diff --git a/TOC.md b/TOC.md index ea6ecc92f42e..35ec29289892 100644 --- a/TOC.md +++ b/TOC.md @@ -189,6 +189,7 @@ - [`SELECT`](/sql-statements/sql-statement-select.md) - [`SET [NAMES|CHARACTER SET]`](/sql-statements/sql-statement-set-names.md) - [`SET PASSWORD`](/sql-statements/sql-statement-set-password.md) + - [`SET ROLE`](/sql-statements/sql-statement-set-role.md) - [`SET TRANSACTION`](/sql-statements/sql-statement-set-transaction.md) - [`SET [GLOBAL|SESSION] `](/sql-statements/sql-statement-set-variable.md) - [`SHOW CHARACTER SET`](/sql-statements/sql-statement-show-character-set.md) diff --git a/media/sqlgram/SetDefaultRoleOpt.png b/media/sqlgram/SetDefaultRoleOpt.png new file mode 100644 index 000000000000..02cb81cb85de Binary files /dev/null and b/media/sqlgram/SetDefaultRoleOpt.png differ diff --git a/media/sqlgram/SetRoleOpt.png b/media/sqlgram/SetRoleOpt.png new file mode 100644 index 000000000000..96fd1e018e27 Binary files /dev/null and b/media/sqlgram/SetRoleOpt.png differ diff --git a/media/sqlgram/SetRoleStmt.png b/media/sqlgram/SetRoleStmt.png new file mode 100644 index 000000000000..a2ddc8533858 Binary files /dev/null and b/media/sqlgram/SetRoleStmt.png differ diff --git a/sql-statements/sql-statement-set-role.md b/sql-statements/sql-statement-set-role.md new file mode 100644 index 000000000000..860d0c55d79b --- /dev/null +++ b/sql-statements/sql-statement-set-role.md @@ -0,0 +1,113 @@ +--- +title: SET ROLE +summary: TiDB 数据库中 SET ROLE 的使用概况。 +category: reference +--- + +# SET ROLE + +`SET ROLE` 用于在当前用户会话中启用角色。使用 `SET ROLE` 启用角色后,用户可以使用这些角色的权限。 + +## 语法图 + +**SetRoleStmt:** + +![SetRoleStmt](/media/sqlgram/SetRoleStmt.png) + +**SetRoleOpt:** + +![SetRoleOpt](/media/sqlgram/SetRoleOpt.png) + +**SetDefaultRoleOpt:** + +![SetDefaultRoleOpt](/media/sqlgram/SetDefaultRoleOpt.png) + +## 示例 + +创建一个用户 `'u1'@'%'`, 创建三个角色 `'r1'@'%'`, `'r2'@'%'`, `'r3'@'%'` 并将这些角色授予给 `'u1'@'%'`。 +将 `'u1'@'%'` 的默认启用角色设置为 `'r1'@'%'`。 + +{{< copyable "sql" >}} + +```sql +CREATE USER 'u1'@'%'; +CREATE ROLE 'r1', 'r2', 'r3'; +GRANT 'r1', 'r2', 'r3' TO 'u1'@'%'; +SET DEFAULT ROLE 'r1' TO 'u1'@'%'; +``` + +使用 `'u1'@'%'` 登录,执行 `SET ROLE` 将启用角色设置为 `ALL`。 + +{{< copyable "sql" >}} + +```sql +SET ROLE ALL; +SELECT CURRENT_ROLE(); +``` + +``` ++----------------------------+ +| CURRENT_ROLE() | ++----------------------------+ +| `r1`@`%`,`r2`@`%`,`r3`@`%` | ++----------------------------+ +1 row in set (0.000 sec) +``` + +执行 `SET ROLE` 将启用角色设置为 `'r2'` 和 `'r3'`。 + +{{< copyable "sql" >}} + +```sql +SET ROLE 'r2', 'r3'; +SELECT CURRENT_ROLE(); +``` + +``` ++-------------------+ +| CURRENT_ROLE() | ++-------------------+ +| `r2`@`%`,`r3`@`%` | ++-------------------+ +1 row in set (0.000 sec) +``` + +执行 `SET ROLE` 将启用角色设置为 `DEFALUT`。 + +{{< copyable "sql" >}} + +```sql +SET ROLE DEFAULT; +SELECT CURRENT_ROLE(); +``` + +``` ++----------------+ +| CURRENT_ROLE() | ++----------------+ +| `r1`@`%` | ++----------------+ +1 row in set (0.000 sec) +``` + +执行 `SET ROLE` 将启用角色设置为 `NONE`。 + +{{< copyable "sql" >}} + +```sql +SET ROLE NONE; +SELECT CURRENT_ROLE(); +``` + +``` ++----------------+ +| CURRENT_ROLE() | ++----------------+ +| | ++----------------+ +1 row in set (0.000 sec) +``` + +## 另请参阅 + +* [基于角色的访问控制](/role-based-access-control.md)