Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[doc] fix some sql statements doc #1930

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

[doc] fix some sql statements doc #1930

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
aea49e8
[doc] fix some sql statements doc
chenzhx Jan 23, 2025
f556fab
[doc] fix some sql statements doc
chenzhx Jan 24, 2025
885df65
[doc] fix some sql statements doc
chenzhx Jan 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 26 additions & 12 deletions docs/sql-manual/sql-statements/account-management/ALTER-ROLE.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,27 +24,41 @@ specific language governing permissions and limitations
under the License.
-->



## Description

Statement used to modify a role
The `ALTER ROLE` statement is used to modify a role.

## Syntax

```sql
ALTER ROLE role_name comment;
ALTER ROLE <role_name> COMMENT <comment>;
```

## Example
## Required Parameters

**1. `<role_name>`**

> The name of the role.

## Optional Parameters

1. Modify the role's comment
**1. `<comment>`**

```sql
ALTER ROLE role1 COMMENT "this is my first role";
```
> The comment of the role.

## Keywords
## Access Control Requirements

ALTER, ROLE
The user executing this SQL command must have at least the following privileges:

## Best Practice
| Privilege | Object | Notes |
|:--------------|:----------|:------|
| ADMIN_PRIV | USER or ROLE | This operation can only be performed by users or roles with ADMIN_PRIV permissions |

## Example

- Modify the role's comment

```sql
ALTER ROLE role1 COMMENT "this is my first role";
```

126 changes: 78 additions & 48 deletions docs/sql-manual/sql-statements/account-management/ALTER-USER.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,78 +24,108 @@ specific language governing permissions and limitations
under the License.
-->


## Description

The ALTER USER command is used to modify a user's account attributes, including passwords, and password policies, etc.
The `ALTER USER` statement is used to modify a user's account attributes, including passwords, and password policies, etc.

>Note that.
>
>This command give over supports modifying user roles from versions 2.0. Please use [GRANT](./GRANT.md) and [REVOKE](./REVOKE.md) for related operations
## Syntax

```sql
ALTER USER [IF EXISTS] user_identity [IDENTIFIED BY 'password']
[password_policy]
[comment]

user_identity:
'user_name'@'host'
ALTER USER [IF EXISTS] <user_identity> [IDENTIFIED BY <password>]
[<password_policy>]
[<comment>]

password_policy:

1. PASSWORD_HISTORY [n|DEFAULT]
2. PASSWORD_EXPIRE [DEFAULT|NEVER|INTERVAL n DAY/HOUR/SECOND]
3. FAILED_LOGIN_ATTEMPTS n
4. PASSWORD_LOCK_TIME [n DAY/HOUR/SECOND|UNBOUNDED]
1. PASSWORD_HISTORY [ <n> | DEFAULT ]
2. PASSWORD_EXPIRE [ DEFAULT | NEVER | INTERVAL <n> { DAY | HOUR | SECOND }]
3. FAILED_LOGIN_ATTEMPTS <n>
4. PASSWORD_LOCK_TIME [ UNBOUNDED | <n> { DAY | HOUR | SECOND } ]
5. ACCOUNT_UNLOCK
```

About `user_identity` and `password_policy`, Please refer to `CREATE USER`.
## Required Parameters

`ACCOUNT_UNLOCK` is used to unlock a locked user.
**1. `<user_identity`>**

In an ALTER USER command, only one of the following account attributes can be modified at the same time:
> A user_identity uniquely identifies a user.The syntax is:'user_name'@'host'.
> `user_identity` consists of two parts, user_name and host, where username is the username. Host identifies the host address where the client connects. The host part can use % for fuzzy matching. If no host is specified, it defaults to '%', which means the user can connect to Doris from any host.
> The host part can also be specified as a domain, the syntax is: 'user_name'@['domain'], even if it is surrounded by square brackets, Doris will think this is a domain and try to resolve its ip address.

1. Change password
2. Modify `PASSWORD_HISTORY`
3. Modify `PASSWORD_EXPIRE`
4. Modify `FAILED_LOGIN_ATTEMPTS` and `PASSWORD_LOCK_TIME`
5. Unlock users
## Optional Parameters

## Example
**1. `<password>`**

1. Change the user's password
> Specify the user password.

```sql
ALTER USER jack@'%' IDENTIFIED BY "12345";
```
**2. `<password_policy>`**

2. Modify the user's password policy

```sql
ALTER USER jack@'%' FAILED_LOGIN_ATTEMPTS 3 PASSWORD_LOCK_TIME 1 DAY;
```
> `password_policy` is a clause used to specify policies related to password authentication login. Currently, the following policies are supported:
>
> `PASSWORD_HISTORY [<n> | DEFAULT]`
>
> Whether to allow the current user to use historical passwords when resetting their passwords. For example, `PASSWORD_HISTORY 10` means that it is forbidden to use the password set in the past 10 times as a new password. If set to `PASSWORD_HISTORY DEFAULT`, the value in the global variable `password_history` will be used. `0` means do not enable this feature. Default is 0.
>
> `PASSWORD_EXPIRE [ DEFAULT | NEVER | INTERVAL <n> { DAY | HOUR | SECOND }]`
>
> Set the expiration time of the current user's password. For example `PASSWORD_EXPIRE INTERVAL 10 DAY` means the password will expire in 10 days. `PASSWORD_EXPIRE NEVER` means that the password does not expire. If set to `PASSWORD_EXPIRE DEFAULT`, the value in the global variable `default_password_lifetime` is used. Defaults to NEVER (or 0), which means it will not expire.
>
> `FAILED_LOGIN_ATTEMPTS <n>`
>
> When the current user logs in, if the user logs in with the wrong password for n times, the account will be locked.For example, `FAILED_LOGIN_ATTEMPTS 3` means that if you log in wrongly for 3 times, the account will be locked.
>
> `PASSWORD_LOCK_TIME [ UNBOUNDED | <n> { DAY | HOUR | SECOND } ]`
>
> When the account is locked, the lock time is set. For example, `PASSWORD_LOCK_TIME 1 DAY` means that the account will be locked for one day.
>
> `ACCOUNT_UNLOCK`
>
> `ACCOUNT_UNLOCK` is used to unlock a locked user.

3. Unlock a user
**3. `<comment>`**

```sql
ALTER USER jack@'%' ACCOUNT_UNLOCK
```
>Specify the user comment.

4. Modify the user's comment
## Access Control Requirements

```sql
ALTER USER jack@'%' COMMENT "this is my first user"
```
The user executing this SQL command must have at least the following privileges:

## Keywords
| Privilege | Object | Notes |
|:--------------|:----------|:------|
| ADMIN_PRIV | USER or ROLE | This operation can only be performed by users or roles with ADMIN_PRIV permissions |

ALTER, USER
## Usage Notes

## Best Practice
1. This command give over supports modifying user roles from versions 2.0. Please use [GRANT](./GRANT.md) and [REVOKE](./REVOKE.md) for related operations

1. Modify the password policy
2. In an ALTER USER command, only one of the following account attributes can be modified at the same time:
- Change password
- Modify `PASSWORD_HISTORY`
- Modify `PASSWORD_EXPIRE`
- Modify `FAILED_LOGIN_ATTEMPTS` and `PASSWORD_LOCK_TIME`
- Unlock users

1. Modify `PASSWORD_EXPIRE` will reset the timing of password expiration time.
## Example

2. Modify `FAILED_LOGIN_ATTEMPTS` or `PASSWORD_LOCK_TIME` will unlock the user.
- Change the user's password

```sql
ALTER USER jack@'%' IDENTIFIED BY "12345";
```

- Modify the user's password policy

```sql
ALTER USER jack@'%' FAILED_LOGIN_ATTEMPTS 3 PASSWORD_LOCK_TIME 1 DAY;
```

- Unlock a user

```sql
ALTER USER jack@'%' ACCOUNT_UNLOCK
```

- Modify the user's comment

```sql
ALTER USER jack@'%' COMMENT "this is my first user"
```
46 changes: 29 additions & 17 deletions docs/sql-manual/sql-statements/account-management/CREATE-ROLE.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,34 +24,46 @@ specific language governing permissions and limitations
under the License.
-->



## Description

The statement user creates a role
The `CREATE ROLE` statement is used to create an unprivileged role, which can be subsequently granted with the GRANT command.

## Syntax

```sql
CREATE ROLE role_name [comment];
CREATE ROLE <role_name> [<comment>];
```

This statement creates an unprivileged role, which can be subsequently granted with the GRANT command.
## Required Parameters

## Example
**1. `<role_name>`**

> The name of the role.

## Optional Parameters

**1. `<comment>`**

1. Create a role
> The comment of the role.

```sql
CREATE ROLE role1;
```
## Access Control Requirements

2. Create a role with comment
The user executing this SQL command must have at least the following privileges:

```sql
CREATE ROLE role2 COMMENT "this is my first role";
```
| Privilege | Object | Notes |
|:--------------|:----------|:------|
| ADMIN_PRIV | USER or ROLE | This operation can only be performed by users or roles with ADMIN_PRIV permissions |

## Keywords
## Example

- Create a role

CREATE, ROLE
```sql
CREATE ROLE role1;
```

## Best Practice
- Create a role with comment

```sql
CREATE ROLE role2 COMMENT "this is my first role";
```
Loading
Loading