pingcap · ti-srebot · Jun 16, 2020 · Jun 16, 2020 · Jun 16, 2020
diff --git a/sql-statements/sql-statement-create-user.md b/sql-statements/sql-statement-create-user.md
@@ -37,17 +37,42 @@ This statement creates a new user, specified with a password. In the MySQL privi
 
 ## Examples
 
+Create a user with the `newuserpassword` password.
+
 ```sql
 mysql> CREATE USER 'newuser' IDENTIFIED BY 'newuserpassword';
 Query OK, 1 row affected (0.04 sec)
+```
 
+Create a user who can only log in to `192.168.1.1`.
+
+```sql
 mysql> CREATE USER 'newuser2'@'192.168.1.1' IDENTIFIED BY 'newuserpassword';
 Query OK, 1 row affected (0.02 sec)
 ```
 
+Create a user who is enforced to log in using TLS connection.
+
+```sql
+CREATE USER 'newuser3'@'%' REQUIRE SSL IDENTIFIED BY 'newuserpassword';
+Query OK, 1 row affected (0.02 sec)
+``` 
+
+Create a user who is required to use X.509 certificate at login.
+
+```sql
+CREATE USER 'newuser4'@'%' REQUIRE ISSUER '/C=US/ST=California/L=San Francisco/O=PingCAP' IDENTIFIED BY 'newuserpassword';
+Query OK, 1 row affected (0.02 sec)
+```
+
 ## MySQL compatibility
 
-* Several of the `CREATE` options are not yet supported by TiDB, and will be parsed but ignored.
+The following `CREATE USER` options are not yet supported by TiDB, and will be parsed but ignored:
+
+* TiDB does not support `WITH MAX_QUERIES_PER_HOUR`, `WITH MAX_UPDATES_PER_HOUR`, and `WITH MAX_USER_CONNECTIONS` options.
+* TiDB does not support the `DEFAULT ROLE` option.
+* TiDB does not support `PASSWORD EXPIRE`, `PASSWORD HISTORY` or other options related to password.
+* TiDB does not support the `ACCOUNT LOCK` and `ACCOUNT UNLOCK` options.
 
 ## See also
 

diff --git a/sql-statements/sql-statement-drop-user.md b/sql-statements/sql-statement-drop-user.md
@@ -8,6 +8,7 @@ aliases: ['/docs/stable/reference/sql/statements/drop-user/']
 # DROP USER
 
 This statement removes a user from the TiDB system database. The optional keyword `IF EXISTS` can be used to silence an error if the user does not exist.
+This statement requires the `CREATE USER` privilege.
 
 ## Synopsis
 
@@ -25,10 +26,10 @@ This statement removes a user from the TiDB system database. The optional keywor
 mysql> DROP USER idontexist;
 ERROR 1396 (HY000): Operation DROP USER failed for idontexist@%
 
-mysql> DROP USER IF EXISTS idontexist;
+mysql> DROP USER IF EXISTS 'idontexist';
 Query OK, 0 rows affected (0.01 sec)
 
-mysql> CREATE USER newuser IDENTIFIED BY 'mypassword';
+mysql> CREATE USER 'newuser' IDENTIFIED BY 'mypassword';
 Query OK, 1 row affected (0.02 sec)
 
 mysql> GRANT ALL ON test.* TO 'newuser';
@@ -54,10 +55,10 @@ mysql> SHOW GRANTS FOR 'newuser';
 +-------------------------------------+
 1 row in set (0.00 sec)
 
-mysql> DROP USER newuser;
+mysql> DROP USER 'newuser';
 Query OK, 0 rows affected (0.14 sec)
 
-mysql> SHOW GRANTS FOR newuser;
+mysql> SHOW GRANTS FOR 'newuser';
 ERROR 1141 (42000): There is no such grant defined for user 'newuser' on host '%'
 ```
 

diff --git a/sql-statements/sql-statement-flush-privileges.md b/sql-statements/sql-statement-flush-privileges.md
@@ -8,6 +8,7 @@ aliases: ['/docs/stable/reference/sql/statements/flush-privileges/']
 # FLUSH PRIVILEGES
 
 This statement triggers TiDB to reload the in-memory copy of privileges from the privilege tables. You should execute `FLUSH PRIVILEGES` after making manual edits to tables such as `mysql.user`. Executing this statement is not required after using privilege statements such as `GRANT` or `REVOKE`.
+Executing this statement requires the `RELOAD` privilege.
 
 ## Synopsis
 

diff --git a/sql-statements/sql-statement-grant-privileges.md b/sql-statements/sql-statement-grant-privileges.md
@@ -8,6 +8,7 @@ aliases: ['/docs/stable/reference/sql/statements/grant-privileges/']
 # `GRANT <privileges>`
 
 This statement allocates privileges to a pre-existing user in TiDB. The privilege system in TiDB follows MySQL, where credentials are assigned based on a database/table pattern.
+Executing this statement requires the `GRANT OPTION` privilege and all privileges you allocate.
 
 ## Synopsis
 
@@ -42,7 +43,7 @@ This statement allocates privileges to a pre-existing user in TiDB. The privileg
 ## Examples
 
 ```sql
-mysql> CREATE USER newuser IDENTIFIED BY 'mypassword';
+mysql> CREATE USER 'newuser' IDENTIFIED BY 'mypassword';
 Query OK, 1 row affected (0.02 sec)
 
 mysql> GRANT ALL ON test.* TO 'newuser';

diff --git a/sql-statements/sql-statement-revoke-privileges.md b/sql-statements/sql-statement-revoke-privileges.md
@@ -8,6 +8,7 @@ aliases: ['/docs/stable/reference/sql/statements/revoke-privileges/']
 # `REVOKE <privileges>`
 
 This statement removes privileges from an existing user.
+Executing this statement requires the `GRANT OPTION` privilege and all privileges you revoke.
 
 ## Synopsis
 
@@ -42,7 +43,7 @@ This statement removes privileges from an existing user.
 ## Examples
 
 ```sql
-mysql> CREATE USER newuser IDENTIFIED BY 'mypassword';
+mysql> CREATE USER 'newuser' IDENTIFIED BY 'mypassword';
 Query OK, 1 row affected (0.02 sec)
 
 mysql> GRANT ALL ON test.* TO 'newuser';
@@ -68,10 +69,10 @@ mysql> SHOW GRANTS FOR 'newuser';
 +-------------------------------------+
 1 row in set (0.00 sec)
 
-mysql> DROP USER newuser;
+mysql> DROP USER 'newuser';
 Query OK, 0 rows affected (0.14 sec)
 
-mysql> SHOW GRANTS FOR newuser;
+mysql> SHOW GRANTS FOR 'newuser';
 ERROR 1141 (42000): There is no such grant defined for user 'newuser' on host '%'
 ```
 

diff --git a/sql-statements/sql-statement-set-password.md b/sql-statements/sql-statement-set-password.md
@@ -24,7 +24,7 @@ Query OK, 0 rows affected (0.01 sec)
 mysql> CREATE USER 'newuser' IDENTIFIED BY 'test';
 Query OK, 1 row affected (0.00 sec)
 
-mysql> SHOW CREATE USER newuser;
+mysql> SHOW CREATE USER 'newuser';
 +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
 | CREATE USER for newuser@%                                                                                                                                            |
 +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
@@ -35,7 +35,7 @@ mysql> SHOW CREATE USER newuser;
 mysql> SET PASSWORD FOR newuser = 'test';
 Query OK, 0 rows affected (0.01 sec)
 
-mysql> SHOW CREATE USER newuser;
+mysql> SHOW CREATE USER 'newuser';
 +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
 | CREATE USER for newuser@%                                                                                                                                            |
 +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
@@ -46,7 +46,7 @@ mysql> SHOW CREATE USER newuser;
 mysql> SET PASSWORD FOR newuser = PASSWORD('test'); -- deprecated syntax from earlier MySQL releases
 Query OK, 0 rows affected (0.00 sec)
 
-mysql> SHOW CREATE USER newuser;
+mysql> SHOW CREATE USER 'newuser';
 +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
 | CREATE USER for newuser@%                                                                                                                                            |
 +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+