within them.
+- catalog_name.*.*: Privileges can be applied to all databases and tables in
the specified catalog.
+- catalog_name.db.*: Privileges can be applied to all tables under the
specified database.
+- catalog_name.db.tbl: Privileges can be applied to the specified table under
the specified database.
+
+### resource_name
-privilege_list is a list of privileges to be granted, separated by commas.
Currently Doris supports the following permissions:
+Specifies the resource name, supporting `%` and `*` to match all resources,
but does not support wildcards, such as res*.
- NODE_PRIV: Cluster node operation permissions, including node online and
offline operations. User who has NODE_PRIV and GRANT_PRIV permission, can grant
NODE_PRIV to other users.
- ADMIN_PRIV: All privileges except NODE_PRIV.
- GRANT_PRIV: Privilege for operation privileges. Including creating and
deleting users, roles, authorization and revocation, setting passwords, etc.
- SELECT_PRIV: read permission on the specified database or table
- LOAD_PRIV: Import privileges on the specified database or table
- ALTER_PRIV: Schema change permission for the specified database or table
- CREATE_PRIV: Create permission on the specified database or table
- DROP_PRIV: drop privilege on the specified database or table
- USAGE_PRIV: access to the specified resource
- SHOW_VIEW_PRIV: View permission to `view` creation statements (starting
from version 2.0.3, 'SELECT_PRIV' and 'LOAD_PRIV' permissions cannot be 'SHOW
CREATE TABLE view_name', has one of
`CREATE_PRIV`,`ALTER_PRIV`,`DROP_PRIV`,`SHOW_VIEW_PRIV` can `SHOW CREATE TABLE
view_name`)
-
- ALL and READ_WRITE in legacy permissions will be converted to:
SELECT_PRIV,LOAD_PRIV,ALTER_PRIV,CREATE_PRIV,DROP_PRIV;
- READ_ONLY is converted to SELECT_PRIV.
+### workload_group_name
-Permission classification:
+Specifies the workload group name, supporting `%` and `*` to match all
workload groups, but does not support wildcards.
- 1. Node Privilege: NODE_PRIV
- 2. database table permissions: SELECT_PRIV, LOAD_PRIV, ALTER_PRIV,
CREATE_PRIV, DROP_PRIV
- 3. Resource and workload groups Privilege: USAGE_PRIV
+### compute_group_name
-Priv_level supports the following four forms:
+Specifies the compute group name, supporting `%` and `*` to match all compute
groups, but does not support wildcards.
- 1. *.*.* permissions can be applied to all catalogs, all databases and all
tables in them
- 2. catalog_name.*.* permissions can be applied to all databases and all
tables in them
- 3. catalog_name.db.* permissions can be applied to all tables under the
specified database
- 4. catalog_name.db.tbl permission can be applied to the specified table
under the specified database
-
- The catalog or database, table specified here may be not exist.
+### storage_vault_name
-resource_name supports the following two forms:
+Specifies the storage vault name, supporting `%` and `*` to match all storage
vaults, but does not support wildcards.
- 1. * Permissions apply to all resources
- 2. The resource permission applies to the specified resource
-
- The resource specified here can be a non-existing resource. In addition,
please distinguish the resources here from external tables, and use catalog as
an alternative if you use external tables.
+### user_identity
-workload_group_name specifies the workload group name and supports `%` and `_`
match characters, `%` can match any string and `_` matches any single character.
+Specifies the user to receive the privileges. Must be a user_identity created
with CREATE USER. The host in user_identity can be a domain name. If it is a
domain name, the effective time of the authority may be delayed by about 1
minute.
-user_identity:
+### role_name
- The user_identity syntax here is the same as CREATE USER. And must be a
user_identity created with CREATE USER. The host in user_identity can be a
domain name. If it is a domain name, the effective time of the authority may be
delayed by about 1 minute.
-
- You can also assign permissions to the specified ROLE, if the specified
ROLE does not exist, it will be created automatically.
+Specifies the role to receive the privileges. If the specified role does not
exist, it will be created automatically.
-role_list is the list of roles to be assigned, separated by commas,the
specified role must exist.
+### role_list
-### Example
+A comma-separated list of roles to be assigned. The specified roles must exist.
-1. Grant permissions to all catalog and databases and tables to the user
+## Examples
+
+1. Grant permissions to all catalogs and databases and tables to the user:
- ```sql
GRANT SELECT_PRIV ON *.*.* TO 'jack'@'%';
- ```
-2. Grant permissions to the specified database table to the user
+2. Grant permissions to the specified database table to the user:
- ```sql
GRANT SELECT_PRIV,ALTER_PRIV,LOAD_PRIV ON ctl1.db1.tbl1 TO 'jack'@'192.8.%';
- ```
-3. Grant permissions to the specified database table to the role
+3. Grant permissions to the specified database table to the role:
- ```sql
GRANT LOAD_PRIV ON ctl1.db1.* TO ROLE 'my_role';
- ```
-4. Grant access to all resources to users
+4. Grant access to all resources to users:
- ```sql
GRANT USAGE_PRIV ON RESOURCE * TO 'jack'@'%';
- ```
-5. Grant the user permission to use the specified resource
+5. Grant the user permission to use the specified resource:
- ```sql
GRANT USAGE_PRIV ON RESOURCE 'spark_resource' TO 'jack'@'%';
- ```
-6. Grant access to specified resources to roles
+6. Grant access to specified resources to roles:
- ```sql
GRANT USAGE_PRIV ON RESOURCE 'spark_resource' TO ROLE 'my_role';
- ```
-7. Grant the specified role to a user
+7. Grant the specified role to a user:
- ```sql
- GRANT 'role1','role2' TO 'jack'@'%';
- ```
+ GRANT 'role1','role2' TO 'jack'@'%';
-8. Grant the specified workload group 'g1' to user jack
+8. Grant the specified workload group 'g1' to user jack:
- ```sql
- GRANT USAGE_PRIV ON WORKLOAD GROUP 'g1' TO 'jack'@'%'.
- ```
+ GRANT USAGE_PRIV ON WORKLOAD GROUP 'g1' TO 'jack'@'%';
-9. match all workload groups granted to user jack
+9. Match all workload groups granted to user jack:
- ```sql
- GRANT USAGE_PRIV ON WORKLOAD GROUP '%' TO 'jack'@'%'.
- ```
+ GRANT USAGE_PRIV ON WORKLOAD GROUP '%' TO 'jack'@'%';
-10. grant the workload group 'g1' to the role my_role
+10. Grant the workload group 'g1' to the role my_role:
- ```sql
- GRANT USAGE_PRIV ON WORKLOAD GROUP 'g1' TO ROLE 'my_role'.
- ```
+ GRANT USAGE_PRIV ON WORKLOAD GROUP 'g1' TO ROLE 'my_role';
-11. Allow jack to view the creation statement of view1 under db1
+11. Allow jack to view the creation statement of view1 under db1:
- ```sql
GRANT SHOW_VIEW_PRIV ON db1.view1 TO 'jack'@'%';
- ```
-### Keywords
+12. Grant user permission to use the specified compute group:
+
+ GRANT USAGE_PRIV ON COMPUTE GROUP 'group1' TO 'jack'@'%';
+
+13. Grant role permission to use the specified compute group:
+
+ GRANT USAGE_PRIV ON COMPUTE GROUP 'group1' TO ROLE 'my_role';
+
+14. Grant user permission to use all compute groups:
+
+ GRANT USAGE_PRIV ON COMPUTE GROUP '*' TO 'jack'@'%';
+
+15. Grant user permission to use the specified storage vault:
+
+ GRANT USAGE_PRIV ON STORAGE VAULT 'vault1' TO 'jack'@'%';
+
+16. Grant role permission to use the specified storage vault:
+
+ GRANT USAGE_PRIV ON STORAGE VAULT 'vault1' TO ROLE 'my_role';
+
+17. Grant user permission to use all storage vaults:
+
+ GRANT USAGE_PRIV ON STORAGE VAULT '*' TO 'jack'@'%';
+
+## Related Commands
- GRANT
+- [REVOKE](./REVOKE.md)
+- [SHOW GRANTS](../Show-Statements/SHOW-GRANTS.md)
+- [CREATE ROLE](./CREATE-ROLE.md)
+- [CREATE WORKLOAD
GROUP](../Administration-Statements/CREATE-WORKLOAD-GROUP.md)
+- [CREATE COMPUTE GROUP](../Administration-Statements/CREATE-COMPUTE-GROUP.md)
+- [CREATE RESOURCE](../Administration-Statements/CREATE-RESOURCE.md)
+- [CREATE STORAGE VAULT](../Administration-Statements/CREATE-STORAGE-VAULT.md)
-### Best Practice
+## Keywords
+ GRANT, WORKLOAD GROUP, COMPUTE GROUP, RESOURCE
diff --git
a/docs/sql-manual/sql-statements/Account-Management-Statements/REVOKE.md
b/docs/sql-manual/sql-statements/Account-Management-Statements/REVOKE.md
index 612549a461..722afe6066 100644
--- a/docs/sql-manual/sql-statements/Account-Management-Statements/REVOKE.md
+++ b/docs/sql-manual/sql-statements/Account-Management-Statements/REVOKE.md
@@ -24,79 +24,133 @@ specific language governing permissions and limitations
under the License.
-->
-## REVOKE
+## Description
-### Name
+The REVOKE command is used to:
-REVOKE
+1. Revoke specified privileges from a user or role.
+2. Revoke specified roles previously granted to a user.
-### Description
+## Syntax
-The REVOKE command has the following functions:
+REVOKE privilege_list ON priv_level FROM user_identity [ROLE role_name]
-1. Revoke the specified permission of a user or a role.
-2. Revoke the specified role previously granted to a user.
+REVOKE privilege_list ON RESOURCE resource_name FROM user_identity [ROLE
role_name]
->Note that.
->
->"Revoke the specified roles previously granted to a user" is supported in
versions 2.0 and later
+REVOKE privilege_list ON WORKLOAD GROUP workload_group_name FROM user_identity
[ROLE role_name]
-```sql
-REVOKE privilege_list ON db_name[.tbl_name] FROM user_identity [ROLE role_name]
+REVOKE privilege_list ON COMPUTE GROUP compute_group_name FROM user_identity
[ROLE role_name]
-REVOKE privilege_list ON RESOURCE resource_name FROM user_identity [ROLE
role_name]
+REVOKE privilege_list ON STORAGE VAULT storage_vault_name FROM user_identity
[ROLE role_name]
REVOKE role_list FROM user_identity
-```
-user_identity:
+## Parameters
+
+### privilege_list
+
+A comma-separated list of privileges to be revoked. Supported privileges
include:
+
+- NODE_PRIV: Cluster node operation permissions
+- ADMIN_PRIV: Administrator privileges
+- GRANT_PRIV: Authorization privileges
+- SELECT_PRIV: Query privileges
+- LOAD_PRIV: Data import privileges
+- ALTER_PRIV: Modification privileges
+- CREATE_PRIV: Creation privileges
+- DROP_PRIV: Deletion privileges
+- USAGE_PRIV: Usage privileges
+- SHOW_VIEW_PRIV: Privileges to view view definitions
+
+### priv_level
+
+Specifies the scope of the privileges. Supported formats:
+
+- *.*.*: All catalogs, databases, and tables
+- catalog_name.*.*: All databases and tables in the specified catalog
+- catalog_name.db.*: All tables in the specified database
+- catalog_name.db.tbl: Specific table in the specified database
+
+### resource_name
+
+Specifies the resource scope. Supports % (matches any string) and _ (matches
any single character) wildcards.
+
+### workload_group_name
+
+Specifies the workload group name. Supports % (matches any string) and _
(matches any single character) wildcards.
+
+### compute_group_name
+
+Specifies the compute group name. Supports % (matches any string) and _
(matches any single character) wildcards.
+
+### storage_vault_name
+
+Specifies the storage vault name. Supports % (matches any string) and _
(matches any single character) wildcards.
+
+### user_identity
+
+Specifies the user from whom privileges are being revoked. Must be a user
created with CREATE USER. The host in user_identity can be a domain name. If
it's a domain name, the revocation of privileges may be delayed by about 1
minute.
+
+### role_name
+
+Specifies the role from which privileges are being revoked. The role must
exist.
+
+### role_list
+
+A comma-separated list of roles to be revoked. All specified roles must exist.
+
+## Examples
+
+1. Revoke SELECT privilege on a specific database from a user:
+
+ REVOKE SELECT_PRIV ON db1.* FROM 'jack'@'192.%';
+
+2. Revoke usage privilege on a resource from a user:
+
+ REVOKE USAGE_PRIV ON RESOURCE 'spark_resource' FROM 'jack'@'192.%';
+
+3. Revoke roles from a user:
-The user_identity syntax here is the same as CREATE USER. And must be a
user_identity created with CREATE USER. The host in user_identity can be a
domain name. If it is a domain name, the revocation time of permissions may be
delayed by about 1 minute.
+ REVOKE 'role1','role2' FROM 'jack'@'192.%';
-It is also possible to revoke the permissions of the specified ROLE, the
executed ROLE must exist.
+4. Revoke usage privilege on a workload group from a user:
-role_list is the list of roles to be revoked, separated by commas. The
specified roles must exist.
+ REVOKE USAGE_PRIV ON WORKLOAD GROUP 'g1' FROM 'jack'@'%';
-### Example
+5. Revoke usage privilege on all workload groups from a user:
-1. Revoke the permission of user jack database testDb
+ REVOKE USAGE_PRIV ON WORKLOAD GROUP '%' FROM 'jack'@'%';
- ```sql
- REVOKE SELECT_PRIV ON db1.* FROM 'jack'@'192.%';
- ```
+6. Revoke usage privilege on a workload group from a role:
-2. Revoke user jack resource spark_resource permission
+ REVOKE USAGE_PRIV ON WORKLOAD GROUP 'g1' FROM ROLE 'test_role';
- ```sql
- REVOKE USAGE_PRIV ON RESOURCE 'spark_resource' FROM 'jack'@'192.%';
- ```
-3. Revoke the roles role1 and role2 previously granted to jack
+7. Revoke usage privilege on a compute group from a user:
- ```sql
- REVOKE 'role1','role2' FROM 'jack'@'192.%';
- ```
+ REVOKE USAGE_PRIV ON COMPUTE GROUP 'group1' FROM 'jack'@'%';
-4. Revoke user jack usage privilege on 'g1';
+8. Revoke usage privilege on a compute group from a role:
- ```
- REVOKE USAGE_PRIV ON WORKLOAD GROUP 'g1' FROM 'jack'@'%';
- ```
+ REVOKE USAGE_PRIV ON COMPUTE GROUP 'group1' FROM ROLE 'my_role';
-5. Revoke user jack usage privilege on all Workload Group;
+9. Revoke usage privilege on a storage vault from a user:
- ```
- REVOKE USAGE_PRIV ON WORKLOAD GROUP '%' FROM 'jack'@'%';
- ```
+ REVOKE USAGE_PRIV ON STORAGE VAULT 'vault1' FROM 'jack'@'%';
-6. Revoke role test_role usage privilege on Workload Group 'g1';
+10. Revoke usage privilege on a storage vault from a role:
- ```
- REVOKE USAGE_PRIV ON WORKLOAD GROUP 'g1' FROM 'test_role';
- ```
+ REVOKE USAGE_PRIV ON STORAGE VAULT 'vault1' FROM ROLE 'my_role';
-### Keywords
+## Related Commands
- REVOKE
+- [GRANT](./GRANT.md)
+- [SHOW GRANTS](../Show-Statements/SHOW-GRANTS.md)
+- [CREATE ROLE](./CREATE-ROLE.md)
+- [CREATE WORKLOAD
GROUP](../Administration-Statements/CREATE-WORKLOAD-GROUP.md)
+- [CREATE COMPUTE GROUP](../Administration-Statements/CREATE-COMPUTE-GROUP.md)
+- [CREATE RESOURCE](../Administration-Statements/CREATE-RESOURCE.md)
+- [CREATE STORAGE VAULT](../Administration-Statements/CREATE-STORAGE-VAULT.md)
-### Best Practice
+## Keywords
+ REVOKE, WORKLOAD GROUP, COMPUTE GROUP, RESOURCE, STORAGE VAULT
\ No newline at end of file
diff --git
a/docs/sql-manual/sql-statements/Account-Management-Statements/SET-PROPERTY.md
b/docs/sql-manual/sql-statements/Account-Management-Statements/SET-PROPERTY.md
index 7c1551261f..aab3003756 100644
---
a/docs/sql-manual/sql-statements/Account-Management-Statements/SET-PROPERTY.md
+++
b/docs/sql-manual/sql-statements/Account-Management-Statements/SET-PROPERTY.md
@@ -24,15 +24,11 @@ specific language governing permissions and limitations
under the License.
-->
-## SET-PROPERTY
+## Description
-### Name
+Set user attributes, including resources assigned to users, importing
clusters, compute groups etc.
-SET PROPERTY
-
-### Description
-
-Set user attributes, including resources assigned to users, importing
clusters, etc.
+## Syntax
```sql
SET PROPERTY [FOR 'user'] 'key' = 'value' [, 'key' = 'value']
@@ -40,27 +36,33 @@ SET PROPERTY [FOR 'user'] 'key' = 'value' [, 'key' =
'value']
The user attribute set here is for user, not user_identity. That is, if two
users 'jack'@'%' and 'jack'@'192.%' are created through the CREATE USER
statement, the SET PROPERTY statement can only be used for the user jack, not
'jack'@'% ' or 'jack'@'192.%'
-key:
-
-Super user privileges:
+## Parameters
- max_user_connections: The maximum number of connections.
+### user
- max_query_instances: The number of instances that a user can use to execute a
query at the same time.
+The username for which to set attributes. If omitted, the attributes are set
for the current user.
- sql_block_rules: Set sql block rules. Once set, queries sent by this user
will be rejected if they match the rules.
+### key
- cpu_resource_limit: Limit the cpu resources for queries. See the introduction
to the session variable `cpu_resource_limit` for details. -1 means not set.
+The attribute key to set. Available keys include:
- exec_mem_limit: Limit the memory usage of the query. See the introduction to
the session variable `exec_mem_limit` for details. -1 means not set.
+- `max_user_connections`: The maximum number of connections.
+- `max_query_instances`: The number of instances that a user can use to
execute a query at the same time.
+- `sql_block_rules`: Set SQL block rules. Once set, queries sent by this user
will be rejected if they match the rules.
+- `cpu_resource_limit`: Limit the CPU resources for queries. See the
introduction to the session variable `cpu_resource_limit` for details. -1 means
not set.
+- `exec_mem_limit`: Limit the memory usage of the query. See the introduction
to the session variable `exec_mem_limit` for details. -1 means not set.
+- `resource_tags`: Specifies the user's resource tag permissions.
+- `query_timeout`: Specifies the user's query timeout.
+- `default_workload_group`: Specifies the user's default workload group.
+- `default_compute_group`: Specifies the user's default compute group.
- resource_tags: Specifies the user's resource tag permissions.
+Note: If the attributes `cpu_resource_limit` and `exec_mem_limit` are not set,
the value in the session variable will be used by default.
- query_timeout: Specifies the user's query timeout permissions.
+### value
- Note: If the attributes `cpu_resource_limit`, `exec_mem_limit` are not
set, the value in the session variable will be used by default.
+The value to set for the specified key.
-### Example
+## Example
1. Modify the maximum number of user jack connections to 1000
@@ -104,9 +106,23 @@ Super user privileges:
SET PROPERTY FOR 'jack' 'query_timeout' = '500';
```
-### Keywords
+8. Set the default workload group for user 'jack':
+
+ ```sql
+ SET PROPERTY FOR 'jack' 'default_workload_group' = 'group1';
+ ```
+
+9. Set the default compute group for user 'jack':
+
+ ```sql
+ SET PROPERTY FOR 'jack' 'default_compute_group' = 'compute_group1';
+ ```
+
+## Related Commands
- SET, PROPERTY
+- [CREATE USER](./CREATE-USER.md)
+- [SHOW PROPERTY](../Show-Statements/SHOW-PROPERTY.md)
-### Best Practice
+## Keywords
+ SET, PROPERTY, COMPUTE GROUP, WORKLOAD GROUP
diff --git
a/versioned_docs/version-3.0/sql-manual/sql-statements/Utility-Statements/USE.md
b/docs/sql-manual/sql-statements/Database-Administration-Statements/SET-DEFAULT-STORAGE-VAULT.md
similarity index 54%
copy from
versioned_docs/version-3.0/sql-manual/sql-statements/Utility-Statements/USE.md
copy to
docs/sql-manual/sql-statements/Database-Administration-Statements/SET-DEFAULT-STORAGE-VAULT.md
index 622de04a36..85ecbb3766 100644
---
a/versioned_docs/version-3.0/sql-manual/sql-statements/Utility-Statements/USE.md
+++
b/docs/sql-manual/sql-statements/Database-Administration-Statements/SET-DEFAULT-STORAGE-VAULT.md
@@ -1,6 +1,6 @@
---
{
- "title": "USE",
+ "title": "SET-DEFAULT-STORAGE-VAULT",
"language": "en"
}
---
@@ -24,43 +24,30 @@ specific language governing permissions and limitations
under the License.
-->
-## USE
+## Description
-### Name
+This statement is used to set the default storage vault in Doris. The default
storage vault is used to store data for internal or system tables. If the
default storage vault is not set, Doris will not function properly. Once the
default storage vault is set, it cannot be removed.
-USE
+## Syntax
-### Description
-
-The USE command allows us to use the database
-
-grammar:
-
-```SQL
-USE <[CATALOG_NAME].DATABASE_NAME>
+```sql
+SET vault_name DEFAULT STORAGE VAULT
```
-illustrate:
-1. `USE CATALOG_NAME.DATABASE_NAME` will switch the current catalog into
`CATALOG_NAME` and then change the current database into `DATABASE_NAME`
-
-### Example
-
-1. If the demo database exists in current catalog, try accessing it:
+> Note:
+>
+> 1. Only ADMIN users can set the default storage vault.
- ```sql
- mysql> use demo;
- Database changed
- ```
-2. If the demo database exists in catalog hms_catalog, try switching the
catalog and accessing it:
+## Example
- ```sql
- mysql> use hms_catalog.demo;
- Database changed
- ```
+1. Set the storage vault named 's3_vault' as the default storage vault.
-### Keywords
+ ```sql
+ SET s3_vault AS DEFAULT STORAGE VAULT;
+ ```
- USE
+## Related Commands
-### Best Practice
+## Keywords
+ SET, DEFAULT, STORAGE, VAULT
\ No newline at end of file
diff --git
a/docs/sql-manual/sql-statements/Show-Statements/SHOW-COMPUTE-GROUPS.md
b/docs/sql-manual/sql-statements/Show-Statements/SHOW-COMPUTE-GROUPS.md
new file mode 100644
index 0000000000..50950cae01
--- /dev/null
+++ b/docs/sql-manual/sql-statements/Show-Statements/SHOW-COMPUTE-GROUPS.md
@@ -0,0 +1,57 @@
+---
+{
+ "title": "SHOW COMPUTE GROUPS",
+ "language": "en"
+}
+---
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+## Description
+
+The SHOW COMPUTE GROUPS command is used to display information about all
configured compute groups in the system. Compute groups are logical units used
to manage and organize computational resources, helping users allocate and
utilize system resources more effectively.
+
+This command assists administrators and users in quickly understanding the
existing compute group configurations in the system, including the name,
attributes, and other relevant information for each compute group. This is
particularly useful for resource management, performance optimization, and
system monitoring.
+
+## Syntax
+
+```sql
+ SHOW COMPUTE GROUPS
+```
+
+## Return Values
+
+This command returns a result set containing the following columns:
+
+- `Name`: The name of the compute group.
+- `IsCurrent`: Indicates whether it is the current working compute group.
+- `Users`: Displays the list of users who have permission to use this compute
group.
+- `BackendNum`: Shows the number of backends (compute nodes) currently
allocated to this compute group.
+
+## Related Commands
+
+- [ALTER SYSTEM ADD
BACKEND](../Administration-Statements/ALTER-SYSTEM-ADD-BACKEND.md)
+- [GRANT](../Account-Management-Statements/GRANT.md)
+- [REVOKE](../Account-Management-Statements/REVOKE.md)
+- [SET DEFAULT COMPUTE
GROUP](../Administration-Statements/SET-DEFAULT-COMPUTE-GROUP.md)
+
+## Keywords
+
+ SHOW, COMPUTE GROUPS
\ No newline at end of file
diff --git
a/docs/sql-manual/sql-statements/Show-Statements/SHOW-STORAGE-VAULTS.md
b/docs/sql-manual/sql-statements/Show-Statements/SHOW-STORAGE-VAULTS.md
new file mode 100644
index 0000000000..7676d8f4e6
--- /dev/null
+++ b/docs/sql-manual/sql-statements/Show-Statements/SHOW-STORAGE-VAULTS.md
@@ -0,0 +1,55 @@
+---
+{
+ "title": "SHOW STORAGE VAULTS",
+ "language": "en"
+}
+---
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+## Description
+
+The SHOW STORAGE VAULTS command is used to display information about all
storage vaults configured in the system. Storage vaults are used to manage
external storage locations for data.
+
+## Syntax
+
+```sql
+ SHOW STORAGE VAULTS
+```
+
+## Return Values
+
+This command returns a result set with the following columns:
+
+- `StorageVaultName`: The name of the storage vault.
+- `StorageVaultId`: The id of the storage vault.
+- `Properties`: A JSON string containing the configuration properties of the
vault.
+- `IsDefault`: Indicates whether this vault is set as the default (TRUE or
FALSE).
+
+## Related Commands
+
+- [CREATE STORAGE VAULT](../Data-Definition-Statements/CREATE-STORAGE-VAULT.md)
+- [GRANT](../Account-Management-Statements/GRANT.md)
+- [REVOKE](../Account-Management-Statements/REVOKE.md)
+- [SET DEFAULT STORAGE
VAULT](../Data-Definition-Statements/SET-DEFAULT-STORAGE-VAULT.md)
+
+## Keywords
+
+ SHOW, STORAGE VAULTS
diff --git a/docs/sql-manual/sql-statements/Utility-Statements/USE.md
b/docs/sql-manual/sql-statements/Utility-Statements/USE.md
index 622de04a36..391a042cab 100644
--- a/docs/sql-manual/sql-statements/Utility-Statements/USE.md
+++ b/docs/sql-manual/sql-statements/Utility-Statements/USE.md
@@ -24,26 +24,17 @@ specific language governing permissions and limitations
under the License.
-->
-## USE
+## Description
-### Name
+The USE command allows us to switch to a specific database or compute group in
your SQL environment.
-USE
-
-### Description
-
-The USE command allows us to use the database
-
-grammar:
+## Syntax
```SQL
-USE <[CATALOG_NAME].DATABASE_NAME>
+USE { [catalog_name.]database_name[@compute_group_name] | @compute_group_name }
```
-illustrate:
-1. `USE CATALOG_NAME.DATABASE_NAME` will switch the current catalog into
`CATALOG_NAME` and then change the current database into `DATABASE_NAME`
-
-### Example
+## Example
1. If the demo database exists in current catalog, try accessing it:
@@ -58,9 +49,24 @@ illustrate:
Database changed
```
-### Keywords
+3. If the demo database exists in current catalog and you want to use the
compute group named 'cg1', try accessing it:
+
+ ```sql
+ mysql> use demo@cg1;
+ Database changed
+ ```
+
+4. If you want to use only the compute group named 'cg1', try accessing it:
+
+ ```sql
+ mysql> use @cg1;
+ Database changed
+ ```
+
+## Relate Commands
+
+## Keywords
- USE
+ USE, DATABASE, USER, COMPUTE GROUP
-### Best Practice
diff --git
a/i18n/zh-CN/docusaurus-plugin-content-docs/current/sql-manual/sql-statements/Account-Management-Statements/GRANT.md
b/i18n/zh-CN/docusaurus-plugin-content-docs/current/sql-manual/sql-statements/Account-Management-Statements/GRANT.md
index 4f41577351..21b02e914f 100644
---
a/i18n/zh-CN/docusaurus-plugin-content-docs/current/sql-manual/sql-statements/Account-Management-Statements/GRANT.md
+++
b/i18n/zh-CN/docusaurus-plugin-content-docs/current/sql-manual/sql-statements/Account-Management-Statements/GRANT.md
@@ -24,154 +24,165 @@ specific language governing permissions and limitations
under the License.
-->
-## GRANT
+## 描述
-### Name
-
-GRANT
-
-### Description
-
-GRANT 命令有如下功能:
+GRANT 命令用于:
1. 将指定的权限授予某用户或角色。
2. 将指定角色授予某用户。
->注意:
->
->2.0 及之后版本支持"将指定角色授予用户"
+## 语法
-```sql
GRANT privilege_list ON priv_level TO user_identity [ROLE role_name]
GRANT privilege_list ON RESOURCE resource_name TO user_identity [ROLE
role_name]
+GRANT privilege_list ON WORKLOAD GROUP workload_group_name TO user_identity
[ROLE role_name]
+
+GRANT privilege_list ON COMPUTE GROUP compute_group_name TO user_identity
[ROLE role_name]
+
+GRANT privilege_list ON STORAGE VAULT storage_vault_name TO user_identity
[ROLE role_name]
+
GRANT role_list TO user_identity
-```
-GRANT privilege_list ON WORKLOAD GROUP workload_group_name TO user_identity
[ROLE role_name]
+## 参数
+
+### privilege_list
+
+需要赋予的权限列表,以逗号分隔。当前支持如下权限:
+
+- NODE_PRIV:集群节点操作权限,包括节点上下线等操作。
+- ADMIN_PRIV:除 NODE_PRIV 以外的所有权限。
+- GRANT_PRIV:操作权限的权限,包括创建删除用户、角色,授权和撤权,设置密码等。
+- SELECT_PRIV:对指定的库或表的读取权限。
+- LOAD_PRIV:对指定的库或表的导入权限。
+- ALTER_PRIV:对指定的库或表的 schema 变更权限。
+- CREATE_PRIV:对指定的库或表的创建权限。
+- DROP_PRIV:对指定的库或表的删除权限。
+- USAGE_PRIV:对指定资源、Workload Group、Compute Group 的使用权限。
+- SHOW_VIEW_PRIV:查看 view 创建语句的权限。
+
+旧版权限转换:
+- ALL 和 READ_WRITE 会被转换成:SELECT_PRIV, LOAD_PRIV, ALTER_PRIV, CREATE_PRIV,
DROP_PRIV。
+- READ_ONLY 会被转换为 SELECT_PRIV。
+
+### priv_level
+
+支持以下四种形式:
+
+- *.*.*:权限可以应用于所有 catalog 及其中的所有库表。
+- catalog_name.*.*:权限可以应用于指定 catalog 中的所有库表。
+- catalog_name.db.*:权限可以应用于指定库下的所有表。
+- catalog_name.db.tbl:权限可以应用于指定库下的指定表。
+
+### resource_name
+
+指定 resource 名,支持 % 和 * 匹配所有资源,不支持通配符,比如 res*。
+
+### workload_group_name
+
+指定 workload group 名,支持 % 和 * 匹配所有 workload group,不支持通配符。
+
+### compute_group_name
+
+指定 compute group 名称,支持 % 和 * 匹配所有 compute group,不支持通配符。
+
+### storage_vault_name
+
+指定 storage vault 名称,支持 % 和 * 匹配所有 storage vault,不支持通配符。
+
+### user_identity
+
+指定接收权限的用户。必须为使用 CREATE USER 创建过的 user_identity。user_identity 中的 host
可以是域名,如果是域名的话,权限的生效时间可能会有 1 分钟左右的延迟。
+
+### role_name
+
+指定接收权限的角色。如果指定的角色不存在,则会自动创建。
+
+### role_list
+
+需要赋予的角色列表,以逗号分隔,指定的角色必须存在。
+
+## 示例
+
+1. 授予所有 catalog 和库表的权限给用户:
+
+ GRANT SELECT_PRIV ON *.*.* TO 'jack'@'%';
+
+2. 授予指定库表的权限给用户:
+
+ GRANT SELECT_PRIV,ALTER_PRIV,LOAD_PRIV ON ctl1.db1.tbl1 TO 'jack'@'192.8.%';
+
+3. 授予指定库表的权限给角色:
+
+ GRANT LOAD_PRIV ON ctl1.db1.* TO ROLE 'my_role';
+
+4. 授予所有 resource 的使用权限给用户:
+
+ GRANT USAGE_PRIV ON RESOURCE * TO 'jack'@'%';
+
+5. 授予指定 resource 的使用权限给用户:
+
+ GRANT USAGE_PRIV ON RESOURCE 'spark_resource' TO 'jack'@'%';
+
+6. 授予指定 resource 的使用权限给角色:
+
+ GRANT USAGE_PRIV ON RESOURCE 'spark_resource' TO ROLE 'my_role';
+
+7. 将指定 role 授予某用户:
+
+ GRANT 'role1','role2' TO 'jack'@'%';
+
+8. 将指定 workload group 授予用户:
+
+ GRANT USAGE_PRIV ON WORKLOAD GROUP 'g1' TO 'jack'@'%';
+
+9. 匹配所有 workload group 授予用户:
+
+ GRANT USAGE_PRIV ON WORKLOAD GROUP '%' TO 'jack'@'%';
+
+10. 将指定 workload group 授予角色:
-privilege_list 是需要赋予的权限列表,以逗号分隔。当前 Doris 支持如下权限:
-
- NODE_PRIV:集群节点操作权限,包括节点上下线等操作。同时拥有 Grant_priv 和 Node_priv 的用户,可以将该权限赋予其他用户。
- ADMIN_PRIV:除 NODE_PRIV 以外的所有权限。
- GRANT_PRIV: 操作权限的权限。包括创建删除用户、角色,授权和撤权,设置密码等。
- SELECT_PRIV:对指定的库或表的读取权限
- LOAD_PRIV:对指定的库或表的导入权限
- ALTER_PRIV:对指定的库或表的schema变更权限
- CREATE_PRIV:对指定的库或表的创建权限
- DROP_PRIV:对指定的库或表的删除权限
- USAGE_PRIV: 对指定资源的使用权限和 Workload Group 权限
- SHOW_VIEW_PRIV:
查看`view`创建语句的权限(从2.0.3版本开始,`SELECT_PRIV`和`LOAD_PRIV`权限不能`SHOW CREATE TABLE
view_name`,拥有`CREATE_PRIV`,`ALTER_PRIV`,`DROP_PRIV`,`SHOW_VIEW_PRIV`权限项中的任何一个,有权`SHOW
CREATE TABLE view_name`)
-
- 旧版权限中的 ALL 和 READ_WRITE
会被转换成:SELECT_PRIV,LOAD_PRIV,ALTER_PRIV,CREATE_PRIV,DROP_PRIV;
- READ_ONLY 会被转换为 SELECT_PRIV。
-
-权限分类:
-
- 1. 节点权限:NODE_PRIV
- 2. 库表权限:SELECT_PRIV,LOAD_PRIV,ALTER_PRIV,CREATE_PRIV,DROP_PRIV
- 3. 资源权限和 Workload Group 权限:USAGE_PRIV
-
-priv_level 支持以下四种形式:
-
- 1. *.*.* 权限可以应用于所有 catalog 及其中的所有库表
- 2. catalog_name.*.* 权限可以应用于指定 catalog 中的所有库表
- 3. catalog_name.db.* 权限可以应用于指定库下的所有表
- 4. catalog_name.db.tbl 权限可以应用于指定库下的指定表
-
- 这里指定的 catalog_name 或库或表可以是不存在的库和表。
-
-resource_name 支持以下两种形式:
-
- 1. * 权限应用于所有资源
- 2. resource 权限应用于指定资源
-
- 这里指定的资源可以是不存在的资源。另外,这里的资源请跟外部表区分开,有使用外部表的情况请都使用 catalog 作为替代。
-
-workload_group_name 可指定 workload group 名,支持 `%`和`_`匹配符,`%`可匹配任意字符串,`_`匹配任意单个字符。
-
-user_identity:
-
- 这里的 user_identity 语法同 CREATE USER。且必须为使用 CREATE USER 创建过的
user_identity。user_identity 中的host可以是域名,如果是域名的话,权限的生效时间可能会有1分钟左右的延迟。
-
- 也可以将权限赋予指定的 ROLE,如果指定的 ROLE 不存在,则会自动创建。
-
-role_list 是需要赋予的角色列表,以逗号分隔,指定的角色必须存在。
-
-### Example
-
-1. 授予所有 catalog 和库表的权限给用户
-
- ```sql
- GRANT SELECT_PRIV ON *.*.* TO 'jack'@'%';
- ```
-
-2. 授予指定库表的权限给用户
-
- ```sql
- GRANT SELECT_PRIV,ALTER_PRIV,LOAD_PRIV ON ctl1.db1.tbl1 TO
'jack'@'192.8.%';
- ```
-
-3. 授予指定库表的权限给角色
-
- ```sql
- GRANT LOAD_PRIV ON ctl1.db1.* TO ROLE 'my_role';
- ```
-
-4. 授予所有资源的使用权限给用户
-
- ```sql
- GRANT USAGE_PRIV ON RESOURCE * TO 'jack'@'%';
- ```
-
-5. 授予指定资源的使用权限给用户
-
- ```sql
- GRANT USAGE_PRIV ON RESOURCE 'spark_resource' TO 'jack'@'%';
- ```
-
-6. 授予指定资源的使用权限给角色
-
- ```sql
- GRANT USAGE_PRIV ON RESOURCE 'spark_resource' TO ROLE 'my_role';
- ```
-
-7. 将指定角色授予某用户
-
- ```sql
- GRANT 'role1','role2' TO 'jack'@'%';
- ```
-
-8. 将指定 workload group‘g1’授予用户 jack
-
- ```sql
- GRANT USAGE_PRIV ON WORKLOAD GROUP 'g1' TO 'jack'@'%';
- ```
-
-9. 匹配所有 workload group 授予用户 jack
-
- ```sql
- GRANT USAGE_PRIV ON WORKLOAD GROUP '%' TO 'jack'@'%';
- ```
-
-10. 将指定 workload group‘g1’授予角色 my_role
-
- ```sql
GRANT USAGE_PRIV ON WORKLOAD GROUP 'g1' TO ROLE 'my_role';
- ```
-11. 允许 jack 查看 db1 下 view1 的创建语句
+11. 允许用户查看指定 view 的创建语句:
- ```sql
GRANT SHOW_VIEW_PRIV ON db1.view1 TO 'jack'@'%';
- ```
-### Keywords
+12. 授予用户对指定 compute group 的使用权限:
+
+ GRANT USAGE_PRIV ON COMPUTE GROUP 'group1' TO 'jack'@'%';
+
+13. 授予角色对指定 compute group 的使用权限:
+
+ GRANT USAGE_PRIV ON COMPUTE GROUP 'group1' TO ROLE 'my_role';
+
+14. 授予用户对所有 compute group 的使用权限:
+
+ GRANT USAGE_PRIV ON COMPUTE GROUP '*' TO 'jack'@'%';
+
+15. 授予用户对指定 storage vault 的使用权限:
-```
-GRANT
-```
+ GRANT USAGE_PRIV ON STORAGE VAULT 'vault1' TO 'jack'@'%';
-### Best Practice
+16. 授予角色对指定 storage vault 的使用权限:
+
+ GRANT USAGE_PRIV ON STORAGE VAULT 'vault1' TO ROLE 'my_role';
+
+17. 授予用户对所有 storage vault 的使用权限:
+
+ GRANT USAGE_PRIV ON STORAGE VAULT '*' TO 'jack'@'%';
+
+## 相关命令
+
+- [REVOKE](./REVOKE.md)
+- [SHOW GRANTS](../Show-Statements/SHOW-GRANTS.md)
+- [CREATE ROLE](./CREATE-ROLE.md)
+- [CREATE WORKLOAD
GROUP](../Administration-Statements/CREATE-WORKLOAD-GROUP.md)
+- [CREATE COMPUTE GROUP](../Administration-Statements/CREATE-COMPUTE-GROUP.md)
+- [CREATE RESOURCE](../Administration-Statements/CREATE-RESOURCE.md)
+- [CREATE STORAGE VAULT](../Administration-Statements/CREATE-STORAGE-VAULT.md)
+
+### Keywords
+ GRANT, WORKLOAD GROUP, COMPUTE GROUP, STORAGE VAULT, RESOURCE
\ No newline at end of file
diff --git
a/i18n/zh-CN/docusaurus-plugin-content-docs/current/sql-manual/sql-statements/Account-Management-Statements/REVOKE.md
b/i18n/zh-CN/docusaurus-plugin-content-docs/current/sql-manual/sql-statements/Account-Management-Statements/REVOKE.md
index 34418cff24..c7ab012fe0 100644
---
a/i18n/zh-CN/docusaurus-plugin-content-docs/current/sql-manual/sql-statements/Account-Management-Statements/REVOKE.md
+++
b/i18n/zh-CN/docusaurus-plugin-content-docs/current/sql-manual/sql-statements/Account-Management-Statements/REVOKE.md
@@ -24,80 +24,138 @@ specific language governing permissions and limitations
under the License.
-->
-## REVOKE
+## 描述
-### Name
-
-REVOKE
-
-### Description
-
-REVOKE 命令有如下功能:
+REVOKE 命令用于:
1. 撤销某用户或某角色的指定权限。
2. 撤销先前授予某用户的指定角色。
->注意:
->
->2.0及之后版本支持"撤销先前授予某用户的指定角色"
+## 语法
-```sql
-REVOKE privilege_list ON db_name[.tbl_name] FROM user_identity [ROLE role_name]
+REVOKE privilege_list ON priv_level FROM user_identity [ROLE role_name]
REVOKE privilege_list ON RESOURCE resource_name FROM user_identity [ROLE
role_name]
+REVOKE privilege_list ON WORKLOAD GROUP workload_group_name FROM user_identity
[ROLE role_name]
+
+REVOKE privilege_list ON COMPUTE GROUP compute_group_name FROM user_identity
[ROLE role_name]
+
+REVOKE privilege_list ON STORAGE VAULT storage_vault_name FROM user_identity
[ROLE role_name]
+
REVOKE role_list FROM user_identity
-```
-user_identity:
+## 参数
+
+### privilege_list
+
+需要撤销的权限列表,以逗号分隔。支持的权限包括:
+
+- NODE_PRIV:集群节点操作权限
+- ADMIN_PRIV:管理员权限
+- GRANT_PRIV:授权权限
+- SELECT_PRIV:查询权限
+- LOAD_PRIV:数据导入权限
+- ALTER_PRIV:修改权限
+- CREATE_PRIV:创建权限
+- DROP_PRIV:删除权限
+- USAGE_PRIV:使用权限
+- SHOW_VIEW_PRIV:查看视图定义权限
+
+### priv_level
+
+指定权限的作用范围。支持以下格式:
+
+- *.*.*:所有 catalog、数据库和表
+- catalog_name.*.*:指定 catalog 中的所有数据库和表
+- catalog_name.db.*:指定数据库中的所有表
+- catalog_name.db.tbl:指定数据库中的特定表
+
+### resource_name
+
+指定 resource 名称。支持 % (匹配任意字符串)和 _(匹配任意单个字符)通配符。
+
+### workload_group_name
+
+指定 workload group 名称。支持 % (匹配任意字符串)和 _(匹配任意单个字符)通配符。
+
+### compute_group_name
+
+指定 compute group 名称。支持 % (匹配任意字符串)和 _(匹配任意单个字符)通配符。
+
+### storage_vault_name
+
+指定 storage vault 名称。支持 % (匹配任意字符串)和 _(匹配任意单个字符)通配符。
+
+
+### user_identity
+
+指定要撤销权限的用户。必须是使用 CREATE USER 创建的用户。user_identity 中的 host
可以是域名,如果是域名,权限的撤销时间可能会有 1 分钟左右的延迟。
+
+### role_name
+
+指定要撤销权限的角色。该角色必须存在。
+
+### role_list
+
+需要撤销的角色列表,以逗号分隔。指定的所有角色必须存在。
+
+## 示例
+
+1. 撤销用户在特定数据库上的 SELECT 权限:
+
+ REVOKE SELECT_PRIV ON db1.* FROM 'jack'@'192.%';
+
+2. 撤销用户对资源的使用权限:
+
+ REVOKE USAGE_PRIV ON RESOURCE 'spark_resource' FROM 'jack'@'192.%';
+
+3. 撤销用户的角色:
+
+ REVOKE 'role1','role2' FROM 'jack'@'192.%';
+
+4. 撤销用户对 workload group 的使用权限:
+
+ REVOKE USAGE_PRIV ON WORKLOAD GROUP 'g1' FROM 'jack'@'%';
+
+5. 撤销用户对所有 workload group 的使用权限:
+
+ REVOKE USAGE_PRIV ON WORKLOAD GROUP '%' FROM 'jack'@'%';
+
+6. 撤销角色对 workload group 的使用权限:
-这里的 user_identity 语法同 CREATE USER。且必须为使用 CREATE USER 创建过的
user_identity。user_identity 中的host可以是域名,如果是域名的话,权限的撤销时间可能会有1分钟左右的延迟。
+ REVOKE USAGE_PRIV ON WORKLOAD GROUP 'g1' FROM ROLE 'test_role';
-也可以撤销指定的 ROLE 的权限,执行的 ROLE 必须存在。
+7. 撤销用户对 compute group 的使用权限:
-role_list 是需要撤销的角色列表,以逗号分隔,指定的角色必须存在。
+ REVOKE USAGE_PRIV ON COMPUTE GROUP 'group1' FROM 'jack'@'%';
-### Example
+8. 撤销角色对 compute group 的使用权限:
-1. 撤销用户 jack 数据库 testDb 的权限
-
- ```sql
- REVOKE SELECT_PRIV ON db1.* FROM 'jack'@'192.%';
- ```
-
-2. 撤销用户 jack 资源 spark_resource 的使用权限
-
- ```sql
- REVOKE USAGE_PRIV ON RESOURCE 'spark_resource' FROM 'jack'@'192.%';
- ```
+ REVOKE USAGE_PRIV ON COMPUTE GROUP 'group1' FROM ROLE 'my_role';
-3. 撤销先前授予jack的角色role1和role2
+9. 撤销用户对 storage vault 的使用权限:
- ```sql
- REVOKE 'role1','role2' FROM 'jack'@'192.%';
- ```
+ REVOKE USAGE_PRIV ON STORAGE VAULT 'vault1' FROM 'jack'@'%';
-4. 撤销用户jack使用Workload Group 'g1'的权限
+10. 撤销角色对 storage vault 的使用权限:
- ```
- REVOKE USAGE_PRIV ON WORKLOAD GROUP 'g1' FROM 'jack'@'%';
- ```
+ REVOKE USAGE_PRIV ON STORAGE VAULT 'vault1' FROM ROLE 'my_role';
-5. 撤销用户jack使用所有Workload Group的权限
-
- ```
- REVOKE USAGE_PRIV ON WORKLOAD GROUP '%' FROM 'jack'@'%';
- ```
+11. 撤销用户对所有 storage vault 的使用权限:
-6. 撤销角色test_role使用Workload Group 'g1'的权限
-
- ```
- REVOKE USAGE_PRIV ON WORKLOAD GROUP 'g1' FROM 'test_role';
- ```
+ REVOKE USAGE_PRIV ON STORAGE VAULT '%' FROM 'jack'@'%';
-### Keywords
+## 相关命令
- REVOKE
+- [GRANT](./GRANT.md)
+- [SHOW GRANTS](../Show-Statements/SHOW-GRANTS.md)
+- [CREATE ROLE](./CREATE-ROLE.md)
+- [CREATE WORKLOAD
GROUP](../Administration-Statements/CREATE-WORKLOAD-GROUP.md)
+- [CREATE COMPUTE GROUP](../Administration-Statements/CREATE-COMPUTE-GROUP.md)
+- [CREATE RESOURCE](../Administration-Statements/CREATE-RESOURCE.md)
+- [CREATE STORAGE VAULT](../Administration-Statements/CREATE-STORAGE-VAULT.md)
-### Best Practice
+## Keywords
+ REVOKE, WORKLOAD GROUP, COMPUTE GROUP, RESOURCE
\ No newline at end of file
diff --git
a/i18n/zh-CN/docusaurus-plugin-content-docs/current/sql-manual/sql-statements/Account-Management-Statements/SET-PROPERTY.md
b/i18n/zh-CN/docusaurus-plugin-content-docs/current/sql-manual/sql-statements/Account-Management-Statements/SET-PROPERTY.md
index 3b82054e1f..dd98ba4489 100644
---
a/i18n/zh-CN/docusaurus-plugin-content-docs/current/sql-manual/sql-statements/Account-Management-Statements/SET-PROPERTY.md
+++
b/i18n/zh-CN/docusaurus-plugin-content-docs/current/sql-manual/sql-statements/Account-Management-Statements/SET-PROPERTY.md
@@ -24,89 +24,103 @@ specific language governing permissions and limitations
under the License.
-->
-## SET PROPERTY
+## 描述
-### Name
+SET PROPERTY 语句用于设置用户属性,包括分配给用户的资源和导入集群设置。这里设置的用户属性是针对用户的,而不是针对
user_identity。例如,如果通过 CREATE USER 语句创建了两个用户 'jack'@'%' 和 'jack'@'192.%',则使用 SET
PROPERTY 语句只能针对用户 'jack',而不是 'jack'@'%' 或 'jack'@'192.%'。
-SET PROPERTY
-
-### Description
-
- 设置用户的属性,包括分配给用户的资源、导入cluster等
+## 语法
```sql
SET PROPERTY [FOR 'user'] 'key' = 'value' [, 'key' = 'value']
```
-这里设置的用户属性,是针对 user 的,而不是 user_identity。即假设通过 CREATE USER 语句创建了两个用户 'jack'@'%'
和 'jack'@'192.%',则使用 SET PROPERTY 语句,只能针对 jack 这个用户,而不是 'jack'@'%' 或
'jack'@'192.%'
+## 参数
+
+### user
+
+要设置属性的用户名。如果省略,则为当前用户设置属性。
+
+### key
+
+要设置的属性键。可用的键包括:
+
+- `max_user_connections`:最大连接数。
+- `max_query_instances`:用户同一时间点执行查询可以使用的 instance 个数。
+- `sql_block_rules`:设置 SQL 阻止规则。设置后,该用户发送的查询如果匹配规则,则会被拒绝。
+- `cpu_resource_limit`:限制查询的 CPU 资源。详见会话变量 `cpu_resource_limit` 的介绍。-1 表示未设置。
+- `exec_mem_limit`:限制查询的内存使用。详见会话变量 `exec_mem_limit` 的介绍。-1 表示未设置。
+- `resource_tags`:指定用户的资源标签权限。
+- `query_timeout`:指定用户的查询超时。
+- `default_workload_group`:指定用户的默认工作负载组。
+- `default_compute_group`:指定用户的默认计算组。
+
+注:如果未设置 `cpu_resource_limit` 和 `exec_mem_limit`,则默认使用会话变量中的值。
+
+### value
+
+为指定键设置的值。
+
+## 示例
+
+1. 设置用户 'jack' 的最大连接数为 1000:
+
+ ```sql
+ SET PROPERTY FOR 'jack' 'max_user_connections' = '1000';
+ ```
+
+2. 设置用户 'jack' 的最大查询实例数为 3000:
+
+ ```sql
+ SET PROPERTY FOR 'jack' 'max_query_instances' = '3000';
+ ```
-key:
+3. 为用户 'jack' 设置 SQL 阻止规则:
-超级用户权限:
+ ```sql
+ SET PROPERTY FOR 'jack' 'sql_block_rules' = 'rule1, rule2';
+ ```
- max_user_connections: 最大连接数。
+4. 设置用户 'jack' 的 CPU 资源限制:
- max_query_instances: 用户同一时间点执行查询可以使用的instance个数。
+ ```sql
+ SET PROPERTY FOR 'jack' 'cpu_resource_limit' = '2';
+ ```
- sql_block_rules: 设置 sql block rules。设置后,该用户发送的查询如果匹配规则,则会被拒绝。
+5. 设置用户 'jack' 的资源标签权限:
- cpu_resource_limit: 限制查询的cpu资源。详见会话变量 `cpu_resource_limit` 的介绍。-1
表示未设置。
+ ```sql
+ SET PROPERTY FOR 'jack' 'resource_tags.location' = 'group_a, group_b';
+ ```
- exec_mem_limit: 限制查询的内存使用。详见会话变量 `exec_mem_limit` 的介绍。-1 表示未设置。
+6. 设置用户 'jack' 的内存使用限制(以字节为单位):
- resource_tags:指定用户的资源标签权限。
+ ```sql
+ SET PROPERTY FOR 'jack' 'exec_mem_limit' = '2147483648';
+ ```
- query_timeout:指定用户的查询超时权限。
+7. 设置用户 'jack' 的查询超时时间(以秒为单位):
- 注:`cpu_resource_limit`, `exec_mem_limit` 两个属性如果未设置,则默认使用会话变量中值。
+ ```sql
+ SET PROPERTY FOR 'jack' 'query_timeout' = '500';
+ ```
-### Example
+8. 设置用户 'jack' 的默认工作负载组:
-1. 修改用户 jack 最大连接数为1000
-
- ```sql
- SET PROPERTY FOR 'jack' 'max_user_connections' = '1000';
- ```
-
-2. 修改用户jack的查询可用instance个数为3000
-
- ```sql
- SET PROPERTY FOR 'jack' 'max_query_instances' = '3000';
- ```
-
-3. 修改用户jack的sql block rule
-
- ```sql
- SET PROPERTY FOR 'jack' 'sql_block_rules' = 'rule1, rule2';
- ```
+ ```sql
+ SET PROPERTY FOR 'jack' 'default_workload_group' = 'group1';
+ ```
-4. 修改用户jack的 cpu 使用限制
-
- ```sql
- SET PROPERTY FOR 'jack' 'cpu_resource_limit' = '2';
- ```
-
-5. 修改用户的资源标签权限
-
- ```sql
- SET PROPERTY FOR 'jack' 'resource_tags.location' = 'group_a, group_b';
- ```
-
-6. 修改用户的查询内存使用限制,单位字节
-
- ```sql
- SET PROPERTY FOR 'jack' 'exec_mem_limit' = '2147483648';
- ```
+9. 设置用户 'jack' 的默认计算组:
-7. 修改用户的查询超时限制,单位秒
+ ```sql
+ SET PROPERTY FOR 'jack' 'default_compute_group' = 'compute_group1';
+ ```
- ```sql
- SET PROPERTY FOR 'jack' 'query_timeout' = '500';
- ```
-
-### Keywords
+## 相关命令
- SET, PROPERTY
+- [CREATE USER](./CREATE-USER.md)
+- [SHOW PROPERTY](../Show-Statements/SHOW-PROPERTY.md)
-### Best Practice
+## Keywords
+ SET, PROPERTY, WORKLOAD GROUP, COMPUTE GROUP
diff --git
a/i18n/zh-CN/docusaurus-plugin-content-docs/version-3.0/sql-manual/sql-statements/Utility-Statements/USE.md
b/i18n/zh-CN/docusaurus-plugin-content-docs/current/sql-manual/sql-statements/Database-Administration-Statements/SET-DEFAULT-STORAGE-VAULT.md
similarity index 56%
copy from
i18n/zh-CN/docusaurus-plugin-content-docs/version-3.0/sql-manual/sql-statements/Utility-Statements/USE.md
copy to
i18n/zh-CN/docusaurus-plugin-content-docs/current/sql-manual/sql-statements/Database-Administration-Statements/SET-DEFAULT-STORAGE-VAULT.md
index 677c5060c3..8a5344b232 100644
---
a/i18n/zh-CN/docusaurus-plugin-content-docs/version-3.0/sql-manual/sql-statements/Utility-Statements/USE.md
+++
b/i18n/zh-CN/docusaurus-plugin-content-docs/current/sql-manual/sql-statements/Database-Administration-Statements/SET-DEFAULT-STORAGE-VAULT.md
@@ -1,6 +1,6 @@
---
{
- "title": "USE",
+ "title": "SET-DEFAULT-STORAGE-VAULT",
"language": "zh-CN"
}
---
@@ -24,43 +24,30 @@ specific language governing permissions and limitations
under the License.
-->
-## USE
+## 描述
-### Name
+该语句用于在Doris中设置默认存储库。默认存储库用于存储内部或系统表的数据。如果未设置默认存储库,Doris将无法正常运行。一旦设置了默认存储库,就无法移除它。
-USE
+## 语法
-### Description
-
-USE 命令可以让我们来使用数据库
-
-语法:
-
-```SQL
-USE <[CATALOG_NAME].DATABASE_NAME>
+```sql
+SET vault_name DEFAULT STORAGE VAULT
```
-说明:
-1. 使用`USE CATALOG_NAME.DATABASE_NAME`, 会先将当前的Catalog切换为`CATALOG_NAME`,
然后再讲当前的Database切换为`DATABASE_NAME`
+> 注意:
+>
+> 1. 只有ADMIN用户可以设置默认存储库
-### Example
+## 示例
-1. 如果 demo 数据库存在,尝试使用它:
+1. 将名为s3_vault的存储库设置为默认存储库
```sql
- mysql> use demo;
- Database changed
+ SET s3_vault AS DEFAULT STORAGE VAULT;
```
-2. 如果 demo 数据库在hms_catalog的Catalog下存在,尝试切换到hms_catalog, 并使用它:
-
- ```sql
- mysql> use hms_catalog.demo;
- Database changed
- ```
-### Keywords
-
- USE
+## 相关命令
-### Best Practice
+## 关键词
+ SET, DEFAULT, STORAGE, VAULT
\ No newline at end of file
diff --git
a/i18n/zh-CN/docusaurus-plugin-content-docs/current/sql-manual/sql-statements/Show-Statements/SHOW-COMPUTE-GROUPS.md
b/i18n/zh-CN/docusaurus-plugin-content-docs/current/sql-manual/sql-statements/Show-Statements/SHOW-COMPUTE-GROUPS.md
new file mode 100644
index 0000000000..7912f60267
--- /dev/null
+++
b/i18n/zh-CN/docusaurus-plugin-content-docs/current/sql-manual/sql-statements/Show-Statements/SHOW-COMPUTE-GROUPS.md
@@ -0,0 +1,57 @@
+---
+{
+ "title": "SHOW COMPUTE GROUPS",
+ "language": "zh-CN"
+}
+---
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+## 描述
+
+SHOW COMPUTE GROUPS
命令用于显示系统中所有已配置的计算组的信息。计算组是用于管理和组织计算资源的逻辑单元,可以帮助用户更有效地分配和使用系统资源。
+
+此命令可以帮助管理员和用户快速了解系统中现有的计算组配置,包括每个计算组的名称、属性和其他相关信息。这对于资源管理、性能优化和系统监控非常有用。
+
+## 语法
+
+```sql
+ SHOW COMPUTE GROUPS
+```
+
+## 返回值
+
+此命令返回一个结果集,包含以下列:
+
+- `Name`: 计算组的名称。
+- `IsCurrent`: 是否当前工作计算组。
+- `Users`: 显示有权限使用该计算组的用户列表。
+- `BackendNum`: 显示当前分配给该计算组的后端(计算节点)数量。
+
+## 相关命令
+
+- [ALTER SYSTEM ADD
BACKEND](../Administration-Statements/ALTER-SYSTEM-ADD-BACKEND.md)
+- [GRANT](../Account-Management-Statements/GRANT.md)
+- [REVOKE](../Account-Management-Statements/REVOKE.md)
+- [SET DEFAULT COMPUTE
GROUP](../Administration-Statements/SET-DEFAULT-COMPUTE-GROUP.md)
+
+### Keywords
+
+ SHOW, COMPUTE GROUPS
diff --git
a/i18n/zh-CN/docusaurus-plugin-content-docs/current/sql-manual/sql-statements/Show-Statements/SHOW-STORAGE-VAULTS.md
b/i18n/zh-CN/docusaurus-plugin-content-docs/current/sql-manual/sql-statements/Show-Statements/SHOW-STORAGE-VAULTS.md
new file mode 100644
index 0000000000..73fd4e8fa3
--- /dev/null
+++
b/i18n/zh-CN/docusaurus-plugin-content-docs/current/sql-manual/sql-statements/Show-Statements/SHOW-STORAGE-VAULTS.md
@@ -0,0 +1,55 @@
+---
+{
+ "title": "SHOW STORAGE VAULTS",
+ "language": "zh-CN"
+}
+---
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+## 描述
+
+SHOW STORAGE VAULTS 命令用于显示系统中配置的所有storage vault的信息。storage vault用于管理数据外部存储位置。
+
+## 语法
+
+```sql
+ SHOW STORAGE VAULTS
+```
+
+## 返回值
+
+此命令返回一个结果集,包含以下列:
+
+- `StorageVaultName`: storage vault 的名称。
+- `StorageVaultId`: storage vault 的ID。
+- `Properties`: 包含 storage vault 配置属性的JSON字符串。
+- `IsDefault`: 指示该 storage vault 是否设置为默认值(TRUE或FALSE)。
+
+## 相关命令
+
+- [CREATE STORAGE VAULT](../Data-Definition-Statements/CREATE-STORAGE-VAULT.md)
+- [GRANT](../Account-Management-Statements/GRANT.md)
+- [REVOKE](../Account-Management-Statements/REVOKE.md)
+- [SET DEFAULT STORAGE
VAULT](../Data-Definition-Statements/SET-DEFAULT-STORAGE-VAULT.md)
+
+## Keywords
+
+ SHOW, STORAGE VAULTS
diff --git
a/i18n/zh-CN/docusaurus-plugin-content-docs/current/sql-manual/sql-statements/Utility-Statements/USE.md
b/i18n/zh-CN/docusaurus-plugin-content-docs/current/sql-manual/sql-statements/Utility-Statements/USE.md
index 677c5060c3..bd7e9aa735 100644
---
a/i18n/zh-CN/docusaurus-plugin-content-docs/current/sql-manual/sql-statements/Utility-Statements/USE.md
+++
b/i18n/zh-CN/docusaurus-plugin-content-docs/current/sql-manual/sql-statements/Utility-Statements/USE.md
@@ -24,26 +24,17 @@ specific language governing permissions and limitations
under the License.
-->
-## USE
+## 描述
-### Name
+USE 命令允许我们在 SQL 环境中切换到特定的数据库或计算组。
-USE
-
-### Description
-
-USE 命令可以让我们来使用数据库
-
-语法:
+## 语法
```SQL
USE <[CATALOG_NAME].DATABASE_NAME>
```
-说明:
-1. 使用`USE CATALOG_NAME.DATABASE_NAME`, 会先将当前的Catalog切换为`CATALOG_NAME`,
然后再讲当前的Database切换为`DATABASE_NAME`
-
-### Example
+## 示例
1. 如果 demo 数据库存在,尝试使用它:
@@ -58,9 +49,22 @@ USE <[CATALOG_NAME].DATABASE_NAME>
mysql> use hms_catalog.demo;
Database changed
```
-### Keywords
+3. 如果 demo 数据库在当前目录中存在,并且您想使用名为 'cg1' 的计算组,请尝试访问它:
+
+ ```sql
+ mysql> use demo@cg1;
+ Database changed
+ ```
+
+4. 如果您只想使用名为 'cg1' 的计算组,请尝试访问它:
+
+ ```sql
+ mysql> use @cg1;
+ Database changed
+ ```
- USE
+## Relate Commands
-### Best Practice
+## Keywords
+ USE, DATABASE, USER, COMPUTE GROUP
\ No newline at end of file
diff --git
a/i18n/zh-CN/docusaurus-plugin-content-docs/version-3.0/sql-manual/sql-statements/Account-Management-Statements/GRANT.md
b/i18n/zh-CN/docusaurus-plugin-content-docs/version-3.0/sql-manual/sql-statements/Account-Management-Statements/GRANT.md
index 4f41577351..21b02e914f 100644
---
a/i18n/zh-CN/docusaurus-plugin-content-docs/version-3.0/sql-manual/sql-statements/Account-Management-Statements/GRANT.md
+++
b/i18n/zh-CN/docusaurus-plugin-content-docs/version-3.0/sql-manual/sql-statements/Account-Management-Statements/GRANT.md
@@ -24,154 +24,165 @@ specific language governing permissions and limitations
under the License.
-->
-## GRANT
+## 描述
-### Name
-
-GRANT
-
-### Description
-
-GRANT 命令有如下功能:
+GRANT 命令用于:
1. 将指定的权限授予某用户或角色。
2. 将指定角色授予某用户。
->注意:
->
->2.0 及之后版本支持"将指定角色授予用户"
+## 语法
-```sql
GRANT privilege_list ON priv_level TO user_identity [ROLE role_name]
GRANT privilege_list ON RESOURCE resource_name TO user_identity [ROLE
role_name]
+GRANT privilege_list ON WORKLOAD GROUP workload_group_name TO user_identity
[ROLE role_name]
+
+GRANT privilege_list ON COMPUTE GROUP compute_group_name TO user_identity
[ROLE role_name]
+
+GRANT privilege_list ON STORAGE VAULT storage_vault_name TO user_identity
[ROLE role_name]
+
GRANT role_list TO user_identity
-```
-GRANT privilege_list ON WORKLOAD GROUP workload_group_name TO user_identity
[ROLE role_name]
+## 参数
+
+### privilege_list
+
+需要赋予的权限列表,以逗号分隔。当前支持如下权限:
+
+- NODE_PRIV:集群节点操作权限,包括节点上下线等操作。
+- ADMIN_PRIV:除 NODE_PRIV 以外的所有权限。
+- GRANT_PRIV:操作权限的权限,包括创建删除用户、角色,授权和撤权,设置密码等。
+- SELECT_PRIV:对指定的库或表的读取权限。
+- LOAD_PRIV:对指定的库或表的导入权限。
+- ALTER_PRIV:对指定的库或表的 schema 变更权限。
+- CREATE_PRIV:对指定的库或表的创建权限。
+- DROP_PRIV:对指定的库或表的删除权限。
+- USAGE_PRIV:对指定资源、Workload Group、Compute Group 的使用权限。
+- SHOW_VIEW_PRIV:查看 view 创建语句的权限。
+
+旧版权限转换:
+- ALL 和 READ_WRITE 会被转换成:SELECT_PRIV, LOAD_PRIV, ALTER_PRIV, CREATE_PRIV,
DROP_PRIV。
+- READ_ONLY 会被转换为 SELECT_PRIV。
+
+### priv_level
+
+支持以下四种形式:
+
+- *.*.*:权限可以应用于所有 catalog 及其中的所有库表。
+- catalog_name.*.*:权限可以应用于指定 catalog 中的所有库表。
+- catalog_name.db.*:权限可以应用于指定库下的所有表。
+- catalog_name.db.tbl:权限可以应用于指定库下的指定表。
+
+### resource_name
+
+指定 resource 名,支持 % 和 * 匹配所有资源,不支持通配符,比如 res*。
+
+### workload_group_name
+
+指定 workload group 名,支持 % 和 * 匹配所有 workload group,不支持通配符。
+
+### compute_group_name
+
+指定 compute group 名称,支持 % 和 * 匹配所有 compute group,不支持通配符。
+
+### storage_vault_name
+
+指定 storage vault 名称,支持 % 和 * 匹配所有 storage vault,不支持通配符。
+
+### user_identity
+
+指定接收权限的用户。必须为使用 CREATE USER 创建过的 user_identity。user_identity 中的 host
可以是域名,如果是域名的话,权限的生效时间可能会有 1 分钟左右的延迟。
+
+### role_name
+
+指定接收权限的角色。如果指定的角色不存在,则会自动创建。
+
+### role_list
+
+需要赋予的角色列表,以逗号分隔,指定的角色必须存在。
+
+## 示例
+
+1. 授予所有 catalog 和库表的权限给用户:
+
+ GRANT SELECT_PRIV ON *.*.* TO 'jack'@'%';
+
+2. 授予指定库表的权限给用户:
+
+ GRANT SELECT_PRIV,ALTER_PRIV,LOAD_PRIV ON ctl1.db1.tbl1 TO 'jack'@'192.8.%';
+
+3. 授予指定库表的权限给角色:
+
+ GRANT LOAD_PRIV ON ctl1.db1.* TO ROLE 'my_role';
+
+4. 授予所有 resource 的使用权限给用户:
+
+ GRANT USAGE_PRIV ON RESOURCE * TO 'jack'@'%';
+
+5. 授予指定 resource 的使用权限给用户:
+
+ GRANT USAGE_PRIV ON RESOURCE 'spark_resource' TO 'jack'@'%';
+
+6. 授予指定 resource 的使用权限给角色:
+
+ GRANT USAGE_PRIV ON RESOURCE 'spark_resource' TO ROLE 'my_role';
+
+7. 将指定 role 授予某用户:
+
+ GRANT 'role1','role2' TO 'jack'@'%';
+
+8. 将指定 workload group 授予用户:
+
+ GRANT USAGE_PRIV ON WORKLOAD GROUP 'g1' TO 'jack'@'%';
+
+9. 匹配所有 workload group 授予用户:
+
+ GRANT USAGE_PRIV ON WORKLOAD GROUP '%' TO 'jack'@'%';
+
+10. 将指定 workload group 授予角色:
-privilege_list 是需要赋予的权限列表,以逗号分隔。当前 Doris 支持如下权限:
-
- NODE_PRIV:集群节点操作权限,包括节点上下线等操作。同时拥有 Grant_priv 和 Node_priv 的用户,可以将该权限赋予其他用户。
- ADMIN_PRIV:除 NODE_PRIV 以外的所有权限。
- GRANT_PRIV: 操作权限的权限。包括创建删除用户、角色,授权和撤权,设置密码等。
- SELECT_PRIV:对指定的库或表的读取权限
- LOAD_PRIV:对指定的库或表的导入权限
- ALTER_PRIV:对指定的库或表的schema变更权限
- CREATE_PRIV:对指定的库或表的创建权限
- DROP_PRIV:对指定的库或表的删除权限
- USAGE_PRIV: 对指定资源的使用权限和 Workload Group 权限
- SHOW_VIEW_PRIV:
查看`view`创建语句的权限(从2.0.3版本开始,`SELECT_PRIV`和`LOAD_PRIV`权限不能`SHOW CREATE TABLE
view_name`,拥有`CREATE_PRIV`,`ALTER_PRIV`,`DROP_PRIV`,`SHOW_VIEW_PRIV`权限项中的任何一个,有权`SHOW
CREATE TABLE view_name`)
-
- 旧版权限中的 ALL 和 READ_WRITE
会被转换成:SELECT_PRIV,LOAD_PRIV,ALTER_PRIV,CREATE_PRIV,DROP_PRIV;
- READ_ONLY 会被转换为 SELECT_PRIV。
-
-权限分类:
-
- 1. 节点权限:NODE_PRIV
- 2. 库表权限:SELECT_PRIV,LOAD_PRIV,ALTER_PRIV,CREATE_PRIV,DROP_PRIV
- 3. 资源权限和 Workload Group 权限:USAGE_PRIV
-
-priv_level 支持以下四种形式:
-
- 1. *.*.* 权限可以应用于所有 catalog 及其中的所有库表
- 2. catalog_name.*.* 权限可以应用于指定 catalog 中的所有库表
- 3. catalog_name.db.* 权限可以应用于指定库下的所有表
- 4. catalog_name.db.tbl 权限可以应用于指定库下的指定表
-
- 这里指定的 catalog_name 或库或表可以是不存在的库和表。
-
-resource_name 支持以下两种形式:
-
- 1. * 权限应用于所有资源
- 2. resource 权限应用于指定资源
-
- 这里指定的资源可以是不存在的资源。另外,这里的资源请跟外部表区分开,有使用外部表的情况请都使用 catalog 作为替代。
-
-workload_group_name 可指定 workload group 名,支持 `%`和`_`匹配符,`%`可匹配任意字符串,`_`匹配任意单个字符。
-
-user_identity:
-
- 这里的 user_identity 语法同 CREATE USER。且必须为使用 CREATE USER 创建过的
user_identity。user_identity 中的host可以是域名,如果是域名的话,权限的生效时间可能会有1分钟左右的延迟。
-
- 也可以将权限赋予指定的 ROLE,如果指定的 ROLE 不存在,则会自动创建。
-
-role_list 是需要赋予的角色列表,以逗号分隔,指定的角色必须存在。
-
-### Example
-
-1. 授予所有 catalog 和库表的权限给用户
-
- ```sql
- GRANT SELECT_PRIV ON *.*.* TO 'jack'@'%';
- ```
-
-2. 授予指定库表的权限给用户
-
- ```sql
- GRANT SELECT_PRIV,ALTER_PRIV,LOAD_PRIV ON ctl1.db1.tbl1 TO
'jack'@'192.8.%';
- ```
-
-3. 授予指定库表的权限给角色
-
- ```sql
- GRANT LOAD_PRIV ON ctl1.db1.* TO ROLE 'my_role';
- ```
-
-4. 授予所有资源的使用权限给用户
-
- ```sql
- GRANT USAGE_PRIV ON RESOURCE * TO 'jack'@'%';
- ```
-
-5. 授予指定资源的使用权限给用户
-
- ```sql
- GRANT USAGE_PRIV ON RESOURCE 'spark_resource' TO 'jack'@'%';
- ```
-
-6. 授予指定资源的使用权限给角色
-
- ```sql
- GRANT USAGE_PRIV ON RESOURCE 'spark_resource' TO ROLE 'my_role';
- ```
-
-7. 将指定角色授予某用户
-
- ```sql
- GRANT 'role1','role2' TO 'jack'@'%';
- ```
-
-8. 将指定 workload group‘g1’授予用户 jack
-
- ```sql
- GRANT USAGE_PRIV ON WORKLOAD GROUP 'g1' TO 'jack'@'%';
- ```
-
-9. 匹配所有 workload group 授予用户 jack
-
- ```sql
- GRANT USAGE_PRIV ON WORKLOAD GROUP '%' TO 'jack'@'%';
- ```
-
-10. 将指定 workload group‘g1’授予角色 my_role
-
- ```sql
GRANT USAGE_PRIV ON WORKLOAD GROUP 'g1' TO ROLE 'my_role';
- ```
-11. 允许 jack 查看 db1 下 view1 的创建语句
+11. 允许用户查看指定 view 的创建语句:
- ```sql
GRANT SHOW_VIEW_PRIV ON db1.view1 TO 'jack'@'%';
- ```
-### Keywords
+12. 授予用户对指定 compute group 的使用权限:
+
+ GRANT USAGE_PRIV ON COMPUTE GROUP 'group1' TO 'jack'@'%';
+
+13. 授予角色对指定 compute group 的使用权限:
+
+ GRANT USAGE_PRIV ON COMPUTE GROUP 'group1' TO ROLE 'my_role';
+
+14. 授予用户对所有 compute group 的使用权限:
+
+ GRANT USAGE_PRIV ON COMPUTE GROUP '*' TO 'jack'@'%';
+
+15. 授予用户对指定 storage vault 的使用权限:
-```
-GRANT
-```
+ GRANT USAGE_PRIV ON STORAGE VAULT 'vault1' TO 'jack'@'%';
-### Best Practice
+16. 授予角色对指定 storage vault 的使用权限:
+
+ GRANT USAGE_PRIV ON STORAGE VAULT 'vault1' TO ROLE 'my_role';
+
+17. 授予用户对所有 storage vault 的使用权限:
+
+ GRANT USAGE_PRIV ON STORAGE VAULT '*' TO 'jack'@'%';
+
+## 相关命令
+
+- [REVOKE](./REVOKE.md)
+- [SHOW GRANTS](../Show-Statements/SHOW-GRANTS.md)
+- [CREATE ROLE](./CREATE-ROLE.md)
+- [CREATE WORKLOAD
GROUP](../Administration-Statements/CREATE-WORKLOAD-GROUP.md)
+- [CREATE COMPUTE GROUP](../Administration-Statements/CREATE-COMPUTE-GROUP.md)
+- [CREATE RESOURCE](../Administration-Statements/CREATE-RESOURCE.md)
+- [CREATE STORAGE VAULT](../Administration-Statements/CREATE-STORAGE-VAULT.md)
+
+### Keywords
+ GRANT, WORKLOAD GROUP, COMPUTE GROUP, STORAGE VAULT, RESOURCE
\ No newline at end of file
diff --git
a/i18n/zh-CN/docusaurus-plugin-content-docs/version-3.0/sql-manual/sql-statements/Account-Management-Statements/REVOKE.md
b/i18n/zh-CN/docusaurus-plugin-content-docs/version-3.0/sql-manual/sql-statements/Account-Management-Statements/REVOKE.md
index 8c64dcd0dc..c7ab012fe0 100644
---
a/i18n/zh-CN/docusaurus-plugin-content-docs/version-3.0/sql-manual/sql-statements/Account-Management-Statements/REVOKE.md
+++
b/i18n/zh-CN/docusaurus-plugin-content-docs/version-3.0/sql-manual/sql-statements/Account-Management-Statements/REVOKE.md
@@ -24,62 +24,138 @@ specific language governing permissions and limitations
under the License.
-->
-## REVOKE
+## 描述
-### Name
-
-REVOKE
-
-### Description
-
-REVOKE 命令有如下功能:
+REVOKE 命令用于:
1. 撤销某用户或某角色的指定权限。
2. 撤销先前授予某用户的指定角色。
->注意:
->
->2.0及之后版本支持"撤销先前授予某用户的指定角色"
+## 语法
-```sql
-REVOKE privilege_list ON db_name[.tbl_name] FROM user_identity [ROLE role_name]
+REVOKE privilege_list ON priv_level FROM user_identity [ROLE role_name]
REVOKE privilege_list ON RESOURCE resource_name FROM user_identity [ROLE
role_name]
+REVOKE privilege_list ON WORKLOAD GROUP workload_group_name FROM user_identity
[ROLE role_name]
+
+REVOKE privilege_list ON COMPUTE GROUP compute_group_name FROM user_identity
[ROLE role_name]
+
+REVOKE privilege_list ON STORAGE VAULT storage_vault_name FROM user_identity
[ROLE role_name]
+
REVOKE role_list FROM user_identity
-```
-user_identity:
+## 参数
+
+### privilege_list
+
+需要撤销的权限列表,以逗号分隔。支持的权限包括:
+
+- NODE_PRIV:集群节点操作权限
+- ADMIN_PRIV:管理员权限
+- GRANT_PRIV:授权权限
+- SELECT_PRIV:查询权限
+- LOAD_PRIV:数据导入权限
+- ALTER_PRIV:修改权限
+- CREATE_PRIV:创建权限
+- DROP_PRIV:删除权限
+- USAGE_PRIV:使用权限
+- SHOW_VIEW_PRIV:查看视图定义权限
+
+### priv_level
+
+指定权限的作用范围。支持以下格式:
+
+- *.*.*:所有 catalog、数据库和表
+- catalog_name.*.*:指定 catalog 中的所有数据库和表
+- catalog_name.db.*:指定数据库中的所有表
+- catalog_name.db.tbl:指定数据库中的特定表
+
+### resource_name
+
+指定 resource 名称。支持 % (匹配任意字符串)和 _(匹配任意单个字符)通配符。
+
+### workload_group_name
+
+指定 workload group 名称。支持 % (匹配任意字符串)和 _(匹配任意单个字符)通配符。
+
+### compute_group_name
+
+指定 compute group 名称。支持 % (匹配任意字符串)和 _(匹配任意单个字符)通配符。
+
+### storage_vault_name
+
+指定 storage vault 名称。支持 % (匹配任意字符串)和 _(匹配任意单个字符)通配符。
+
+
+### user_identity
+
+指定要撤销权限的用户。必须是使用 CREATE USER 创建的用户。user_identity 中的 host
可以是域名,如果是域名,权限的撤销时间可能会有 1 分钟左右的延迟。
+
+### role_name
+
+指定要撤销权限的角色。该角色必须存在。
+
+### role_list
+
+需要撤销的角色列表,以逗号分隔。指定的所有角色必须存在。
+
+## 示例
+
+1. 撤销用户在特定数据库上的 SELECT 权限:
+
+ REVOKE SELECT_PRIV ON db1.* FROM 'jack'@'192.%';
+
+2. 撤销用户对资源的使用权限:
+
+ REVOKE USAGE_PRIV ON RESOURCE 'spark_resource' FROM 'jack'@'192.%';
+
+3. 撤销用户的角色:
+
+ REVOKE 'role1','role2' FROM 'jack'@'192.%';
+
+4. 撤销用户对 workload group 的使用权限:
+
+ REVOKE USAGE_PRIV ON WORKLOAD GROUP 'g1' FROM 'jack'@'%';
+
+5. 撤销用户对所有 workload group 的使用权限:
+
+ REVOKE USAGE_PRIV ON WORKLOAD GROUP '%' FROM 'jack'@'%';
+
+6. 撤销角色对 workload group 的使用权限:
+
+ REVOKE USAGE_PRIV ON WORKLOAD GROUP 'g1' FROM ROLE 'test_role';
+
+7. 撤销用户对 compute group 的使用权限:
+
+ REVOKE USAGE_PRIV ON COMPUTE GROUP 'group1' FROM 'jack'@'%';
+
+8. 撤销角色对 compute group 的使用权限:
-这里的 user_identity 语法同 CREATE USER。且必须为使用 CREATE USER 创建过的
user_identity。user_identity 中的host可以是域名,如果是域名的话,权限的撤销时间可能会有1分钟左右的延迟。
+ REVOKE USAGE_PRIV ON COMPUTE GROUP 'group1' FROM ROLE 'my_role';
-也可以撤销指定的 ROLE 的权限,执行的 ROLE 必须存在。
+9. 撤销用户对 storage vault 的使用权限:
-role_list 是需要撤销的角色列表,以逗号分隔,指定的角色必须存在。
+ REVOKE USAGE_PRIV ON STORAGE VAULT 'vault1' FROM 'jack'@'%';
-### Example
+10. 撤销角色对 storage vault 的使用权限:
-1. 撤销用户 jack 数据库 testDb 的权限
-
- ```sql
- REVOKE SELECT_PRIV ON db1.* FROM 'jack'@'192.%';
- ```
-
-2. 撤销用户 jack 资源 spark_resource 的使用权限
-
- ```sql
- REVOKE USAGE_PRIV ON RESOURCE 'spark_resource' FROM 'jack'@'192.%';
- ```
+ REVOKE USAGE_PRIV ON STORAGE VAULT 'vault1' FROM ROLE 'my_role';
-3. 撤销先前授予jack的角色role1和role2
+11. 撤销用户对所有 storage vault 的使用权限:
- ```sql
- REVOKE 'role1','role2' FROM 'jack'@'192.%';
- ```
+ REVOKE USAGE_PRIV ON STORAGE VAULT '%' FROM 'jack'@'%';
-### Keywords
+## 相关命令
- REVOKE
+- [GRANT](./GRANT.md)
+- [SHOW GRANTS](../Show-Statements/SHOW-GRANTS.md)
+- [CREATE ROLE](./CREATE-ROLE.md)
+- [CREATE WORKLOAD
GROUP](../Administration-Statements/CREATE-WORKLOAD-GROUP.md)
+- [CREATE COMPUTE GROUP](../Administration-Statements/CREATE-COMPUTE-GROUP.md)
+- [CREATE RESOURCE](../Administration-Statements/CREATE-RESOURCE.md)
+- [CREATE STORAGE VAULT](../Administration-Statements/CREATE-STORAGE-VAULT.md)
-### Best Practice
+## Keywords
+ REVOKE, WORKLOAD GROUP, COMPUTE GROUP, RESOURCE
\ No newline at end of file
diff --git
a/i18n/zh-CN/docusaurus-plugin-content-docs/version-3.0/sql-manual/sql-statements/Account-Management-Statements/SET-PROPERTY.md
b/i18n/zh-CN/docusaurus-plugin-content-docs/version-3.0/sql-manual/sql-statements/Account-Management-Statements/SET-PROPERTY.md
index 3b82054e1f..360fc26166 100644
---
a/i18n/zh-CN/docusaurus-plugin-content-docs/version-3.0/sql-manual/sql-statements/Account-Management-Statements/SET-PROPERTY.md
+++
b/i18n/zh-CN/docusaurus-plugin-content-docs/version-3.0/sql-manual/sql-statements/Account-Management-Statements/SET-PROPERTY.md
@@ -24,89 +24,97 @@ specific language governing permissions and limitations
under the License.
-->
-## SET PROPERTY
+## 描述
-### Name
+SET PROPERTY 语句用于设置用户属性,包括分配给用户的资源和导入集群设置。这里设置的用户属性是针对用户的,而不是针对
user_identity。例如,如果通过 CREATE USER 语句创建了两个用户 'jack'@'%' 和 'jack'@'192.%',则使用 SET
PROPERTY 语句只能针对用户 'jack',而不是 'jack'@'%' 或 'jack'@'192.%'。
-SET PROPERTY
+## 参数
-### Description
+### user
- 设置用户的属性,包括分配给用户的资源、导入cluster等
+要设置属性的用户名。如果省略,则为当前用户设置属性。
-```sql
-SET PROPERTY [FOR 'user'] 'key' = 'value' [, 'key' = 'value']
-```
+### key
-这里设置的用户属性,是针对 user 的,而不是 user_identity。即假设通过 CREATE USER 语句创建了两个用户 'jack'@'%'
和 'jack'@'192.%',则使用 SET PROPERTY 语句,只能针对 jack 这个用户,而不是 'jack'@'%' 或
'jack'@'192.%'
+要设置的属性键。可用的键包括:
-key:
+- `max_user_connections`:最大连接数。
+- `max_query_instances`:用户同一时间点执行查询可以使用的 instance 个数。
+- `sql_block_rules`:设置 SQL 阻止规则。设置后,该用户发送的查询如果匹配规则,则会被拒绝。
+- `cpu_resource_limit`:限制查询的 CPU 资源。详见会话变量 `cpu_resource_limit` 的介绍。-1 表示未设置。
+- `exec_mem_limit`:限制查询的内存使用。详见会话变量 `exec_mem_limit` 的介绍。-1 表示未设置。
+- `resource_tags`:指定用户的资源标签权限。
+- `query_timeout`:指定用户的查询超时。
+- `default_workload_group`:指定用户的默认工作负载组。
+- `default_compute_group`:指定用户的默认计算组。
-超级用户权限:
+注:如果未设置 `cpu_resource_limit` 和 `exec_mem_limit`,则默认使用会话变量中的值。
- max_user_connections: 最大连接数。
+### value
- max_query_instances: 用户同一时间点执行查询可以使用的instance个数。
+为指定键设置的值。
- sql_block_rules: 设置 sql block rules。设置后,该用户发送的查询如果匹配规则,则会被拒绝。
+## 示例
- cpu_resource_limit: 限制查询的cpu资源。详见会话变量 `cpu_resource_limit` 的介绍。-1
表示未设置。
+1. 设置用户 'jack' 的最大连接数为 1000:
- exec_mem_limit: 限制查询的内存使用。详见会话变量 `exec_mem_limit` 的介绍。-1 表示未设置。
+ ```sql
+ SET PROPERTY FOR 'jack' 'max_user_connections' = '1000';
+ ```
- resource_tags:指定用户的资源标签权限。
+2. 设置用户 'jack' 的最大查询实例数为 3000:
- query_timeout:指定用户的查询超时权限。
+ ```sql
+ SET PROPERTY FOR 'jack' 'max_query_instances' = '3000';
+ ```
- 注:`cpu_resource_limit`, `exec_mem_limit` 两个属性如果未设置,则默认使用会话变量中值。
+3. 为用户 'jack' 设置 SQL 阻止规则:
-### Example
+ ```sql
+ SET PROPERTY FOR 'jack' 'sql_block_rules' = 'rule1, rule2';
+ ```
-1. 修改用户 jack 最大连接数为1000
-
- ```sql
- SET PROPERTY FOR 'jack' 'max_user_connections' = '1000';
- ```
-
-2. 修改用户jack的查询可用instance个数为3000
-
- ```sql
- SET PROPERTY FOR 'jack' 'max_query_instances' = '3000';
- ```
-
-3. 修改用户jack的sql block rule
-
- ```sql
- SET PROPERTY FOR 'jack' 'sql_block_rules' = 'rule1, rule2';
- ```
+4. 设置用户 'jack' 的 CPU 资源限制:
-4. 修改用户jack的 cpu 使用限制
-
- ```sql
- SET PROPERTY FOR 'jack' 'cpu_resource_limit' = '2';
- ```
-
-5. 修改用户的资源标签权限
-
- ```sql
- SET PROPERTY FOR 'jack' 'resource_tags.location' = 'group_a, group_b';
- ```
-
-6. 修改用户的查询内存使用限制,单位字节
-
- ```sql
- SET PROPERTY FOR 'jack' 'exec_mem_limit' = '2147483648';
- ```
+ ```sql
+ SET PROPERTY FOR 'jack' 'cpu_resource_limit' = '2';
+ ```
-7. 修改用户的查询超时限制,单位秒
+5. 设置用户 'jack' 的资源标签权限:
- ```sql
- SET PROPERTY FOR 'jack' 'query_timeout' = '500';
- ```
-
-### Keywords
+ ```sql
+ SET PROPERTY FOR 'jack' 'resource_tags.location' = 'group_a, group_b';
+ ```
- SET, PROPERTY
+6. 设置用户 'jack' 的内存使用限制(以字节为单位):
-### Best Practice
+ ```sql
+ SET PROPERTY FOR 'jack' 'exec_mem_limit' = '2147483648';
+ ```
+7. 设置用户 'jack' 的查询超时时间(以秒为单位):
+
+ ```sql
+ SET PROPERTY FOR 'jack' 'query_timeout' = '500';
+ ```
+
+8. 设置用户 'jack' 的默认工作负载组:
+
+ ```sql
+ SET PROPERTY FOR 'jack' 'default_workload_group' = 'group1';
+ ```
+
+9. 设置用户 'jack' 的默认计算组:
+
+ ```sql
+ SET PROPERTY FOR 'jack' 'default_compute_group' = 'compute_group1';
+ ```
+
+## 相关命令
+
+- [CREATE USER](./CREATE-USER.md)
+- [SHOW PROPERTY](../Show-Statements/SHOW-PROPERTY.md)
+
+## Keywords
+
+ SET, PROPERTY, WORKLOAD GROUP, COMPUTE GROUP
diff --git
a/i18n/zh-CN/docusaurus-plugin-content-docs/version-3.0/sql-manual/sql-statements/Utility-Statements/USE.md
b/i18n/zh-CN/docusaurus-plugin-content-docs/version-3.0/sql-manual/sql-statements/Database-Administration-Statements/SET-DEFAULT-STORAGE-VAULT.md
similarity index 56%
copy from
i18n/zh-CN/docusaurus-plugin-content-docs/version-3.0/sql-manual/sql-statements/Utility-Statements/USE.md
copy to
i18n/zh-CN/docusaurus-plugin-content-docs/version-3.0/sql-manual/sql-statements/Database-Administration-Statements/SET-DEFAULT-STORAGE-VAULT.md
index 677c5060c3..8a5344b232 100644
---
a/i18n/zh-CN/docusaurus-plugin-content-docs/version-3.0/sql-manual/sql-statements/Utility-Statements/USE.md
+++
b/i18n/zh-CN/docusaurus-plugin-content-docs/version-3.0/sql-manual/sql-statements/Database-Administration-Statements/SET-DEFAULT-STORAGE-VAULT.md
@@ -1,6 +1,6 @@
---
{
- "title": "USE",
+ "title": "SET-DEFAULT-STORAGE-VAULT",
"language": "zh-CN"
}
---
@@ -24,43 +24,30 @@ specific language governing permissions and limitations
under the License.
-->
-## USE
+## 描述
-### Name
+该语句用于在Doris中设置默认存储库。默认存储库用于存储内部或系统表的数据。如果未设置默认存储库,Doris将无法正常运行。一旦设置了默认存储库,就无法移除它。
-USE
+## 语法
-### Description
-
-USE 命令可以让我们来使用数据库
-
-语法:
-
-```SQL
-USE <[CATALOG_NAME].DATABASE_NAME>
+```sql
+SET vault_name DEFAULT STORAGE VAULT
```
-说明:
-1. 使用`USE CATALOG_NAME.DATABASE_NAME`, 会先将当前的Catalog切换为`CATALOG_NAME`,
然后再讲当前的Database切换为`DATABASE_NAME`
+> 注意:
+>
+> 1. 只有ADMIN用户可以设置默认存储库
-### Example
+## 示例
-1. 如果 demo 数据库存在,尝试使用它:
+1. 将名为s3_vault的存储库设置为默认存储库
```sql
- mysql> use demo;
- Database changed
+ SET s3_vault AS DEFAULT STORAGE VAULT;
```
-2. 如果 demo 数据库在hms_catalog的Catalog下存在,尝试切换到hms_catalog, 并使用它:
-
- ```sql
- mysql> use hms_catalog.demo;
- Database changed
- ```
-### Keywords
-
- USE
+## 相关命令
-### Best Practice
+## 关键词
+ SET, DEFAULT, STORAGE, VAULT
\ No newline at end of file
diff --git
a/i18n/zh-CN/docusaurus-plugin-content-docs/version-3.0/sql-manual/sql-statements/Show-Statements/SHOW-COMPUTE-GROUPS.md
b/i18n/zh-CN/docusaurus-plugin-content-docs/version-3.0/sql-manual/sql-statements/Show-Statements/SHOW-COMPUTE-GROUPS.md
new file mode 100644
index 0000000000..1ddcc94931
--- /dev/null
+++
b/i18n/zh-CN/docusaurus-plugin-content-docs/version-3.0/sql-manual/sql-statements/Show-Statements/SHOW-COMPUTE-GROUPS.md
@@ -0,0 +1,57 @@
+---
+{
+ "title": "SHOW COMPUTE GROUPS",
+ "language": "zh-CN"
+}
+---
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+## 描述
+
+SHOW COMPUTE GROUPS
命令用于显示系统中所有已配置的计算组的信息。计算组是用于管理和组织计算资源的逻辑单元,可以帮助用户更有效地分配和使用系统资源。
+
+此命令可以帮助管理员和用户快速了解系统中现有的计算组配置,包括每个计算组的名称、属性和其他相关信息。这对于资源管理、性能优化和系统监控非常有用。
+
+## 语法
+
+```sql
+ SHOW COMPUTE GROUPS
+```
+
+## 返回值
+
+此命令返回一个结果集,包含以下列:
+
+- `Name`: 计算组的名称。
+- `IsCurrent`: 是否当前工作计算组。
+- `Users`: 显示有权限使用该计算组的用户列表。
+- `BackendNum`: 显示当前分配给该计算组的后端(计算节点)数量。
+
+## 相关命令
+
+- [ALTER SYSTEM ADD
BACKEND](../Administration-Statements/ALTER-SYSTEM-ADD-BACKEND.md)
+- [GRANT](../Account-Management-Statements/GRANT.md)
+- [REVOKE](../Account-Management-Statements/REVOKE.md)
+- [SET DEFAULT COMPUTE
GROUP](../Administration-Statements/SET-DEFAULT-COMPUTE-GROUP.md)
+
+## Keywords
+
+ SHOW, COMPUTE GROUPS
diff --git
a/i18n/zh-CN/docusaurus-plugin-content-docs/version-3.0/sql-manual/sql-statements/Show-Statements/SHOW-STORAGE-VAULTS.md
b/i18n/zh-CN/docusaurus-plugin-content-docs/version-3.0/sql-manual/sql-statements/Show-Statements/SHOW-STORAGE-VAULTS.md
new file mode 100644
index 0000000000..05f38e1cc8
--- /dev/null
+++
b/i18n/zh-CN/docusaurus-plugin-content-docs/version-3.0/sql-manual/sql-statements/Show-Statements/SHOW-STORAGE-VAULTS.md
@@ -0,0 +1,55 @@
+---
+{
+ "title": "SHOW STORAGE VAULTS",
+ "language": "zh-CN"
+}
+---
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+## 描述
+
+SHOW STORAGE VAULTS 命令用于显示系统中配置的所有storage vault的信息。storage vault用于管理数据外部存储位置。
+
+## 语法
+
+```sql
+ SHOW STORAGE VAULTS
+```
+
+## Return Values
+
+此命令返回一个结果集,包含以下列:
+
+- `StorageVaultName`: storage vault 的名称。
+- `StorageVaultId`: storage vault 的ID。
+- `Properties`: 包含 storage vault 配置属性的JSON字符串。
+- `IsDefault`: 指示该 storage vault 是否设置为默认值(TRUE或FALSE)。
+
+## 相关命令
+
+- [CREATE STORAGE VAULT](../Data-Definition-Statements/CREATE-STORAGE-VAULT.md)
+- [GRANT](../Account-Management-Statements/GRANT.md)
+- [REVOKE](../Account-Management-Statements/REVOKE.md)
+- [SET DEFAULT STORAGE
VAULT](../Data-Definition-Statements/SET-DEFAULT-STORAGE-VAULT.md)
+
+## Keywords
+
+ SHOW, STORAGE VAULTS
diff --git
a/i18n/zh-CN/docusaurus-plugin-content-docs/version-3.0/sql-manual/sql-statements/Utility-Statements/USE.md
b/i18n/zh-CN/docusaurus-plugin-content-docs/version-3.0/sql-manual/sql-statements/Utility-Statements/USE.md
index 677c5060c3..bd7e9aa735 100644
---
a/i18n/zh-CN/docusaurus-plugin-content-docs/version-3.0/sql-manual/sql-statements/Utility-Statements/USE.md
+++
b/i18n/zh-CN/docusaurus-plugin-content-docs/version-3.0/sql-manual/sql-statements/Utility-Statements/USE.md
@@ -24,26 +24,17 @@ specific language governing permissions and limitations
under the License.
-->
-## USE
+## 描述
-### Name
+USE 命令允许我们在 SQL 环境中切换到特定的数据库或计算组。
-USE
-
-### Description
-
-USE 命令可以让我们来使用数据库
-
-语法:
+## 语法
```SQL
USE <[CATALOG_NAME].DATABASE_NAME>
```
-说明:
-1. 使用`USE CATALOG_NAME.DATABASE_NAME`, 会先将当前的Catalog切换为`CATALOG_NAME`,
然后再讲当前的Database切换为`DATABASE_NAME`
-
-### Example
+## 示例
1. 如果 demo 数据库存在,尝试使用它:
@@ -58,9 +49,22 @@ USE <[CATALOG_NAME].DATABASE_NAME>
mysql> use hms_catalog.demo;
Database changed
```
-### Keywords
+3. 如果 demo 数据库在当前目录中存在,并且您想使用名为 'cg1' 的计算组,请尝试访问它:
+
+ ```sql
+ mysql> use demo@cg1;
+ Database changed
+ ```
+
+4. 如果您只想使用名为 'cg1' 的计算组,请尝试访问它:
+
+ ```sql
+ mysql> use @cg1;
+ Database changed
+ ```
- USE
+## Relate Commands
-### Best Practice
+## Keywords
+ USE, DATABASE, USER, COMPUTE GROUP
\ No newline at end of file
diff --git
a/versioned_docs/version-3.0/sql-manual/sql-statements/Account-Management-Statements/GRANT.md
b/versioned_docs/version-3.0/sql-manual/sql-statements/Account-Management-Statements/GRANT.md
index a7ab38b52f..c7b08cf588 100644
---
a/versioned_docs/version-3.0/sql-manual/sql-statements/Account-Management-Statements/GRANT.md
+++
b/versioned_docs/version-3.0/sql-manual/sql-statements/Account-Management-Statements/GRANT.md
@@ -24,152 +24,166 @@ specific language governing permissions and limitations
under the License.
-->
-## GRANT
+## Description
-### Name
+The GRANT command is used to:
-GRANT
+1. Grant specified privileges to a user or role.
+2. Grant specified roles to a user.
-### Description
+## Syntax
-The GRANT command has the following functions:
+GRANT privilege_list ON priv_level TO user_identity [ROLE role_name]
-1. Grant the specified permissions to a user or role.
-2. Grant the specified role to a user.
+GRANT privilege_list ON RESOURCE resource_name TO user_identity [ROLE
role_name]
->Note that.
->
->"Grant specified roles to user" is supported in versions 2.0 and later
+GRANT privilege_list ON WORKLOAD GROUP workload_group_name TO user_identity
[ROLE role_name]
-```sql
-GRANT privilege_list ON priv_level TO user_identity [ROLE role_name]
+GRANT privilege_list ON COMPUTE GROUP compute_group_name TO user_identity
[ROLE role_name]
-GRANT privilege_list ON RESOURCE resource_name TO user_identity [ROLE
role_name]
+GRANT privilege_list ON STORAGE VAULT storage_vault_name TO user_identity
[ROLE role_name]
GRANT role_list TO user_identity
-```
-GRANT privilege_list ON WORKLOAD GROUP workload_group_name TO user_identity
[ROLE role_name]
+## Parameters
+
+### privilege_list
+
+A comma-separated list of privileges to be granted. Currently supported
privileges include:
+
+- NODE_PRIV: Cluster node operation permissions, including node online and
offline operations.
+- ADMIN_PRIV: All privileges except NODE_PRIV.
+- GRANT_PRIV: Privilege for operation privileges, including creating and
deleting users, roles, authorization and revocation, setting passwords, etc.
+- SELECT_PRIV: Read permission on the specified database or table.
+- LOAD_PRIV: Import privileges on the specified database or table.
+- ALTER_PRIV: Schema change permission for the specified database or table.
+- CREATE_PRIV: Create permission on the specified database or table.
+- DROP_PRIV: Drop privilege on the specified database or table.
+- USAGE_PRIV: Access to the specified resource and Workload Group permissions.
+- SHOW_VIEW_PRIV: Permission to view `view` creation statements.
+
+Legacy privilege conversion:
+- ALL and READ_WRITE will be converted to: SELECT_PRIV, LOAD_PRIV, ALTER_PRIV,
CREATE_PRIV, DROP_PRIV.
+- READ_ONLY is converted to SELECT_PRIV.
+
+### priv_level
+
+Supports the following four forms:
+
+- *.*.*: Privileges can be applied to all catalogs and all databases and
tables within them.
+- catalog_name.*.*: Privileges can be applied to all databases and tables in
the specified catalog.
+- catalog_name.db.*: Privileges can be applied to all tables under the
specified database.
+- catalog_name.db.tbl: Privileges can be applied to the specified table under
the specified database.
+
+### resource_name
-privilege_list is a list of privileges to be granted, separated by commas.
Currently Doris supports the following permissions:
+Specifies the resource name, supporting `%` and `*` to match all resources,
but does not support wildcards, such as res*.
- NODE_PRIV: Cluster node operation permissions, including node online and
offline operations. User who has NODE_PRIV and GRANT_PRIV permission, can grant
NODE_PRIV to other users.
- ADMIN_PRIV: All privileges except NODE_PRIV.
- GRANT_PRIV: Privilege for operation privileges. Including creating and
deleting users, roles, authorization and revocation, setting passwords, etc.
- SELECT_PRIV: read permission on the specified database or table
- LOAD_PRIV: Import privileges on the specified database or table
- ALTER_PRIV: Schema change permission for the specified database or table
- CREATE_PRIV: Create permission on the specified database or table
- DROP_PRIV: drop privilege on the specified database or table
- USAGE_PRIV: access to the specified resource
- SHOW_VIEW_PRIV: View permission to `view` creation statements (starting
from version 2.0.3, 'SELECT_PRIV' and 'LOAD_PRIV' permissions cannot be 'SHOW
CREATE TABLE view_name', has one of
`CREATE_PRIV`,`ALTER_PRIV`,`DROP_PRIV`,`SHOW_VIEW_PRIV` can `SHOW CREATE TABLE
view_name`)
-
- ALL and READ_WRITE in legacy permissions will be converted to:
SELECT_PRIV,LOAD_PRIV,ALTER_PRIV,CREATE_PRIV,DROP_PRIV;
- READ_ONLY is converted to SELECT_PRIV.
+### workload_group_name
-Permission classification:
+Specifies the workload group name, supporting `%` and `*` to match all
workload groups, but does not support wildcards.
- 1. Node Privilege: NODE_PRIV
- 2. database table permissions: SELECT_PRIV, LOAD_PRIV, ALTER_PRIV,
CREATE_PRIV, DROP_PRIV
- 3. Resource and workload groups Privilege: USAGE_PRIV
+### compute_group_name
-Priv_level supports the following four forms:
+Specifies the compute group name, supporting `%` and `*` to match all compute
groups, but does not support wildcards.
- 1. *.*.* permissions can be applied to all catalogs, all databases and all
tables in them
- 2. catalog_name.*.* permissions can be applied to all databases and all
tables in them
- 3. catalog_name.db.* permissions can be applied to all tables under the
specified database
- 4. catalog_name.db.tbl permission can be applied to the specified table
under the specified database
-
- The catalog or database, table specified here may be not exist.
+### storage_vault_name
-resource_name supports the following two forms:
+Specifies the storage vault name, supporting `%` and `*` to match all storage
vaults, but does not support wildcards.
- 1. * Permissions apply to all resources
- 2. The resource permission applies to the specified resource
-
- The resource specified here can be a non-existing resource. In addition,
please distinguish the resources here from external tables, and use catalog as
an alternative if you use external tables.
-workload_group_name specifies the workload group name and supports `%` and `_`
match characters, `%` can match any string and `_` matches any single character.
+### user_identity
-user_identity:
+Specifies the user to receive the privileges. Must be a user_identity created
with CREATE USER. The host in user_identity can be a domain name. If it is a
domain name, the effective time of the authority may be delayed by about 1
minute.
- The user_identity syntax here is the same as CREATE USER. And must be a
user_identity created with CREATE USER. The host in user_identity can be a
domain name. If it is a domain name, the effective time of the authority may be
delayed by about 1 minute.
-
- You can also assign permissions to the specified ROLE, if the specified
ROLE does not exist, it will be created automatically.
+### role_name
-role_list is the list of roles to be assigned, separated by commas,the
specified role must exist.
+Specifies the role to receive the privileges. If the specified role does not
exist, it will be created automatically.
-### Example
+### role_list
-1. Grant permissions to all catalog and databases and tables to the user
+A comma-separated list of roles to be assigned. The specified roles must exist.
+
+## Examples
+
+1. Grant permissions to all catalogs and databases and tables to the user:
- ```sql
GRANT SELECT_PRIV ON *.*.* TO 'jack'@'%';
- ```
-2. Grant permissions to the specified database table to the user
+2. Grant permissions to the specified database table to the user:
- ```sql
GRANT SELECT_PRIV,ALTER_PRIV,LOAD_PRIV ON ctl1.db1.tbl1 TO 'jack'@'192.8.%';
- ```
-3. Grant permissions to the specified database table to the role
+3. Grant permissions to the specified database table to the role:
- ```sql
GRANT LOAD_PRIV ON ctl1.db1.* TO ROLE 'my_role';
- ```
-4. Grant access to all resources to users
+4. Grant access to all resources to users:
- ```sql
GRANT USAGE_PRIV ON RESOURCE * TO 'jack'@'%';
- ```
-5. Grant the user permission to use the specified resource
+5. Grant the user permission to use the specified resource:
- ```sql
GRANT USAGE_PRIV ON RESOURCE 'spark_resource' TO 'jack'@'%';
- ```
-6. Grant access to specified resources to roles
+6. Grant access to specified resources to roles:
- ```sql
GRANT USAGE_PRIV ON RESOURCE 'spark_resource' TO ROLE 'my_role';
- ```
-7. Grant the specified role to a user
+7. Grant the specified role to a user:
- ```sql
- GRANT 'role1','role2' TO 'jack'@'%';
- ```
+ GRANT 'role1','role2' TO 'jack'@'%';
-8. Grant the specified workload group 'g1' to user jack
+8. Grant the specified workload group 'g1' to user jack:
- ```sql
- GRANT USAGE_PRIV ON WORKLOAD GROUP 'g1' TO 'jack'@'%'.
- ```
+ GRANT USAGE_PRIV ON WORKLOAD GROUP 'g1' TO 'jack'@'%';
-9. match all workload groups granted to user jack
+9. Match all workload groups granted to user jack:
- ```sql
- GRANT USAGE_PRIV ON WORKLOAD GROUP '%' TO 'jack'@'%'.
- ```
+ GRANT USAGE_PRIV ON WORKLOAD GROUP '%' TO 'jack'@'%';
-10. grant the workload group 'g1' to the role my_role
+10. Grant the workload group 'g1' to the role my_role:
- ```sql
- GRANT USAGE_PRIV ON WORKLOAD GROUP 'g1' TO ROLE 'my_role'.
- ```
+ GRANT USAGE_PRIV ON WORKLOAD GROUP 'g1' TO ROLE 'my_role';
-11. Allow jack to view the creation statement of view1 under db1
+11. Allow jack to view the creation statement of view1 under db1:
- ```sql
GRANT SHOW_VIEW_PRIV ON db1.view1 TO 'jack'@'%';
- ```
-### Keywords
+12. Grant user permission to use the specified compute group:
+
+ GRANT USAGE_PRIV ON COMPUTE GROUP 'group1' TO 'jack'@'%';
+
+13. Grant role permission to use the specified compute group:
+
+ GRANT USAGE_PRIV ON COMPUTE GROUP 'group1' TO ROLE 'my_role';
+
+14. Grant user permission to use all compute groups:
+
+ GRANT USAGE_PRIV ON COMPUTE GROUP '*' TO 'jack'@'%';
+
+15. Grant user permission to use the specified storage vault:
+
+ GRANT USAGE_PRIV ON STORAGE VAULT 'vault1' TO 'jack'@'%';
+
+16. Grant role permission to use the specified storage vault:
+
+ GRANT USAGE_PRIV ON STORAGE VAULT 'vault1' TO ROLE 'my_role';
+
+17. Grant user permission to use all storage vaults:
+
+ GRANT USAGE_PRIV ON STORAGE VAULT '*' TO 'jack'@'%';
+
+## Related Commands
- GRANT
+- [REVOKE](./REVOKE.md)
+- [SHOW GRANTS](../Show-Statements/SHOW-GRANTS.md)
+- [CREATE ROLE](./CREATE-ROLE.md)
+- [CREATE WORKLOAD
GROUP](../Administration-Statements/CREATE-WORKLOAD-GROUP.md)
+- [CREATE COMPUTE GROUP](../Administration-Statements/CREATE-COMPUTE-GROUP.md)
+- [CREATE RESOURCE](../Administration-Statements/CREATE-RESOURCE.md)
+- [CREATE STORAGE VAULT](../Administration-Statements/CREATE-STORAGE-VAULT.md)
-### Best Practice
+## Keywords
+ GRANT, WORKLOAD GROUP, COMPUTE GROUP, RESOURCE
diff --git
a/versioned_docs/version-3.0/sql-manual/sql-statements/Account-Management-Statements/REVOKE.md
b/versioned_docs/version-3.0/sql-manual/sql-statements/Account-Management-Statements/REVOKE.md
index a1837b7b7d..b0d6beca8c 100644
---
a/versioned_docs/version-3.0/sql-manual/sql-statements/Account-Management-Statements/REVOKE.md
+++
b/versioned_docs/version-3.0/sql-manual/sql-statements/Account-Management-Statements/REVOKE.md
@@ -24,61 +24,135 @@ specific language governing permissions and limitations
under the License.
-->
-## REVOKE
+## Description
-### Name
+The REVOKE command is used to:
-REVOKE
+1. Revoke specified privileges from a user or role.
+2. Revoke specified roles previously granted to a user.
-### Description
+## Syntax
-The REVOKE command has the following functions:
+REVOKE privilege_list ON priv_level FROM user_identity [ROLE role_name]
-1. Revoke the specified permission of a user or a role.
-2. Revoke the specified role previously granted to a user.
+REVOKE privilege_list ON RESOURCE resource_name FROM user_identity [ROLE
role_name]
->Note that.
->
->"Revoke the specified roles previously granted to a user" is supported in
versions 2.0 and later
+REVOKE privilege_list ON WORKLOAD GROUP workload_group_name FROM user_identity
[ROLE role_name]
-```sql
-REVOKE privilege_list ON db_name[.tbl_name] FROM user_identity [ROLE role_name]
+REVOKE privilege_list ON COMPUTE GROUP compute_group_name FROM user_identity
[ROLE role_name]
-REVOKE privilege_list ON RESOURCE resource_name FROM user_identity [ROLE
role_name]
+REVOKE privilege_list ON STORAGE VAULT storage_vault_name FROM user_identity
[ROLE role_name]
REVOKE role_list FROM user_identity
-```
-user_identity:
+## Parameters
+
+### privilege_list
+
+A comma-separated list of privileges to be revoked. Supported privileges
include:
+
+- NODE_PRIV: Cluster node operation permissions
+- ADMIN_PRIV: Administrator privileges
+- GRANT_PRIV: Authorization privileges
+- SELECT_PRIV: Query privileges
+- LOAD_PRIV: Data import privileges
+- ALTER_PRIV: Modification privileges
+- CREATE_PRIV: Creation privileges
+- DROP_PRIV: Deletion privileges
+- USAGE_PRIV: Usage privileges
+- SHOW_VIEW_PRIV: Privileges to view view definitions
+
+### priv_level
+
+Specifies the scope of the privileges. Supported formats:
+
+- *.*.*: All catalogs, databases, and tables
+- catalog_name.*.*: All databases and tables in the specified catalog
+- catalog_name.db.*: All tables in the specified database
+- catalog_name.db.tbl: Specific table in the specified database
+
+### resource_name
+
+Specifies the resource scope. Supports % (matches any string) and _ (matches
any single character) wildcards.
+
+### workload_group_name
+
+Specifies the workload group name. Supports % (matches any string) and _
(matches any single character) wildcards.
+
+### compute_group_name
+
+Specifies the compute group name. Supports % (matches any string) and _
(matches any single character) wildcards.
+
+### storage_vault_name
+
+Specifies the storage vault name. Supports % (matches any string) and _
(matches any single character) wildcards.
+
+### user_identity
+
+Specifies the user from whom privileges are being revoked. Must be a user
created with CREATE USER. The host in user_identity can be a domain name. If
it's a domain name, the revocation of privileges may be delayed by about 1
minute.
+
+### role_name
+
+Specifies the role from which privileges are being revoked. The role must
exist.
+
+### role_list
+
+A comma-separated list of roles to be revoked. All specified roles must exist.
+
+## Examples
+
+1. Revoke SELECT privilege on a specific database from a user:
+
+ REVOKE SELECT_PRIV ON db1.* FROM 'jack'@'192.%';
+
+2. Revoke usage privilege on a resource from a user:
+
+ REVOKE USAGE_PRIV ON RESOURCE 'spark_resource' FROM 'jack'@'192.%';
+
+3. Revoke roles from a user:
+
+ REVOKE 'role1','role2' FROM 'jack'@'192.%';
+
+4. Revoke usage privilege on a workload group from a user:
+
+ REVOKE USAGE_PRIV ON WORKLOAD GROUP 'g1' FROM 'jack'@'%';
+
+5. Revoke usage privilege on all workload groups from a user:
+
+ REVOKE USAGE_PRIV ON WORKLOAD GROUP '%' FROM 'jack'@'%';
+
+6. Revoke usage privilege on a workload group from a role:
+
+ REVOKE USAGE_PRIV ON WORKLOAD GROUP 'g1' FROM ROLE 'test_role';
+
+7. Revoke usage privilege on a compute group from a user:
-The user_identity syntax here is the same as CREATE USER. And must be a
user_identity created with CREATE USER. The host in user_identity can be a
domain name. If it is a domain name, the revocation time of permissions may be
delayed by about 1 minute.
+ REVOKE USAGE_PRIV ON COMPUTE GROUP 'group1' FROM 'jack'@'%';
-It is also possible to revoke the permissions of the specified ROLE, the
executed ROLE must exist.
+8. Revoke usage privilege on a compute group from a role:
-role_list is the list of roles to be revoked, separated by commas. The
specified roles must exist.
+ REVOKE USAGE_PRIV ON COMPUTE GROUP 'group1' FROM ROLE 'my_role';
-### Example
+9. Revoke usage privilege on a storage vault from a user:
-1. Revoke the permission of user jack database testDb
+ REVOKE USAGE_PRIV ON STORAGE VAULT 'vault1' FROM 'jack'@'%';
- ```sql
- REVOKE SELECT_PRIV ON db1.* FROM 'jack'@'192.%';
- ```
+10. Revoke usage privilege on a storage vault from a role:
-2. Revoke user jack resource spark_resource permission
+ REVOKE USAGE_PRIV ON STORAGE VAULT 'vault1' FROM ROLE 'my_role';
- ```sql
- REVOKE USAGE_PRIV ON RESOURCE 'spark_resource' FROM 'jack'@'192.%';
- ```
-3. Revoke the roles role1 and role2 previously granted to jack
- ```sql
- REVOKE 'role1','role2' FROM 'jack'@'192.%';
- ```
+## Related Commands
-### Keywords
+- [GRANT](./GRANT.md)
+- [SHOW GRANTS](../Show-Statements/SHOW-GRANTS.md)
+- [CREATE ROLE](./CREATE-ROLE.md)
+- [CREATE WORKLOAD
GROUP](../Administration-Statements/CREATE-WORKLOAD-GROUP.md)
+- [CREATE COMPUTE GROUP](../Administration-Statements/CREATE-COMPUTE-GROUP.md)
+- [CREATE RESOURCE](../Administration-Statements/CREATE-RESOURCE.md)
+- [CREATE STORAGE VAULT](../Administration-Statements/CREATE-STORAGE-VAULT.md)
- REVOKE
+## Keywords
-### Best Practice
+ REVOKE, WORKLOAD GROUP, COMPUTE GROUP, RESOURCE, STORAGE VAULT
diff --git
a/versioned_docs/version-3.0/sql-manual/sql-statements/Account-Management-Statements/SET-PROPERTY.md
b/versioned_docs/version-3.0/sql-manual/sql-statements/Account-Management-Statements/SET-PROPERTY.md
index 7c1551261f..aab3003756 100644
---
a/versioned_docs/version-3.0/sql-manual/sql-statements/Account-Management-Statements/SET-PROPERTY.md
+++
b/versioned_docs/version-3.0/sql-manual/sql-statements/Account-Management-Statements/SET-PROPERTY.md
@@ -24,15 +24,11 @@ specific language governing permissions and limitations
under the License.
-->
-## SET-PROPERTY
+## Description
-### Name
+Set user attributes, including resources assigned to users, importing
clusters, compute groups etc.
-SET PROPERTY
-
-### Description
-
-Set user attributes, including resources assigned to users, importing
clusters, etc.
+## Syntax
```sql
SET PROPERTY [FOR 'user'] 'key' = 'value' [, 'key' = 'value']
@@ -40,27 +36,33 @@ SET PROPERTY [FOR 'user'] 'key' = 'value' [, 'key' =
'value']
The user attribute set here is for user, not user_identity. That is, if two
users 'jack'@'%' and 'jack'@'192.%' are created through the CREATE USER
statement, the SET PROPERTY statement can only be used for the user jack, not
'jack'@'% ' or 'jack'@'192.%'
-key:
-
-Super user privileges:
+## Parameters
- max_user_connections: The maximum number of connections.
+### user
- max_query_instances: The number of instances that a user can use to execute a
query at the same time.
+The username for which to set attributes. If omitted, the attributes are set
for the current user.
- sql_block_rules: Set sql block rules. Once set, queries sent by this user
will be rejected if they match the rules.
+### key
- cpu_resource_limit: Limit the cpu resources for queries. See the introduction
to the session variable `cpu_resource_limit` for details. -1 means not set.
+The attribute key to set. Available keys include:
- exec_mem_limit: Limit the memory usage of the query. See the introduction to
the session variable `exec_mem_limit` for details. -1 means not set.
+- `max_user_connections`: The maximum number of connections.
+- `max_query_instances`: The number of instances that a user can use to
execute a query at the same time.
+- `sql_block_rules`: Set SQL block rules. Once set, queries sent by this user
will be rejected if they match the rules.
+- `cpu_resource_limit`: Limit the CPU resources for queries. See the
introduction to the session variable `cpu_resource_limit` for details. -1 means
not set.
+- `exec_mem_limit`: Limit the memory usage of the query. See the introduction
to the session variable `exec_mem_limit` for details. -1 means not set.
+- `resource_tags`: Specifies the user's resource tag permissions.
+- `query_timeout`: Specifies the user's query timeout.
+- `default_workload_group`: Specifies the user's default workload group.
+- `default_compute_group`: Specifies the user's default compute group.
- resource_tags: Specifies the user's resource tag permissions.
+Note: If the attributes `cpu_resource_limit` and `exec_mem_limit` are not set,
the value in the session variable will be used by default.
- query_timeout: Specifies the user's query timeout permissions.
+### value
- Note: If the attributes `cpu_resource_limit`, `exec_mem_limit` are not
set, the value in the session variable will be used by default.
+The value to set for the specified key.
-### Example
+## Example
1. Modify the maximum number of user jack connections to 1000
@@ -104,9 +106,23 @@ Super user privileges:
SET PROPERTY FOR 'jack' 'query_timeout' = '500';
```
-### Keywords
+8. Set the default workload group for user 'jack':
+
+ ```sql
+ SET PROPERTY FOR 'jack' 'default_workload_group' = 'group1';
+ ```
+
+9. Set the default compute group for user 'jack':
+
+ ```sql
+ SET PROPERTY FOR 'jack' 'default_compute_group' = 'compute_group1';
+ ```
+
+## Related Commands
- SET, PROPERTY
+- [CREATE USER](./CREATE-USER.md)
+- [SHOW PROPERTY](../Show-Statements/SHOW-PROPERTY.md)
-### Best Practice
+## Keywords
+ SET, PROPERTY, COMPUTE GROUP, WORKLOAD GROUP
diff --git
a/versioned_docs/version-3.0/sql-manual/sql-statements/Utility-Statements/USE.md
b/versioned_docs/version-3.0/sql-manual/sql-statements/Database-Administration-Statements/SET-DEFAULT-STORAGE-VAULT.md
similarity index 54%
copy from
versioned_docs/version-3.0/sql-manual/sql-statements/Utility-Statements/USE.md
copy to
versioned_docs/version-3.0/sql-manual/sql-statements/Database-Administration-Statements/SET-DEFAULT-STORAGE-VAULT.md
index 622de04a36..85ecbb3766 100644
---
a/versioned_docs/version-3.0/sql-manual/sql-statements/Utility-Statements/USE.md
+++
b/versioned_docs/version-3.0/sql-manual/sql-statements/Database-Administration-Statements/SET-DEFAULT-STORAGE-VAULT.md
@@ -1,6 +1,6 @@
---
{
- "title": "USE",
+ "title": "SET-DEFAULT-STORAGE-VAULT",
"language": "en"
}
---
@@ -24,43 +24,30 @@ specific language governing permissions and limitations
under the License.
-->
-## USE
+## Description
-### Name
+This statement is used to set the default storage vault in Doris. The default
storage vault is used to store data for internal or system tables. If the
default storage vault is not set, Doris will not function properly. Once the
default storage vault is set, it cannot be removed.
-USE
+## Syntax
-### Description
-
-The USE command allows us to use the database
-
-grammar:
-
-```SQL
-USE <[CATALOG_NAME].DATABASE_NAME>
+```sql
+SET vault_name DEFAULT STORAGE VAULT
```
-illustrate:
-1. `USE CATALOG_NAME.DATABASE_NAME` will switch the current catalog into
`CATALOG_NAME` and then change the current database into `DATABASE_NAME`
-
-### Example
-
-1. If the demo database exists in current catalog, try accessing it:
+> Note:
+>
+> 1. Only ADMIN users can set the default storage vault.
- ```sql
- mysql> use demo;
- Database changed
- ```
-2. If the demo database exists in catalog hms_catalog, try switching the
catalog and accessing it:
+## Example
- ```sql
- mysql> use hms_catalog.demo;
- Database changed
- ```
+1. Set the storage vault named 's3_vault' as the default storage vault.
-### Keywords
+ ```sql
+ SET s3_vault AS DEFAULT STORAGE VAULT;
+ ```
- USE
+## Related Commands
-### Best Practice
+## Keywords
+ SET, DEFAULT, STORAGE, VAULT
\ No newline at end of file
diff --git
a/versioned_docs/version-3.0/sql-manual/sql-statements/Show-Statements/SHOW-COMPUTE-GROUPS.md
b/versioned_docs/version-3.0/sql-manual/sql-statements/Show-Statements/SHOW-COMPUTE-GROUPS.md
new file mode 100644
index 0000000000..680b24742f
--- /dev/null
+++
b/versioned_docs/version-3.0/sql-manual/sql-statements/Show-Statements/SHOW-COMPUTE-GROUPS.md
@@ -0,0 +1,58 @@
+---
+{
+ "title": "SHOW COMPUTE GROUPS",
+ "language": "en"
+}
+---
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+## Description
+
+The SHOW COMPUTE GROUPS command is used to display information about all
configured compute groups in the system. Compute groups are logical units used
to manage and organize computational resources, helping users allocate and
utilize system resources more effectively.
+
+This command assists administrators and users in quickly understanding the
existing compute group configurations in the system, including the name,
attributes, and other relevant information for each compute group. This is
particularly useful for resource management, performance optimization, and
system monitoring.
+
+## Syntax
+
+```sql
+ SHOW COMPUTE GROUPS
+```
+
+
+## Return Values
+
+This command returns a result set containing the following columns:
+
+- `Name`: The name of the compute group.
+- `IsCurrent`: Indicates whether it is the current working compute group.
+- `Users`: Displays the list of users who have permission to use this compute
group.
+- `BackendNum`: Shows the number of backends (compute nodes) currently
allocated to this compute group.
+
+## Related Commands
+
+- [ALTER SYSTEM ADD
BACKEND](../Administration-Statements/ALTER-SYSTEM-ADD-BACKEND.md)
+- [GRANT](../Account-Management-Statements/GRANT.md)
+- [REVOKE](../Account-Management-Statements/REVOKE.md)
+- [SET DEFAULT COMPUTE
GROUP](../Administration-Statements/SET-DEFAULT-COMPUTE-GROUP.md)
+
+## Keywords
+
+ SHOW, COMPUTE GROUPS
diff --git
a/versioned_docs/version-3.0/sql-manual/sql-statements/Show-Statements/SHOW-STORAGE-VAULTS.md
b/versioned_docs/version-3.0/sql-manual/sql-statements/Show-Statements/SHOW-STORAGE-VAULTS.md
new file mode 100644
index 0000000000..7676d8f4e6
--- /dev/null
+++
b/versioned_docs/version-3.0/sql-manual/sql-statements/Show-Statements/SHOW-STORAGE-VAULTS.md
@@ -0,0 +1,55 @@
+---
+{
+ "title": "SHOW STORAGE VAULTS",
+ "language": "en"
+}
+---
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+## Description
+
+The SHOW STORAGE VAULTS command is used to display information about all
storage vaults configured in the system. Storage vaults are used to manage
external storage locations for data.
+
+## Syntax
+
+```sql
+ SHOW STORAGE VAULTS
+```
+
+## Return Values
+
+This command returns a result set with the following columns:
+
+- `StorageVaultName`: The name of the storage vault.
+- `StorageVaultId`: The id of the storage vault.
+- `Properties`: A JSON string containing the configuration properties of the
vault.
+- `IsDefault`: Indicates whether this vault is set as the default (TRUE or
FALSE).
+
+## Related Commands
+
+- [CREATE STORAGE VAULT](../Data-Definition-Statements/CREATE-STORAGE-VAULT.md)
+- [GRANT](../Account-Management-Statements/GRANT.md)
+- [REVOKE](../Account-Management-Statements/REVOKE.md)
+- [SET DEFAULT STORAGE
VAULT](../Data-Definition-Statements/SET-DEFAULT-STORAGE-VAULT.md)
+
+## Keywords
+
+ SHOW, STORAGE VAULTS
diff --git
a/versioned_docs/version-3.0/sql-manual/sql-statements/Utility-Statements/USE.md
b/versioned_docs/version-3.0/sql-manual/sql-statements/Utility-Statements/USE.md
index 622de04a36..391a042cab 100644
---
a/versioned_docs/version-3.0/sql-manual/sql-statements/Utility-Statements/USE.md
+++
b/versioned_docs/version-3.0/sql-manual/sql-statements/Utility-Statements/USE.md
@@ -24,26 +24,17 @@ specific language governing permissions and limitations
under the License.
-->
-## USE
+## Description
-### Name
+The USE command allows us to switch to a specific database or compute group in
your SQL environment.
-USE
-
-### Description
-
-The USE command allows us to use the database
-
-grammar:
+## Syntax
```SQL
-USE <[CATALOG_NAME].DATABASE_NAME>
+USE { [catalog_name.]database_name[@compute_group_name] | @compute_group_name }
```
-illustrate:
-1. `USE CATALOG_NAME.DATABASE_NAME` will switch the current catalog into
`CATALOG_NAME` and then change the current database into `DATABASE_NAME`
-
-### Example
+## Example
1. If the demo database exists in current catalog, try accessing it:
@@ -58,9 +49,24 @@ illustrate:
Database changed
```
-### Keywords
+3. If the demo database exists in current catalog and you want to use the
compute group named 'cg1', try accessing it:
+
+ ```sql
+ mysql> use demo@cg1;
+ Database changed
+ ```
+
+4. If you want to use only the compute group named 'cg1', try accessing it:
+
+ ```sql
+ mysql> use @cg1;
+ Database changed
+ ```
+
+## Relate Commands
+
+## Keywords
- USE
+ USE, DATABASE, USER, COMPUTE GROUP
-### Best Practice
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org
For additional commands, e-mail: commits-h...@doris.apache.org
