Skip to content

add SET ROLE document #3358

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 7 commits into from
May 27, 2020
Merged

add SET ROLE document #3358

Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
8fd3965
add set role document
May 27, 2020
848d072
Update sql-statements/sql-statement-add-set-role.md
yikeke May 27, 2020
1d454c9
rename
May 27, 2020
f40e66f
Merge branch 'docs-special-week' into add_set_role
yikeke May 27, 2020
d761eaf
Update sql-statements/sql-statement-set-role.md
yikeke May 27, 2020
3051900
Merge branch 'docs-special-week' into add_set_role
yikeke May 27, 2020
25d907b
Merge branch 'docs-special-week' into add_set_role
sre-bot May 27, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
113 changes: 113 additions & 0 deletions sql-statements/sql-statement-set-role.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,113 @@
---
title: SET ROLE
summary: TiDB 数据库中 SET ROLE 的使用概况。
category: reference
---

# SET ROLE

`SET ROLE` 用于在当前用户会话中启用角色。使用 `SET ROLE` 启用角色后,用户可以使用这些角色的权限。

## 语法图

**SetRoleStmt:**

![SetRoleStmt](/media/sqlgram/SetRoleStmt.png)

**SetRoleOpt:**

![SetRoleOpt](/media/sqlgram/SetRoleOpt.png)

**SetDefaultRoleOpt:**

![SetDefaultRoleOpt](/media/sqlgram/SetDefaultRoleOpt.png)

## 示例

创建一个用户 `'u1'@'%'`, 创建三个角色 `'r1'@'%'`, `'r2'@'%'`, `'r3'@'%'` 并将这些角色授予给 `'u1'@'%'`。
将 `'u1'@'%'` 的默认启用角色设置为 `'r1'@'%'`。

{{< copyable "sql" >}}

```sql
CREATE USER 'u1'@'%';
CREATE ROLE 'r1', 'r2', 'r3';
GRANT 'r1', 'r2', 'r3' TO 'u1'@'%';
SET DEFAULT ROLE 'r1' TO 'u1'@'%';
```

使用 `'u1'@'%'` 登录,执行 `SET ROLE` 将启用角色设置为 `ALL`。

{{< copyable "sql" >}}

```sql
SET ROLE ALL;
SELECT CURRENT_ROLE();
```

```
+----------------------------+
| CURRENT_ROLE() |
+----------------------------+
| `r1`@`%`,`r2`@`%`,`r3`@`%` |
+----------------------------+
1 row in set (0.000 sec)
```

执行 `SET ROLE` 将启用角色设置为 `'r2'` 和 `'r3'`。

{{< copyable "sql" >}}

```sql
SET ROLE 'r2', 'r3';
SELECT CURRENT_ROLE();
```

```
+-------------------+
| CURRENT_ROLE() |
+-------------------+
| `r2`@`%`,`r3`@`%` |
+-------------------+
1 row in set (0.000 sec)
```

执行 `SET ROLE` 将启用角色设置为 `DEFALUT`。

{{< copyable "sql" >}}

```sql
SET ROLE DEFAULT;
SELECT CURRENT_ROLE();
```

```
+----------------+
| CURRENT_ROLE() |
+----------------+
| `r1`@`%` |
+----------------+
1 row in set (0.000 sec)
```

执行 `SET ROLE` 将启用角色设置为 `NONE`。

{{< copyable "sql" >}}

```sql
SET ROLE NONE;
SELECT CURRENT_ROLE();
```

```
+----------------+
| CURRENT_ROLE() |
+----------------+
| |
+----------------+
1 row in set (0.000 sec)
```

## 另请参阅

* [基于角色的访问控制](/role-based-access-control.md)