From 6349d19905e8bafcc1b3510766838b6a714d4b3a Mon Sep 17 00:00:00 2001 From: cbcwestwolf <1004626265@qq.com> Date: Mon, 22 Jul 2024 13:59:19 +0800 Subject: [PATCH 01/14] tidb: add explanation for the fields in `mysql.user` --- mysql-schema.md | 74 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) diff --git a/mysql-schema.md b/mysql-schema.md index 95be0fc1bc10b..ecee2e1b15806 100644 --- a/mysql-schema.md +++ b/mysql-schema.md @@ -22,6 +22,80 @@ These system tables contain grant information about user accounts and their priv - `global_priv`: the authentication information based on certificates - `role_edges`: the relationship between roles +### `mysql.user` + +`mysql.user` is a frequently used system table. You can display the columns of `mysql.user` by: + +```sql +desc mysql.user; +``` + +``` ++------------------------+----------------------+------+-----+-------------------+-------+ +| Field | Type | Null | Key | Default | Extra | ++------------------------+----------------------+------+-----+-------------------+-------+ +| Host | char(255) | NO | PRI | | | +| User | char(32) | NO | PRI | | | +| authentication_string | text | YES | | | | +| plugin | char(64) | YES | | | | +| Select_priv | enum('N','Y') | NO | | N | | +| Insert_priv | enum('N','Y') | NO | | N | | +| Update_priv | enum('N','Y') | NO | | N | | +| Delete_priv | enum('N','Y') | NO | | N | | +| Create_priv | enum('N','Y') | NO | | N | | +| Drop_priv | enum('N','Y') | NO | | N | | +| Process_priv | enum('N','Y') | NO | | N | | +| Grant_priv | enum('N','Y') | NO | | N | | +| References_priv | enum('N','Y') | NO | | N | | +| Alter_priv | enum('N','Y') | NO | | N | | +| Show_db_priv | enum('N','Y') | NO | | N | | +| Super_priv | enum('N','Y') | NO | | N | | +| Create_tmp_table_priv | enum('N','Y') | NO | | N | | +| Lock_tables_priv | enum('N','Y') | NO | | N | | +| Execute_priv | enum('N','Y') | NO | | N | | +| Create_view_priv | enum('N','Y') | NO | | N | | +| Show_view_priv | enum('N','Y') | NO | | N | | +| Create_routine_priv | enum('N','Y') | NO | | N | | +| Alter_routine_priv | enum('N','Y') | NO | | N | | +| Index_priv | enum('N','Y') | NO | | N | | +| Create_user_priv | enum('N','Y') | NO | | N | | +| Event_priv | enum('N','Y') | NO | | N | | +| Repl_slave_priv | enum('N','Y') | NO | | N | | +| Repl_client_priv | enum('N','Y') | NO | | N | | +| Trigger_priv | enum('N','Y') | NO | | N | | +| Create_role_priv | enum('N','Y') | NO | | N | | +| Drop_role_priv | enum('N','Y') | NO | | N | | +| Account_locked | enum('N','Y') | NO | | N | | +| Shutdown_priv | enum('N','Y') | NO | | N | | +| Reload_priv | enum('N','Y') | NO | | N | | +| FILE_priv | enum('N','Y') | NO | | N | | +| Config_priv | enum('N','Y') | NO | | N | | +| Create_Tablespace_Priv | enum('N','Y') | NO | | N | | +| Password_reuse_history | smallint(5) unsigned | YES | | | | +| Password_reuse_time | smallint(5) unsigned | YES | | | | +| User_attributes | json | YES | | | | +| Token_issuer | varchar(255) | YES | | | | +| Password_expired | enum('N','Y') | NO | | N | | +| Password_last_changed | timestamp | YES | | CURRENT_TIMESTAMP | | +| Password_lifetime | smallint(5) unsigned | YES | | | | ++------------------------+----------------------+------+-----+-------------------+-------+ +44 rows in set +``` + +There are several types of columns in `mysql.user`: + +* Scope: + * `Host` and `User` are used to specify a TiDB account +* Privilege: + * From `Select_priv` to `Drop_role_priv`, and from `Shutdown_priv` to `Create_Tablespace_Priv`: see [privileges required for TiDB operations](/privilege-management.md#privileges-required-for-tidb-operations) +* Security + * `authentication_string` and `plugin`: `authentication_string` records credentials for the accounts. Credentials are interpreted using the authentication plugin named in the `plugin` column. + * `Account_locked` records the account locking state. + * `Password_reuse_history` and `Password_reuse_time` are used for [password reuse policy](/password-management.md#password-reuse-policy) + * `User_attributes` provides information about user comments and user attributes + * `Token_issuer` is used for [`tidb_auth_token`](/security-compatibility-with-mysql.md#tidb_auth_token) + * `Password_expired`, `Password_last_changed` and `Password_lifetime` are used for [password expiration policy](/password-management.md#password-expiration-policy) + ## Cluster status system tables * The `tidb` table contains some global information about TiDB: From dbe3a4325c9845561634aac0aac0397398890b01 Mon Sep 17 00:00:00 2001 From: CbcWestwolf <1004626265@qq.com> Date: Mon, 22 Jul 2024 14:22:29 +0800 Subject: [PATCH 02/14] Update mysql-schema.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Daniël van Eeden --- mysql-schema.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mysql-schema.md b/mysql-schema.md index ecee2e1b15806..0a354fd4051df 100644 --- a/mysql-schema.md +++ b/mysql-schema.md @@ -27,7 +27,7 @@ These system tables contain grant information about user accounts and their priv `mysql.user` is a frequently used system table. You can display the columns of `mysql.user` by: ```sql -desc mysql.user; +DESC mysql.user; ``` ``` From edd1b272a76d2190e7eec49240ada7a1f292ccd3 Mon Sep 17 00:00:00 2001 From: cbcwestwolf <1004626265@qq.com> Date: Mon, 22 Jul 2024 14:27:52 +0800 Subject: [PATCH 03/14] create `mysql-schema` dir --- TOC-tidb-cloud.md | 3 +- TOC.md | 3 +- faq/manage-cluster-faq.md | 2 +- mysql-schema.md | 199 ------------------------------ mysql-schema/mysql-schema-user.md | 78 ++++++++++++ mysql-schema/mysql-schema.md | 125 +++++++++++++++++++ releases/release-7.6.0.md | 2 +- statistics.md | 6 +- tidb-resource-control.md | 2 +- 9 files changed, 213 insertions(+), 207 deletions(-) delete mode 100644 mysql-schema.md create mode 100644 mysql-schema/mysql-schema-user.md create mode 100644 mysql-schema/mysql-schema.md diff --git a/TOC-tidb-cloud.md b/TOC-tidb-cloud.md index a96295ca335fa..0d26f26daec0f 100644 --- a/TOC-tidb-cloud.md +++ b/TOC-tidb-cloud.md @@ -572,7 +572,8 @@ - [Use the `tidb_snapshot` System Variable](/read-historical-data.md) - [Placement Rules in SQL](/placement-rules-in-sql.md) - System Tables - - [`mysql`](/mysql-schema.md) + - [Overview](/mysql-schema/mysql-schema.md) + - [`user`](/mysql-schema/mysql-schema-user.md) - INFORMATION_SCHEMA - [Overview](/information-schema/information-schema.md) - [`ANALYZE_STATUS`](/information-schema/information-schema-analyze-status.md) diff --git a/TOC.md b/TOC.md index 2c7a17ca3dc8e..b0ec61e514e33 100644 --- a/TOC.md +++ b/TOC.md @@ -947,7 +947,8 @@ - [GBK](/character-set-gbk.md) - [Placement Rules in SQL](/placement-rules-in-sql.md) - System Tables - - [`mysql`](/mysql-schema.md) + - [Overview](/mysql-schema/mysql-schema.md) + - [`user`](/mysql-schema/mysql-schema-user.md) - INFORMATION_SCHEMA - [Overview](/information-schema/information-schema.md) - [`ANALYZE_STATUS`](/information-schema/information-schema-analyze-status.md) diff --git a/faq/manage-cluster-faq.md b/faq/manage-cluster-faq.md index aa4147e8483f6..30e4120e9b4de 100644 --- a/faq/manage-cluster-faq.md +++ b/faq/manage-cluster-faq.md @@ -29,7 +29,7 @@ TiKV data is located in the [`--data-dir`](/command-line-flags-for-tikv-configur ### What are the system tables in TiDB? -Similar to MySQL, TiDB includes system tables as well, used to store the information required by the server when it runs. See [TiDB system table](/mysql-schema.md). +Similar to MySQL, TiDB includes system tables as well, used to store the information required by the server when it runs. See [TiDB system table](/mysql-schema/mysql-schema.md). ### Where are the TiDB/PD/TiKV logs? diff --git a/mysql-schema.md b/mysql-schema.md deleted file mode 100644 index 0a354fd4051df..0000000000000 --- a/mysql-schema.md +++ /dev/null @@ -1,199 +0,0 @@ ---- -title: mysql Schema -summary: Learn about the TiDB system tables. -aliases: ['/docs/dev/system-tables/system-table-overview/','/docs/dev/reference/system-databases/mysql/','/tidb/dev/system-table-overview/'] ---- - -# `mysql` Schema - -The `mysql` schema contains TiDB system tables. The design is similar to the `mysql` schema in MySQL, where tables such as `mysql.user` can be edited directly. It also contains a number of tables which are extensions to MySQL. - -## Grant system tables - -These system tables contain grant information about user accounts and their privileges: - -- `user`: user accounts, global privileges, and other non-privilege columns -- `db`: database-level privileges -- `tables_priv`: table-level privileges -- `columns_priv`: column-level privileges -- `password_history`: password change history -- `default_roles`: the default roles for a user -- `global_grants`: dynamic privileges -- `global_priv`: the authentication information based on certificates -- `role_edges`: the relationship between roles - -### `mysql.user` - -`mysql.user` is a frequently used system table. You can display the columns of `mysql.user` by: - -```sql -DESC mysql.user; -``` - -``` -+------------------------+----------------------+------+-----+-------------------+-------+ -| Field | Type | Null | Key | Default | Extra | -+------------------------+----------------------+------+-----+-------------------+-------+ -| Host | char(255) | NO | PRI | | | -| User | char(32) | NO | PRI | | | -| authentication_string | text | YES | | | | -| plugin | char(64) | YES | | | | -| Select_priv | enum('N','Y') | NO | | N | | -| Insert_priv | enum('N','Y') | NO | | N | | -| Update_priv | enum('N','Y') | NO | | N | | -| Delete_priv | enum('N','Y') | NO | | N | | -| Create_priv | enum('N','Y') | NO | | N | | -| Drop_priv | enum('N','Y') | NO | | N | | -| Process_priv | enum('N','Y') | NO | | N | | -| Grant_priv | enum('N','Y') | NO | | N | | -| References_priv | enum('N','Y') | NO | | N | | -| Alter_priv | enum('N','Y') | NO | | N | | -| Show_db_priv | enum('N','Y') | NO | | N | | -| Super_priv | enum('N','Y') | NO | | N | | -| Create_tmp_table_priv | enum('N','Y') | NO | | N | | -| Lock_tables_priv | enum('N','Y') | NO | | N | | -| Execute_priv | enum('N','Y') | NO | | N | | -| Create_view_priv | enum('N','Y') | NO | | N | | -| Show_view_priv | enum('N','Y') | NO | | N | | -| Create_routine_priv | enum('N','Y') | NO | | N | | -| Alter_routine_priv | enum('N','Y') | NO | | N | | -| Index_priv | enum('N','Y') | NO | | N | | -| Create_user_priv | enum('N','Y') | NO | | N | | -| Event_priv | enum('N','Y') | NO | | N | | -| Repl_slave_priv | enum('N','Y') | NO | | N | | -| Repl_client_priv | enum('N','Y') | NO | | N | | -| Trigger_priv | enum('N','Y') | NO | | N | | -| Create_role_priv | enum('N','Y') | NO | | N | | -| Drop_role_priv | enum('N','Y') | NO | | N | | -| Account_locked | enum('N','Y') | NO | | N | | -| Shutdown_priv | enum('N','Y') | NO | | N | | -| Reload_priv | enum('N','Y') | NO | | N | | -| FILE_priv | enum('N','Y') | NO | | N | | -| Config_priv | enum('N','Y') | NO | | N | | -| Create_Tablespace_Priv | enum('N','Y') | NO | | N | | -| Password_reuse_history | smallint(5) unsigned | YES | | | | -| Password_reuse_time | smallint(5) unsigned | YES | | | | -| User_attributes | json | YES | | | | -| Token_issuer | varchar(255) | YES | | | | -| Password_expired | enum('N','Y') | NO | | N | | -| Password_last_changed | timestamp | YES | | CURRENT_TIMESTAMP | | -| Password_lifetime | smallint(5) unsigned | YES | | | | -+------------------------+----------------------+------+-----+-------------------+-------+ -44 rows in set -``` - -There are several types of columns in `mysql.user`: - -* Scope: - * `Host` and `User` are used to specify a TiDB account -* Privilege: - * From `Select_priv` to `Drop_role_priv`, and from `Shutdown_priv` to `Create_Tablespace_Priv`: see [privileges required for TiDB operations](/privilege-management.md#privileges-required-for-tidb-operations) -* Security - * `authentication_string` and `plugin`: `authentication_string` records credentials for the accounts. Credentials are interpreted using the authentication plugin named in the `plugin` column. - * `Account_locked` records the account locking state. - * `Password_reuse_history` and `Password_reuse_time` are used for [password reuse policy](/password-management.md#password-reuse-policy) - * `User_attributes` provides information about user comments and user attributes - * `Token_issuer` is used for [`tidb_auth_token`](/security-compatibility-with-mysql.md#tidb_auth_token) - * `Password_expired`, `Password_last_changed` and `Password_lifetime` are used for [password expiration policy](/password-management.md#password-expiration-policy) - -## Cluster status system tables - -* The `tidb` table contains some global information about TiDB: - - * `bootstrapped`: whether the TiDB cluster has been initialized. Note that this value is read-only and cannot be modified. - * `tidb_server_version`: the version information of TiDB when it is initialized. Note that this value is read-only and cannot be modified. - * `system_tz`: the system time zone of TiDB. - * `new_collation_enabled`: whether TiDB has enabled the [new framework for collations](/character-set-and-collation.md#new-framework-for-collations). Note that this value is read-only and cannot be modified. - -## Server-side help system tables - -Currently, the `help_topic` is NULL. - -## Statistics system tables - -- `stats_buckets`: the buckets of statistics -- `stats_histograms`: the histograms of statistics -- `stats_top_n`: the TopN of statistics -- `stats_meta`: the meta information of tables, such as the total number of rows and updated rows -- `stats_extended`: extended statistics, such as the order correlation between columns -- `stats_feedback`: the query feedback of statistics -- `stats_fm_sketch`: the FMSketch distribution of the histogram of the statistics column -- `analyze_options`: the default `analyze` options for each table -- `column_stats_usage`: the usage of column statistics -- `schema_index_usage`: the usage of indexes -- `analyze_jobs`: the ongoing statistics collection tasks and the history task records within the last 7 days - -## Execution plan-related system tables - -- `bind_info`: the binding information of execution plans -- `capture_plan_baselines_blacklist`: the blocklist for the automatic binding of the execution plan - -## GC worker system tables - -> **Note:** -> -> The GC worker system tables are only applicable to TiDB Self-Hosted and not available on [TiDB Cloud](https://docs.pingcap.com/tidbcloud/). - -- `gc_delete_range`: the KV range to be deleted -- `gc_delete_range_done`: the deleted KV range - -## System tables related to cached tables - -- `table_cache_meta` stores the metadata of cached tables. - -## TTL related system tables - -* `tidb_ttl_table_status`: the previously executed TTL job and ongoing TTL job for all TTL tables -* `tidb_ttl_task`: the current ongoing TTL subtasks -* `tidb_ttl_job_history`: the execution history of TTL tasks in the last 90 days - -## System tables related to runaway queries - -* `tidb_runaway_queries`: the history records of all identified runaway queries in the past 7 days -* `tidb_runaway_watch`: the watch list of runaway queries -* `tidb_runaway_watch_done`: a watch list of deleted or expired runaway queries - -## System tables related to metadata locks - -* `tidb_mdl_view`: a view of metadata locks. You can use it to view information about the currently blocked DDL statements -* `tidb_mdl_info`: used internally by TiDB to synchronize metadata locks across nodes - -## System tables related to DDL statements - -* `tidb_ddl_history`: the history records of DDL statements -* `tidb_ddl_jobs`: the metadata of DDL statements that are currently being executed by TiDB -* `tidb_ddl_reorg`: the metadata of physical DDL statements (such as adding indexes) that are currently being executed by TiDB - -## System tables related to TiDB Distributed eXecution Framework (DXF) - -* `dist_framework_meta`: the metadata of the Distributed eXecution Framework (DXF) task scheduler -* `tidb_global_task`: the metadata of the current DXF task -* `tidb_global_task_history`: the metadata of the historical DXF tasks, including both succeeded and failed tasks -* `tidb_background_subtask`: the metadata of the current DXF subtask -* `tidb_background_subtask_history`: the metadata of the historical DXF subtasks - -## System tables related to Resource Control - -* `request_unit_by_group`: the history records of consumed resource units (RUs) of all resource groups - -## Miscellaneous system tables - - - -> **Note:** -> -> The `tidb`, `expr_pushdown_blacklist`, `opt_rule_blacklist`, `table_cache_meta`, `tidb_import_jobs`, and `tidb_timers` system tables are only applicable to TiDB Self-Hosted and not available on [TiDB Cloud](https://docs.pingcap.com/tidbcloud/). - -- `GLOBAL_VARIABLES`: global system variable table -- `expr_pushdown_blacklist`: the blocklist for expression pushdown -- `opt_rule_blacklist`: the blocklist for logical optimization rules -- `tidb_import_jobs`: the job information of [`IMPORT INTO`](/sql-statements/sql-statement-import-into.md) -- `tidb_timers`: the metadata of internal timers - - - - - -- `GLOBAL_VARIABLES`: global system variable table - - \ No newline at end of file diff --git a/mysql-schema/mysql-schema-user.md b/mysql-schema/mysql-schema-user.md new file mode 100644 index 0000000000000..797a62c69e09c --- /dev/null +++ b/mysql-schema/mysql-schema-user.md @@ -0,0 +1,78 @@ +--- +title: mysql.user +summary: Learn about the `mysql.user` system table. +--- + +# `mysql.user` + +`mysql.user` is a frequently used system table. You can display the columns of `mysql.user` by: + +```sql +DESC mysql.user; +``` + +``` ++------------------------+----------------------+------+-----+-------------------+-------+ +| Field | Type | Null | Key | Default | Extra | ++------------------------+----------------------+------+-----+-------------------+-------+ +| Host | char(255) | NO | PRI | | | +| User | char(32) | NO | PRI | | | +| authentication_string | text | YES | | | | +| plugin | char(64) | YES | | | | +| Select_priv | enum('N','Y') | NO | | N | | +| Insert_priv | enum('N','Y') | NO | | N | | +| Update_priv | enum('N','Y') | NO | | N | | +| Delete_priv | enum('N','Y') | NO | | N | | +| Create_priv | enum('N','Y') | NO | | N | | +| Drop_priv | enum('N','Y') | NO | | N | | +| Process_priv | enum('N','Y') | NO | | N | | +| Grant_priv | enum('N','Y') | NO | | N | | +| References_priv | enum('N','Y') | NO | | N | | +| Alter_priv | enum('N','Y') | NO | | N | | +| Show_db_priv | enum('N','Y') | NO | | N | | +| Super_priv | enum('N','Y') | NO | | N | | +| Create_tmp_table_priv | enum('N','Y') | NO | | N | | +| Lock_tables_priv | enum('N','Y') | NO | | N | | +| Execute_priv | enum('N','Y') | NO | | N | | +| Create_view_priv | enum('N','Y') | NO | | N | | +| Show_view_priv | enum('N','Y') | NO | | N | | +| Create_routine_priv | enum('N','Y') | NO | | N | | +| Alter_routine_priv | enum('N','Y') | NO | | N | | +| Index_priv | enum('N','Y') | NO | | N | | +| Create_user_priv | enum('N','Y') | NO | | N | | +| Event_priv | enum('N','Y') | NO | | N | | +| Repl_slave_priv | enum('N','Y') | NO | | N | | +| Repl_client_priv | enum('N','Y') | NO | | N | | +| Trigger_priv | enum('N','Y') | NO | | N | | +| Create_role_priv | enum('N','Y') | NO | | N | | +| Drop_role_priv | enum('N','Y') | NO | | N | | +| Account_locked | enum('N','Y') | NO | | N | | +| Shutdown_priv | enum('N','Y') | NO | | N | | +| Reload_priv | enum('N','Y') | NO | | N | | +| FILE_priv | enum('N','Y') | NO | | N | | +| Config_priv | enum('N','Y') | NO | | N | | +| Create_Tablespace_Priv | enum('N','Y') | NO | | N | | +| Password_reuse_history | smallint(5) unsigned | YES | | | | +| Password_reuse_time | smallint(5) unsigned | YES | | | | +| User_attributes | json | YES | | | | +| Token_issuer | varchar(255) | YES | | | | +| Password_expired | enum('N','Y') | NO | | N | | +| Password_last_changed | timestamp | YES | | CURRENT_TIMESTAMP | | +| Password_lifetime | smallint(5) unsigned | YES | | | | ++------------------------+----------------------+------+-----+-------------------+-------+ +44 rows in set +``` + +There are several types of columns in `mysql.user`: + +* Scope: + * `Host` and `User` are used to specify a TiDB account +* Privilege: + * From `Select_priv` to `Drop_role_priv`, and from `Shutdown_priv` to `Create_Tablespace_Priv`: see [privileges required for TiDB operations](/privilege-management.md#privileges-required-for-tidb-operations) +* Security + * `authentication_string` and `plugin`: `authentication_string` records credentials for the accounts. Credentials are interpreted using the authentication plugin named in the `plugin` column. + * `Account_locked` records the account locking state. + * `Password_reuse_history` and `Password_reuse_time` are used for [password reuse policy](/password-management.md#password-reuse-policy) + * `User_attributes` provides information about user comments and user attributes + * `Token_issuer` is used for [`tidb_auth_token`](/security-compatibility-with-mysql.md#tidb_auth_token) + * `Password_expired`, `Password_last_changed` and `Password_lifetime` are used for [password expiration policy](/password-management.md#password-expiration-policy) diff --git a/mysql-schema/mysql-schema.md b/mysql-schema/mysql-schema.md new file mode 100644 index 0000000000000..e3382556af7d3 --- /dev/null +++ b/mysql-schema/mysql-schema.md @@ -0,0 +1,125 @@ +--- +title: mysql Schema +summary: Learn about the TiDB system tables. +aliases: ['/docs/dev/system-tables/system-table-overview/','/docs/dev/reference/system-databases/mysql/','/tidb/dev/system-table-overview/'] +--- + +# `mysql` Schema + +The `mysql` schema contains TiDB system tables. The design is similar to the `mysql` schema in MySQL, where tables such as `mysql.user` can be edited directly. It also contains a number of tables which are extensions to MySQL. + +## Grant system tables + +These system tables contain grant information about user accounts and their privileges: + +- [`user`](/mysql-schema/mysql-schema-user.md): user accounts, global privileges, and other non-privilege columns +- `db`: database-level privileges +- `tables_priv`: table-level privileges +- `columns_priv`: column-level privileges +- `password_history`: password change history +- `default_roles`: the default roles for a user +- `global_grants`: dynamic privileges +- `global_priv`: the authentication information based on certificates +- `role_edges`: the relationship between roles + +## Cluster status system tables + +* The `tidb` table contains some global information about TiDB: + + * `bootstrapped`: whether the TiDB cluster has been initialized. Note that this value is read-only and cannot be modified. + * `tidb_server_version`: the version information of TiDB when it is initialized. Note that this value is read-only and cannot be modified. + * `system_tz`: the system time zone of TiDB. + * `new_collation_enabled`: whether TiDB has enabled the [new framework for collations](/character-set-and-collation.md#new-framework-for-collations). Note that this value is read-only and cannot be modified. + +## Server-side help system tables + +Currently, the `help_topic` is NULL. + +## Statistics system tables + +- `stats_buckets`: the buckets of statistics +- `stats_histograms`: the histograms of statistics +- `stats_top_n`: the TopN of statistics +- `stats_meta`: the meta information of tables, such as the total number of rows and updated rows +- `stats_extended`: extended statistics, such as the order correlation between columns +- `stats_feedback`: the query feedback of statistics +- `stats_fm_sketch`: the FMSketch distribution of the histogram of the statistics column +- `analyze_options`: the default `analyze` options for each table +- `column_stats_usage`: the usage of column statistics +- `schema_index_usage`: the usage of indexes +- `analyze_jobs`: the ongoing statistics collection tasks and the history task records within the last 7 days + +## Execution plan-related system tables + +- `bind_info`: the binding information of execution plans +- `capture_plan_baselines_blacklist`: the blocklist for the automatic binding of the execution plan + +## GC worker system tables + +> **Note:** +> +> The GC worker system tables are only applicable to TiDB Self-Hosted and not available on [TiDB Cloud](https://docs.pingcap.com/tidbcloud/). + +- `gc_delete_range`: the KV range to be deleted +- `gc_delete_range_done`: the deleted KV range + +## System tables related to cached tables + +- `table_cache_meta` stores the metadata of cached tables. + +## TTL related system tables + +* `tidb_ttl_table_status`: the previously executed TTL job and ongoing TTL job for all TTL tables +* `tidb_ttl_task`: the current ongoing TTL subtasks +* `tidb_ttl_job_history`: the execution history of TTL tasks in the last 90 days + +## System tables related to runaway queries + +* `tidb_runaway_queries`: the history records of all identified runaway queries in the past 7 days +* `tidb_runaway_watch`: the watch list of runaway queries +* `tidb_runaway_watch_done`: a watch list of deleted or expired runaway queries + +## System tables related to metadata locks + +* `tidb_mdl_view`: a view of metadata locks. You can use it to view information about the currently blocked DDL statements +* `tidb_mdl_info`: used internally by TiDB to synchronize metadata locks across nodes + +## System tables related to DDL statements + +* `tidb_ddl_history`: the history records of DDL statements +* `tidb_ddl_jobs`: the metadata of DDL statements that are currently being executed by TiDB +* `tidb_ddl_reorg`: the metadata of physical DDL statements (such as adding indexes) that are currently being executed by TiDB + +## System tables related to TiDB Distributed eXecution Framework (DXF) + +* `dist_framework_meta`: the metadata of the Distributed eXecution Framework (DXF) task scheduler +* `tidb_global_task`: the metadata of the current DXF task +* `tidb_global_task_history`: the metadata of the historical DXF tasks, including both succeeded and failed tasks +* `tidb_background_subtask`: the metadata of the current DXF subtask +* `tidb_background_subtask_history`: the metadata of the historical DXF subtasks + +## System tables related to Resource Control + +* `request_unit_by_group`: the history records of consumed resource units (RUs) of all resource groups + +## Miscellaneous system tables + + + +> **Note:** +> +> The `tidb`, `expr_pushdown_blacklist`, `opt_rule_blacklist`, `table_cache_meta`, `tidb_import_jobs`, and `tidb_timers` system tables are only applicable to TiDB Self-Hosted and not available on [TiDB Cloud](https://docs.pingcap.com/tidbcloud/). + +- `GLOBAL_VARIABLES`: global system variable table +- `expr_pushdown_blacklist`: the blocklist for expression pushdown +- `opt_rule_blacklist`: the blocklist for logical optimization rules +- `tidb_import_jobs`: the job information of [`IMPORT INTO`](/sql-statements/sql-statement-import-into.md) +- `tidb_timers`: the metadata of internal timers + + + + + +- `GLOBAL_VARIABLES`: global system variable table + + \ No newline at end of file diff --git a/releases/release-7.6.0.md b/releases/release-7.6.0.md index ad6f0a18eba1c..f3b21d044f6f8 100644 --- a/releases/release-7.6.0.md +++ b/releases/release-7.6.0.md @@ -222,7 +222,7 @@ Quick access: [Quick start](https://docs.pingcap.com/tidb/v7.6/quick-start-with- * [Statement Summary Tables](/statement-summary-tables.md): add the resource group name, RU consumption, and time for waiting for resources. * In the system variable [`tidb_last_query_info`](/system-variables.md#tidb_last_query_info-new-in-v4014), add a new entry `ru_consumption` to indicate the consumed [RU](/tidb-resource-control.md#what-is-request-unit-ru) by SQL statements. You can use this variable to get the resource consumption of the last statement in the session. * Add database metrics based on resource groups: QPS/TPS, execution time (P999/P99/P95), number of failures, and number of connections. - * Add the system table [`request_unit_by_group`](/mysql-schema.md#system-tables-related-to-resource-control) to record the history records of daily consumed RUs of all resource groups. + * Add the system table [`request_unit_by_group`](/mysql-schema/mysql-schema.md#system-tables-related-to-resource-control) to record the history records of daily consumed RUs of all resource groups. For more information, see [Identify Slow Queries](/identify-slow-queries.md), [Statement Summary Tables](/statement-summary-tables.md), and [Key Monitoring Metrics of Resource Control](/grafana-resource-control-dashboard.md). diff --git a/statistics.md b/statistics.md index 618084001b49e..b94055b38bfbe 100644 --- a/statistics.md +++ b/statistics.md @@ -154,13 +154,13 @@ If a table has many columns, collecting statistics on all the columns can cause - After the setting, TiDB writes the `PREDICATE COLUMNS` information to the [`mysql.column_stats_usage`](/mysql-schema.md#statistics-system-tables) system table every 100 * [`stats-lease`](/tidb-configuration-file.md#stats-lease). + After the setting, TiDB writes the `PREDICATE COLUMNS` information to the [`mysql.column_stats_usage`](/mysql-schema/mysql-schema.md#statistics-system-tables) system table every 100 * [`stats-lease`](/tidb-configuration-file.md#stats-lease). - After the setting, TiDB writes the `PREDICATE COLUMNS` information to the [`mysql.column_stats_usage`](/mysql-schema.md#statistics-system-tables) system table every 300 seconds. + After the setting, TiDB writes the `PREDICATE COLUMNS` information to the [`mysql.column_stats_usage`](/mysql-schema/mysql-schema.md#statistics-system-tables) system table every 300 seconds. @@ -174,7 +174,7 @@ If a table has many columns, collecting statistics on all the columns can cause > **Note:** > - > - If the [`mysql.column_stats_usage`](/mysql-schema.md#statistics-system-tables) system table does not contain any `PREDICATE COLUMNS` recorded for that table, the preceding syntax collects statistics on all columns and all indexes in that table. + > - If the [`mysql.column_stats_usage`](/mysql-schema/mysql-schema.md#statistics-system-tables) system table does not contain any `PREDICATE COLUMNS` recorded for that table, the preceding syntax collects statistics on all columns and all indexes in that table. > - Any columns excluded from collection (either by manually listing columns or using `PREDICATE COLUMNS`) will not have their statistics overwritten. When executing a new type of SQL query, the optimizer will use the old statistics for such columns if it exists or pseudo column statistics if columns never had statistics collected. The next ANALYZE using `PREDICATE COLUMNS` will collect the statistics on those columns. - To collect statistics on all columns and indexes, use the following syntax: diff --git a/tidb-resource-control.md b/tidb-resource-control.md index d10922ca1b614..37386328947d9 100644 --- a/tidb-resource-control.md +++ b/tidb-resource-control.md @@ -589,7 +589,7 @@ The system table [`INFORMATION_SCHEMA.statements_summary`](/statement-summary-ta ### View the RU consumption of resource groups -Starting from v7.6.0, TiDB provides the system table [`mysql.request_unit_by_group`](/mysql-schema.md#system-tables-related-to-resource-control) to store the historical records of the RU consumption of each resource group. +Starting from v7.6.0, TiDB provides the system table [`mysql.request_unit_by_group`](/mysql-schema/mysql-schema.md#system-tables-related-to-resource-control) to store the historical records of the RU consumption of each resource group. Example: From f0816ef138de60f196459a8f7808afa359758fe4 Mon Sep 17 00:00:00 2001 From: cbcwestwolf <1004626265@qq.com> Date: Mon, 22 Jul 2024 14:40:33 +0800 Subject: [PATCH 04/14] put a reminder --- mysql-schema/mysql-schema.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/mysql-schema/mysql-schema.md b/mysql-schema/mysql-schema.md index e3382556af7d3..5fac1a8b435c3 100644 --- a/mysql-schema/mysql-schema.md +++ b/mysql-schema/mysql-schema.md @@ -8,6 +8,10 @@ aliases: ['/docs/dev/system-tables/system-table-overview/','/docs/dev/reference/ The `mysql` schema contains TiDB system tables. The design is similar to the `mysql` schema in MySQL, where tables such as `mysql.user` can be edited directly. It also contains a number of tables which are extensions to MySQL. +> **Note:** +> +> In most scenarios, it is not recommended to change system tables directly by `ALTER TABLE`. Instead, the recommended way is to use [`CREATE USER`](/sql-statements/sql-statement-create-user.md)/[`ALTER USER`](/sql-statements/sql-statement-alter-user.md)/ [`DROP USER`](/sql-statements/sql-statement-drop-user.md)/[`GRANT`](/sql-statements/sql-statement-grant-privileges.md)/[`REVOKE`](/sql-statements/sql-statement-revoke-privileges.md) etc. If you still want to alter the system tables directly, [`FLUSH PRIVILEGES`](/sql-statements/sql-statement-flush-privileges.md) is needed to make the change take effect. + ## Grant system tables These system tables contain grant information about user accounts and their privileges: From 696168a205b9ed3f8bea9365f8f81e5455bfb788 Mon Sep 17 00:00:00 2001 From: cbcwestwolf <1004626265@qq.com> Date: Mon, 22 Jul 2024 14:43:31 +0800 Subject: [PATCH 05/14] describe mysql compatibility --- mysql-schema/mysql-schema-user.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/mysql-schema/mysql-schema-user.md b/mysql-schema/mysql-schema-user.md index 797a62c69e09c..2be9252bc3418 100644 --- a/mysql-schema/mysql-schema-user.md +++ b/mysql-schema/mysql-schema-user.md @@ -76,3 +76,5 @@ There are several types of columns in `mysql.user`: * `User_attributes` provides information about user comments and user attributes * `Token_issuer` is used for [`tidb_auth_token`](/security-compatibility-with-mysql.md#tidb_auth_token) * `Password_expired`, `Password_last_changed` and `Password_lifetime` are used for [password expiration policy](/password-management.md#password-expiration-policy) + +Most of the columns above exist in MySQL's `mysql.user`, except `Token_issuer`. \ No newline at end of file From 334e0855dd54b0f00758c7bb6bcea7c62b8a71b9 Mon Sep 17 00:00:00 2001 From: cbcwestwolf <1004626265@qq.com> Date: Mon, 22 Jul 2024 14:46:04 +0800 Subject: [PATCH 06/14] fix --- TOC-tidb-cloud.md | 3 +- TOC.md | 3 +- mysql-schema/mysql-schema-user.md | 102 +++++++++++++++--------------- 3 files changed, 55 insertions(+), 53 deletions(-) diff --git a/TOC-tidb-cloud.md b/TOC-tidb-cloud.md index 0d26f26daec0f..016e7a88278e5 100644 --- a/TOC-tidb-cloud.md +++ b/TOC-tidb-cloud.md @@ -572,7 +572,8 @@ - [Use the `tidb_snapshot` System Variable](/read-historical-data.md) - [Placement Rules in SQL](/placement-rules-in-sql.md) - System Tables - - [Overview](/mysql-schema/mysql-schema.md) + - MYSQL + - [Overview](/mysql-schema/mysql-schema.md) - [`user`](/mysql-schema/mysql-schema-user.md) - INFORMATION_SCHEMA - [Overview](/information-schema/information-schema.md) diff --git a/TOC.md b/TOC.md index b0ec61e514e33..029f4daee193b 100644 --- a/TOC.md +++ b/TOC.md @@ -947,7 +947,8 @@ - [GBK](/character-set-gbk.md) - [Placement Rules in SQL](/placement-rules-in-sql.md) - System Tables - - [Overview](/mysql-schema/mysql-schema.md) + - MYSQL + - [Overview](/mysql-schema/mysql-schema.md) - [`user`](/mysql-schema/mysql-schema-user.md) - INFORMATION_SCHEMA - [Overview](/information-schema/information-schema.md) diff --git a/mysql-schema/mysql-schema-user.md b/mysql-schema/mysql-schema-user.md index 2be9252bc3418..16f2506894032 100644 --- a/mysql-schema/mysql-schema-user.md +++ b/mysql-schema/mysql-schema-user.md @@ -1,6 +1,6 @@ --- -title: mysql.user -summary: Learn about the `mysql.user` system table. +title: mysql_user +summary: Learn about the `user` table in the `mysql` schema. --- # `mysql.user` @@ -12,55 +12,55 @@ DESC mysql.user; ``` ``` -+------------------------+----------------------+------+-----+-------------------+-------+ -| Field | Type | Null | Key | Default | Extra | -+------------------------+----------------------+------+-----+-------------------+-------+ -| Host | char(255) | NO | PRI | | | -| User | char(32) | NO | PRI | | | -| authentication_string | text | YES | | | | -| plugin | char(64) | YES | | | | -| Select_priv | enum('N','Y') | NO | | N | | -| Insert_priv | enum('N','Y') | NO | | N | | -| Update_priv | enum('N','Y') | NO | | N | | -| Delete_priv | enum('N','Y') | NO | | N | | -| Create_priv | enum('N','Y') | NO | | N | | -| Drop_priv | enum('N','Y') | NO | | N | | -| Process_priv | enum('N','Y') | NO | | N | | -| Grant_priv | enum('N','Y') | NO | | N | | -| References_priv | enum('N','Y') | NO | | N | | -| Alter_priv | enum('N','Y') | NO | | N | | -| Show_db_priv | enum('N','Y') | NO | | N | | -| Super_priv | enum('N','Y') | NO | | N | | -| Create_tmp_table_priv | enum('N','Y') | NO | | N | | -| Lock_tables_priv | enum('N','Y') | NO | | N | | -| Execute_priv | enum('N','Y') | NO | | N | | -| Create_view_priv | enum('N','Y') | NO | | N | | -| Show_view_priv | enum('N','Y') | NO | | N | | -| Create_routine_priv | enum('N','Y') | NO | | N | | -| Alter_routine_priv | enum('N','Y') | NO | | N | | -| Index_priv | enum('N','Y') | NO | | N | | -| Create_user_priv | enum('N','Y') | NO | | N | | -| Event_priv | enum('N','Y') | NO | | N | | -| Repl_slave_priv | enum('N','Y') | NO | | N | | -| Repl_client_priv | enum('N','Y') | NO | | N | | -| Trigger_priv | enum('N','Y') | NO | | N | | -| Create_role_priv | enum('N','Y') | NO | | N | | -| Drop_role_priv | enum('N','Y') | NO | | N | | -| Account_locked | enum('N','Y') | NO | | N | | -| Shutdown_priv | enum('N','Y') | NO | | N | | -| Reload_priv | enum('N','Y') | NO | | N | | -| FILE_priv | enum('N','Y') | NO | | N | | -| Config_priv | enum('N','Y') | NO | | N | | -| Create_Tablespace_Priv | enum('N','Y') | NO | | N | | -| Password_reuse_history | smallint(5) unsigned | YES | | | | -| Password_reuse_time | smallint(5) unsigned | YES | | | | -| User_attributes | json | YES | | | | -| Token_issuer | varchar(255) | YES | | | | -| Password_expired | enum('N','Y') | NO | | N | | -| Password_last_changed | timestamp | YES | | CURRENT_TIMESTAMP | | -| Password_lifetime | smallint(5) unsigned | YES | | | | -+------------------------+----------------------+------+-----+-------------------+-------+ -44 rows in set ++------------------------+----------------------+------+------+-------------------+-------+ +| Field | Type | Null | Key | Default | Extra | ++------------------------+----------------------+------+------+-------------------+-------+ +| Host | char(255) | NO | PRI | NULL | | +| User | char(32) | NO | PRI | NULL | | +| authentication_string | text | YES | | NULL | | +| plugin | char(64) | YES | | NULL | | +| Select_priv | enum('N','Y') | NO | | N | | +| Insert_priv | enum('N','Y') | NO | | N | | +| Update_priv | enum('N','Y') | NO | | N | | +| Delete_priv | enum('N','Y') | NO | | N | | +| Create_priv | enum('N','Y') | NO | | N | | +| Drop_priv | enum('N','Y') | NO | | N | | +| Process_priv | enum('N','Y') | NO | | N | | +| Grant_priv | enum('N','Y') | NO | | N | | +| References_priv | enum('N','Y') | NO | | N | | +| Alter_priv | enum('N','Y') | NO | | N | | +| Show_db_priv | enum('N','Y') | NO | | N | | +| Super_priv | enum('N','Y') | NO | | N | | +| Create_tmp_table_priv | enum('N','Y') | NO | | N | | +| Lock_tables_priv | enum('N','Y') | NO | | N | | +| Execute_priv | enum('N','Y') | NO | | N | | +| Create_view_priv | enum('N','Y') | NO | | N | | +| Show_view_priv | enum('N','Y') | NO | | N | | +| Create_routine_priv | enum('N','Y') | NO | | N | | +| Alter_routine_priv | enum('N','Y') | NO | | N | | +| Index_priv | enum('N','Y') | NO | | N | | +| Create_user_priv | enum('N','Y') | NO | | N | | +| Event_priv | enum('N','Y') | NO | | N | | +| Repl_slave_priv | enum('N','Y') | NO | | N | | +| Repl_client_priv | enum('N','Y') | NO | | N | | +| Trigger_priv | enum('N','Y') | NO | | N | | +| Create_role_priv | enum('N','Y') | NO | | N | | +| Drop_role_priv | enum('N','Y') | NO | | N | | +| Account_locked | enum('N','Y') | NO | | N | | +| Shutdown_priv | enum('N','Y') | NO | | N | | +| Reload_priv | enum('N','Y') | NO | | N | | +| FILE_priv | enum('N','Y') | NO | | N | | +| Config_priv | enum('N','Y') | NO | | N | | +| Create_Tablespace_Priv | enum('N','Y') | NO | | N | | +| Password_reuse_history | smallint(5) unsigned | YES | | NULL | | +| Password_reuse_time | smallint(5) unsigned | YES | | NULL | | +| User_attributes | json | YES | | NULL | | +| Token_issuer | varchar(255) | YES | | NULL | | +| Password_expired | enum('N','Y') | NO | | N | | +| Password_last_changed | timestamp | YES | | CURRENT_TIMESTAMP | | +| Password_lifetime | smallint(5) unsigned | YES | | NULL | | ++------------------------+----------------------+------+------+-------------------+-------+ +44 rows in set (0.00 sec) ``` There are several types of columns in `mysql.user`: From 2bc487f207a7b7abcc4f1c399bf835c48938d98d Mon Sep 17 00:00:00 2001 From: CbcWestwolf <1004626265@qq.com> Date: Mon, 22 Jul 2024 15:21:54 +0800 Subject: [PATCH 07/14] Update mysql-schema/mysql-schema.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Daniël van Eeden --- mysql-schema/mysql-schema.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mysql-schema/mysql-schema.md b/mysql-schema/mysql-schema.md index 5fac1a8b435c3..624dff4ff5055 100644 --- a/mysql-schema/mysql-schema.md +++ b/mysql-schema/mysql-schema.md @@ -10,7 +10,7 @@ The `mysql` schema contains TiDB system tables. The design is similar to the `my > **Note:** > -> In most scenarios, it is not recommended to change system tables directly by `ALTER TABLE`. Instead, the recommended way is to use [`CREATE USER`](/sql-statements/sql-statement-create-user.md)/[`ALTER USER`](/sql-statements/sql-statement-alter-user.md)/ [`DROP USER`](/sql-statements/sql-statement-drop-user.md)/[`GRANT`](/sql-statements/sql-statement-grant-privileges.md)/[`REVOKE`](/sql-statements/sql-statement-revoke-privileges.md) etc. If you still want to alter the system tables directly, [`FLUSH PRIVILEGES`](/sql-statements/sql-statement-flush-privileges.md) is needed to make the change take effect. +> In most scenarios, it is not recommended to change the content of system tables directly by using `INSERT`/`UPDATE`/or `DELETE`. Instead, the recommended way is to use [`CREATE USER`](/sql-statements/sql-statement-create-user.md)/[`ALTER USER`](/sql-statements/sql-statement-alter-user.md)/ [`DROP USER`](/sql-statements/sql-statement-drop-user.md)/[`GRANT`](/sql-statements/sql-statement-grant-privileges.md)/[`REVOKE`](/sql-statements/sql-statement-revoke-privileges.md)/[`SHOW CREATE USER`](/sql-statements/sql-statement-show-create-user.md) etc. If you still want to alter the system tables directly, [`FLUSH PRIVILEGES`](/sql-statements/sql-statement-flush-privileges.md) is needed to make the change take effect. ## Grant system tables From d573b8bf0165955f153094ca372a1fa6306b31de Mon Sep 17 00:00:00 2001 From: CbcWestwolf <1004626265@qq.com> Date: Mon, 22 Jul 2024 16:53:14 +0800 Subject: [PATCH 08/14] Apply suggestions from code review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Daniël van Eeden --- mysql-schema/mysql-schema-user.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/mysql-schema/mysql-schema-user.md b/mysql-schema/mysql-schema-user.md index 16f2506894032..3352092abbc55 100644 --- a/mysql-schema/mysql-schema-user.md +++ b/mysql-schema/mysql-schema-user.md @@ -66,15 +66,15 @@ DESC mysql.user; There are several types of columns in `mysql.user`: * Scope: - * `Host` and `User` are used to specify a TiDB account + * `Host` and `User` are used to specify a TiDB account * Privilege: - * From `Select_priv` to `Drop_role_priv`, and from `Shutdown_priv` to `Create_Tablespace_Priv`: see [privileges required for TiDB operations](/privilege-management.md#privileges-required-for-tidb-operations) + * From `Select_priv` to `Drop_role_priv`, and from `Shutdown_priv` to `Create_Tablespace_Priv`: see [privileges required for TiDB operations](/privilege-management.md#privileges-required-for-tidb-operations) * Security - * `authentication_string` and `plugin`: `authentication_string` records credentials for the accounts. Credentials are interpreted using the authentication plugin named in the `plugin` column. - * `Account_locked` records the account locking state. - * `Password_reuse_history` and `Password_reuse_time` are used for [password reuse policy](/password-management.md#password-reuse-policy) - * `User_attributes` provides information about user comments and user attributes - * `Token_issuer` is used for [`tidb_auth_token`](/security-compatibility-with-mysql.md#tidb_auth_token) - * `Password_expired`, `Password_last_changed` and `Password_lifetime` are used for [password expiration policy](/password-management.md#password-expiration-policy) + * `authentication_string` and `plugin`: `authentication_string` records credentials for the accounts. Credentials are interpreted using the authentication plugin named in the `plugin` column. + * `Account_locked` records the account locking state. + * `Password_reuse_history` and `Password_reuse_time` are used for [password reuse policy](/password-management.md#password-reuse-policy) + * `User_attributes` provides information about user comments and user attributes + * `Token_issuer` is used for [`tidb_auth_token`](/security-compatibility-with-mysql.md#tidb_auth_token) + * `Password_expired`, `Password_last_changed` and `Password_lifetime` are used for [password expiration policy](/password-management.md#password-expiration-policy) Most of the columns above exist in MySQL's `mysql.user`, except `Token_issuer`. \ No newline at end of file From 3b9eee54cbd32450027d4cd7b90fa6e2bea32757 Mon Sep 17 00:00:00 2001 From: cbcwestwolf <1004626265@qq.com> Date: Mon, 22 Jul 2024 17:08:23 +0800 Subject: [PATCH 09/14] fix link error for tidb-cloud doc --- mysql-schema/mysql-schema-user.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/mysql-schema/mysql-schema-user.md b/mysql-schema/mysql-schema-user.md index 3352092abbc55..5bd5596dcfcaa 100644 --- a/mysql-schema/mysql-schema-user.md +++ b/mysql-schema/mysql-schema-user.md @@ -65,6 +65,8 @@ DESC mysql.user; There are several types of columns in `mysql.user`: + + * Scope: * `Host` and `User` are used to specify a TiDB account * Privilege: @@ -77,4 +79,22 @@ There are several types of columns in `mysql.user`: * `Token_issuer` is used for [`tidb_auth_token`](/security-compatibility-with-mysql.md#tidb_auth_token) * `Password_expired`, `Password_last_changed` and `Password_lifetime` are used for [password expiration policy](/password-management.md#password-expiration-policy) + + + + +* Scope: + * `Host` and `User` are used to specify a TiDB account +* Privilege: + * From `Select_priv` to `Drop_role_priv`, and from `Shutdown_priv` to `Create_Tablespace_Priv`: see [privileges required for TiDB operations](https://docs.pingcap.com/tidb/stable/privilege-management#privileges-required-for-tidb-operations) +* Security + * `authentication_string` and `plugin`: `authentication_string` records credentials for the accounts. Credentials are interpreted using the authentication plugin named in the `plugin` column. + * `Account_locked` records the account locking state. + * `Password_reuse_history` and `Password_reuse_time` are used for [password reuse policy](https://docs.pingcap.com/tidb/stable/password-management#password-reuse-policy) + * `User_attributes` provides information about user comments and user attributes + * `Token_issuer` is used for [`tidb_auth_token`](https://docs.pingcap.com/tidb/stable/security-compatibility-with-mysql#tidb_auth_token) + * `Password_expired`, `Password_last_changed` and `Password_lifetime` are used for [password expiration policy](https://docs.pingcap.com/tidb/stable/password-management#password-expiration-policy) + + + Most of the columns above exist in MySQL's `mysql.user`, except `Token_issuer`. \ No newline at end of file From d776a3ac7e4459a2a293e2c39f7bcb41edad62d1 Mon Sep 17 00:00:00 2001 From: CbcWestwolf <1004626265@qq.com> Date: Wed, 24 Jul 2024 16:17:18 +0800 Subject: [PATCH 10/14] Apply suggestions from code review Co-authored-by: Aolin --- TOC-tidb-cloud.md | 2 +- TOC.md | 2 +- mysql-schema/mysql-schema-user.md | 50 ++++++++++++++++++------------- mysql-schema/mysql-schema.md | 2 +- 4 files changed, 33 insertions(+), 23 deletions(-) diff --git a/TOC-tidb-cloud.md b/TOC-tidb-cloud.md index 016e7a88278e5..1056b81518d14 100644 --- a/TOC-tidb-cloud.md +++ b/TOC-tidb-cloud.md @@ -572,7 +572,7 @@ - [Use the `tidb_snapshot` System Variable](/read-historical-data.md) - [Placement Rules in SQL](/placement-rules-in-sql.md) - System Tables - - MYSQL + - `mysql` Schema - [Overview](/mysql-schema/mysql-schema.md) - [`user`](/mysql-schema/mysql-schema-user.md) - INFORMATION_SCHEMA diff --git a/TOC.md b/TOC.md index 029f4daee193b..bc877abb90c40 100644 --- a/TOC.md +++ b/TOC.md @@ -947,7 +947,7 @@ - [GBK](/character-set-gbk.md) - [Placement Rules in SQL](/placement-rules-in-sql.md) - System Tables - - MYSQL + - `mysql` Schema - [Overview](/mysql-schema/mysql-schema.md) - [`user`](/mysql-schema/mysql-schema-user.md) - INFORMATION_SCHEMA diff --git a/mysql-schema/mysql-schema-user.md b/mysql-schema/mysql-schema-user.md index 5bd5596dcfcaa..3f06dcad3e9f4 100644 --- a/mysql-schema/mysql-schema-user.md +++ b/mysql-schema/mysql-schema-user.md @@ -1,16 +1,20 @@ --- -title: mysql_user +title: `mysql.user` summary: Learn about the `user` table in the `mysql` schema. --- # `mysql.user` -`mysql.user` is a frequently used system table. You can display the columns of `mysql.user` by: +The `mysql.user` table provides information about user accounts and their privileges. + +To view the structure of `mysql.user`, use the following SQL statement: ```sql DESC mysql.user; ``` +The output is as follows: + ``` +------------------------+----------------------+------+------+-------------------+-------+ | Field | Type | Null | Key | Default | Extra | @@ -63,38 +67,44 @@ DESC mysql.user; 44 rows in set (0.00 sec) ``` -There are several types of columns in `mysql.user`: +The `mysql.user` table contains several fields that can be categorized into three groups: * Scope: - * `Host` and `User` are used to specify a TiDB account + * `Host`: specifies the hostname of a TiDB account. + * `User`: specifies the username of a TiDB account. * Privilege: - * From `Select_priv` to `Drop_role_priv`, and from `Shutdown_priv` to `Create_Tablespace_Priv`: see [privileges required for TiDB operations](/privilege-management.md#privileges-required-for-tidb-operations) + + The fields ending with `_priv` or `_Priv` define the permissions granted to a user account. For example, `Select_priv` means that the user has global `Select` privilege. For more information, see [Privileges required for TiDB operations](/privilege-management.md#privileges-required-for-tidb-operations). + * Security - * `authentication_string` and `plugin`: `authentication_string` records credentials for the accounts. Credentials are interpreted using the authentication plugin named in the `plugin` column. - * `Account_locked` records the account locking state. - * `Password_reuse_history` and `Password_reuse_time` are used for [password reuse policy](/password-management.md#password-reuse-policy) - * `User_attributes` provides information about user comments and user attributes - * `Token_issuer` is used for [`tidb_auth_token`](/security-compatibility-with-mysql.md#tidb_auth_token) - * `Password_expired`, `Password_last_changed` and `Password_lifetime` are used for [password expiration policy](/password-management.md#password-expiration-policy) + * `authentication_string` and `plugin`: `authentication_string` stores the credentials for the user account. The credentials are interpreted based on the authentication plugin specified in the `plugin` field. + * `Account_locked`: indicates whether the user account is locked. + * `Password_reuse_history` and `Password_reuse_time`: used for [Password reuse policy](/password-management.md#password-reuse-policy). + * `User_attributes`: provides information about user comments and user attributes. + * `Token_issuer`: used for the [`tidb_auth_token`](/security-compatibility-with-mysql.md#tidb_auth_token) authentication plugin. + * `Password_expired`, `Password_last_changed`, and `Password_lifetime`: used for [Password expiration policy](/password-management.md#password-expiration-policy). * Scope: - * `Host` and `User` are used to specify a TiDB account + * `Host`: specifies the hostname of a TiDB account. + * `User`: specifies the username of a TiDB account. * Privilege: - * From `Select_priv` to `Drop_role_priv`, and from `Shutdown_priv` to `Create_Tablespace_Priv`: see [privileges required for TiDB operations](https://docs.pingcap.com/tidb/stable/privilege-management#privileges-required-for-tidb-operations) + + The fields ending with `_priv` or `_Priv` define the permissions granted to a user account. For example, `Select_priv` means that the user has global `Select` privilege. For more information, see [Privileges required for TiDB operations](https://docs.pingcap.com/tidb/stable/privilege-management#privileges-required-for-tidb-operations). + * Security - * `authentication_string` and `plugin`: `authentication_string` records credentials for the accounts. Credentials are interpreted using the authentication plugin named in the `plugin` column. - * `Account_locked` records the account locking state. - * `Password_reuse_history` and `Password_reuse_time` are used for [password reuse policy](https://docs.pingcap.com/tidb/stable/password-management#password-reuse-policy) - * `User_attributes` provides information about user comments and user attributes - * `Token_issuer` is used for [`tidb_auth_token`](https://docs.pingcap.com/tidb/stable/security-compatibility-with-mysql#tidb_auth_token) - * `Password_expired`, `Password_last_changed` and `Password_lifetime` are used for [password expiration policy](https://docs.pingcap.com/tidb/stable/password-management#password-expiration-policy) + * `authentication_string` and `plugin`: `authentication_string` stores the credentials for the user account. The credentials are interpreted based on the authentication plugin specified in the `plugin` field. + * `Account_locked`: indicates whether the user account is locked. + * `Password_reuse_history` and `Password_reuse_time`: used for [Password reuse policy](https://docs.pingcap.com/tidb/stable/password-management#password-reuse-policy). + * `User_attributes`: provides information about user comments and user attributes. + * `Token_issuer`: used for the [`tidb_auth_token`](https://docs.pingcap.com/tidb/stable/security-compatibility-with-mysql#tidb_auth_token) authentication plugin. + * `Password_expired`, `Password_last_changed`, and `Password_lifetime`: used for [Password expiration policy](https://docs.pingcap.com/tidb/stable/password-management#password-expiration-policy). -Most of the columns above exist in MySQL's `mysql.user`, except `Token_issuer`. \ No newline at end of file +While most of the fields in the TiDB `mysql.user` table are also present in the MySQL `mysql.user` table, the `Token_issuer` field is specific to TiDB. \ No newline at end of file diff --git a/mysql-schema/mysql-schema.md b/mysql-schema/mysql-schema.md index 624dff4ff5055..0dd766881d1db 100644 --- a/mysql-schema/mysql-schema.md +++ b/mysql-schema/mysql-schema.md @@ -10,7 +10,7 @@ The `mysql` schema contains TiDB system tables. The design is similar to the `my > **Note:** > -> In most scenarios, it is not recommended to change the content of system tables directly by using `INSERT`/`UPDATE`/or `DELETE`. Instead, the recommended way is to use [`CREATE USER`](/sql-statements/sql-statement-create-user.md)/[`ALTER USER`](/sql-statements/sql-statement-alter-user.md)/ [`DROP USER`](/sql-statements/sql-statement-drop-user.md)/[`GRANT`](/sql-statements/sql-statement-grant-privileges.md)/[`REVOKE`](/sql-statements/sql-statement-revoke-privileges.md)/[`SHOW CREATE USER`](/sql-statements/sql-statement-show-create-user.md) etc. If you still want to alter the system tables directly, [`FLUSH PRIVILEGES`](/sql-statements/sql-statement-flush-privileges.md) is needed to make the change take effect. +> In most scenarios, it is not recommended to change the content of system tables directly using `INSERT`, `UPDATE`, or `DELETE`. Instead, use statements such as [`CREATE USER`](/sql-statements/sql-statement-create-user.md), [`ALTER USER`](/sql-statements/sql-statement-alter-user.md), [`DROP USER`](/sql-statements/sql-statement-drop-user.md), [`GRANT`](/sql-statements/sql-statement-grant-privileges.md), [`REVOKE`](/sql-statements/sql-statement-revoke-privileges.md), and [`SHOW CREATE USER`](/sql-statements/sql-statement-show-create-user.md) to manage users and privileges. If direct modification of system tables is unavoidable, use [`FLUSH PRIVILEGES`](/sql-statements/sql-statement-flush-privileges.md) to make the changes take effect. ## Grant system tables From c43717fcf38f3972f4a922c0a5e437949e835559 Mon Sep 17 00:00:00 2001 From: Aolin Date: Thu, 25 Jul 2024 14:07:39 +0800 Subject: [PATCH 11/14] fix links for mysql.user --- user-account-management.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/user-account-management.md b/user-account-management.md index cb42f1b7b5534..8af449abbe3b6 100644 --- a/user-account-management.md +++ b/user-account-management.md @@ -10,7 +10,7 @@ This document describes how to manage a TiDB user account. ## User names and passwords -TiDB stores the user accounts in the table of the [`mysql.user`](/mysql-schema.md) system table. Each account is identified by a user name and the client host. Each account may have a password. +TiDB stores the user accounts in the table of the [`mysql.user`](/mysql-schema/mysql-schema-user.md) system table. Each account is identified by a user name and the client host. Each account may have a password. You can connect to the TiDB server using the MySQL client, and use the specified account and password to login. For each user name, make sure that it contains no more than 32 characters. @@ -37,7 +37,7 @@ You can also create accounts by using [third party GUI tools](/develop/dev-guide CREATE USER [IF NOT EXISTS] user [IDENTIFIED BY 'auth_string']; ``` -After you assign the password, TiDB hashes and stores the `auth_string` in the [`mysql.user`](/mysql-schema.md) table. +After you assign the password, TiDB hashes and stores the `auth_string` in the [`mysql.user`](/mysql-schema/mysql-schema-user.md) table. ```sql CREATE USER 'test'@'127.0.0.1' IDENTIFIED BY 'xxx'; @@ -138,7 +138,7 @@ To remove a user account, use the [`DROP USER`](/sql-statements/sql-statement-dr DROP USER 'test'@'localhost'; ``` -This operation clears the user's records in the [`mysql.user`](/mysql-schema.md) table and the related records in the privilege table. +This operation clears the user's records in the [`mysql.user`](/mysql-schema/mysql-schema-user.md) table and the related records in the privilege table. ## Reserved user accounts @@ -150,7 +150,7 @@ TiDB can limit the resources consumed by users using resource groups. For more i ## Assign account passwords -TiDB stores passwords in the [`mysql.user`](/mysql-schema.md) system table. Operations that assign or update passwords are permitted only to users with the `CREATE USER` privilege, or, alternatively, privileges for the `mysql` database (`INSERT` privilege to create new accounts, `UPDATE` privilege to update existing accounts). +TiDB stores passwords in the [`mysql.user`](/mysql-schema/mysql-schema-user.md) system table. Operations that assign or update passwords are permitted only to users with the `CREATE USER` privilege, or, alternatively, privileges for the `mysql` database (`INSERT` privilege to create new accounts, `UPDATE` privilege to update existing accounts). - To assign a password when you create a new account, use [`CREATE USER`](/sql-statements/sql-statement-create-user.md) and include an `IDENTIFIED BY` clause: From f2f828469c65f21f86e27d4539f64cce6f6f5239 Mon Sep 17 00:00:00 2001 From: Aolin Date: Thu, 25 Jul 2024 14:12:02 +0800 Subject: [PATCH 12/14] fix links for mysql schema --- privilege-management.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privilege-management.md b/privilege-management.md index e07e1fe38226b..102333d1a79da 100644 --- a/privilege-management.md +++ b/privilege-management.md @@ -502,7 +502,7 @@ When the system variable [`tidb_resource_control_strict_mode`](/system-variables ### Privilege table -The following [`mysql` system tables](/mysql-schema.md) are special because all the privilege-related data is stored in them: +The following [`mysql` system tables](/mysql-schema/mysql-schema.md) are special because all the privilege-related data is stored in them: - `mysql.user` (user account, global privilege) - `mysql.db` (database-level privilege) From 3857870a1bc9c642b03fcc6cd8dbdd251315ef55 Mon Sep 17 00:00:00 2001 From: Aolin Date: Thu, 25 Jul 2024 14:28:25 +0800 Subject: [PATCH 13/14] fix format --- mysql-schema/mysql-schema-user.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mysql-schema/mysql-schema-user.md b/mysql-schema/mysql-schema-user.md index 3f06dcad3e9f4..a57f0d498588e 100644 --- a/mysql-schema/mysql-schema-user.md +++ b/mysql-schema/mysql-schema-user.md @@ -78,7 +78,7 @@ The `mysql.user` table contains several fields that can be categorized into thre The fields ending with `_priv` or `_Priv` define the permissions granted to a user account. For example, `Select_priv` means that the user has global `Select` privilege. For more information, see [Privileges required for TiDB operations](/privilege-management.md#privileges-required-for-tidb-operations). -* Security +* Security: * `authentication_string` and `plugin`: `authentication_string` stores the credentials for the user account. The credentials are interpreted based on the authentication plugin specified in the `plugin` field. * `Account_locked`: indicates whether the user account is locked. * `Password_reuse_history` and `Password_reuse_time`: used for [Password reuse policy](/password-management.md#password-reuse-policy). @@ -97,7 +97,7 @@ The `mysql.user` table contains several fields that can be categorized into thre The fields ending with `_priv` or `_Priv` define the permissions granted to a user account. For example, `Select_priv` means that the user has global `Select` privilege. For more information, see [Privileges required for TiDB operations](https://docs.pingcap.com/tidb/stable/privilege-management#privileges-required-for-tidb-operations). -* Security +* Security: * `authentication_string` and `plugin`: `authentication_string` stores the credentials for the user account. The credentials are interpreted based on the authentication plugin specified in the `plugin` field. * `Account_locked`: indicates whether the user account is locked. * `Password_reuse_history` and `Password_reuse_time`: used for [Password reuse policy](https://docs.pingcap.com/tidb/stable/password-management#password-reuse-policy). From 029116c8f0c65b24dc65afd447a026306cb54a27 Mon Sep 17 00:00:00 2001 From: Lilian Lee Date: Mon, 29 Jul 2024 18:06:20 +0800 Subject: [PATCH 14/14] Update wording --- mysql-schema/mysql-schema-user.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mysql-schema/mysql-schema-user.md b/mysql-schema/mysql-schema-user.md index a57f0d498588e..6b88e2c36375b 100644 --- a/mysql-schema/mysql-schema-user.md +++ b/mysql-schema/mysql-schema-user.md @@ -107,4 +107,4 @@ The `mysql.user` table contains several fields that can be categorized into thre -While most of the fields in the TiDB `mysql.user` table are also present in the MySQL `mysql.user` table, the `Token_issuer` field is specific to TiDB. \ No newline at end of file +Although most of the fields in the TiDB `mysql.user` table also exist in the MySQL `mysql.user` table, the `Token_issuer` field is specific to TiDB. \ No newline at end of file