Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[doc] fix some sql statements doc #1930

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

[doc] fix some sql statements doc #1930

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
aea49e8
[doc] fix some sql statements doc
chenzhx Jan 23, 2025
f556fab
[doc] fix some sql statements doc
chenzhx Jan 24, 2025
885df65
[doc] fix some sql statements doc
chenzhx Jan 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 26 additions & 12 deletions docs/sql-manual/sql-statements/account-management/ALTER-ROLE.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,27 +24,41 @@ specific language governing permissions and limitations
under the License.
-->



## Description

Statement used to modify a role
The `ALTER ROLE` statement is used to modify a role.

## Syntax

```sql
ALTER ROLE role_name comment;
ALTER ROLE <role_name> COMMENT <comment>;
```

## Example
## Required Parameters

**<role_name>**

> The name of the role.

## Optional Parameters

1. Modify the role's comment
**<comment>**

```sql
ALTER ROLE role1 COMMENT "this is my first role";
```
> The comment of the role.

## Keywords
## Access Control Requirements

ALTER, ROLE
The user executing this SQL command must have at least the following privileges:

## Best Practice
| Privilege | Object | Notes |
|:--------------|:----------|:------|
| ADMIN_PRIV | USER or ROLE | This operation can only be performed by users or roles with ADMIN_PRIV permissions |

## Example

- Modify the role's comment

```sql
ALTER ROLE role1 COMMENT "this is my first role";
```

125 changes: 76 additions & 49 deletions docs/sql-manual/sql-statements/account-management/ALTER-USER.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,78 +24,105 @@ specific language governing permissions and limitations
under the License.
-->


## Description

The ALTER USER command is used to modify a user's account attributes, including passwords, and password policies, etc.
The `ALTER USER` statement is used to modify a user's account attributes, including passwords, and password policies, etc.

>Note that.
>
>This command give over supports modifying user roles from versions 2.0. Please use [GRANT](./GRANT.md) and [REVOKE](./REVOKE.md) for related operations
## Syntax

```sql
ALTER USER [IF EXISTS] user_identity [IDENTIFIED BY 'password']
[password_policy]
[comment]
ALTER USER [IF EXISTS] <user_identity> [IDENTIFIED BY <password>]
[<password_policy>]
[<comment>]
```

user_identity:
'user_name'@'host'
## Required Parameters

password_policy:
**<user_identity>**

1. PASSWORD_HISTORY [n|DEFAULT]
2. PASSWORD_EXPIRE [DEFAULT|NEVER|INTERVAL n DAY/HOUR/SECOND]
3. FAILED_LOGIN_ATTEMPTS n
4. PASSWORD_LOCK_TIME [n DAY/HOUR/SECOND|UNBOUNDED]
5. ACCOUNT_UNLOCK
```
> A user_identity uniquely identifies a user.The syntax is:'user_name'@'host'.
> `user_identity` consists of two parts, user_name and host, where username is the username. Host identifies the host address where the client connects. The host part can use % for fuzzy matching. If no host is specified, it defaults to '%', which means the user can connect to Doris from any host.
> The host part can also be specified as a domain, the syntax is: 'user_name'@['domain'], even if it is surrounded by square brackets, Doris will think this is a domain and try to resolve its ip address.

About `user_identity` and `password_policy`, Please refer to `CREATE USER`.
## Optional Parameters

`ACCOUNT_UNLOCK` is used to unlock a locked user.
**<password>**

In an ALTER USER command, only one of the following account attributes can be modified at the same time:
> Specify the user password.

1. Change password
2. Modify `PASSWORD_HISTORY`
3. Modify `PASSWORD_EXPIRE`
4. Modify `FAILED_LOGIN_ATTEMPTS` and `PASSWORD_LOCK_TIME`
5. Unlock users
**<password_policy>**

## Example
> `password_policy` is a clause used to specify policies related to password authentication login. Currently, the following policies are supported:

1. Change the user's password
```sql
- PASSWORD_HISTORY [n|DEFAULT]
- PASSWORD_EXPIRE [DEFAULT|NEVER|INTERVAL n DAY/HOUR/SECOND]
- FAILED_LOGIN_ATTEMPTS n
- PASSWORD_LOCK_TIME [n DAY/HOUR/SECOND|UNBOUNDED]
- ACCOUNT_UNLOCK
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

这部分:

  1. 建议无序列表中写清楚类别。语法分到每一个类别中
  2. 每一个的语法还是要遵循语法部分的规范。参数要加上尖括号,可选部分使用大括号和竖线。举个例子
PASSWORD_EXPIRE { DEFAULT | NEVER | INTERVAL <n> { DAY | HOUR | SECOND } }

另外一种做法是,在语法部分把这些分支全部列清楚。然后在参数部分介绍每个分支的作用

```

```sql
ALTER USER jack@'%' IDENTIFIED BY "12345";
```
> - `PASSWORD_HISTORY`
>
> Whether to allow the current user to use historical passwords when resetting their passwords. For example, `PASSWORD_HISTORY 10` means that it is forbidden to use the password set in the past 10 times as a new password. If set to `PASSWORD_HISTORY DEFAULT`, the value in the global variable `password_history` will be used. `0` means do not enable this feature. Default is 0.
>
> - `PASSWORD_EXPIRE`
>
> Set the expiration time of the current user's password. For example `PASSWORD_EXPIRE INTERVAL 10 DAY` means the password will expire in 10 days. `PASSWORD_EXPIRE NEVER` means that the password does not expire. If set to `PASSWORD_EXPIRE DEFAULT`, the value in the global variable `default_password_lifetime` is used. Defaults to NEVER (or 0), which means it will not expire.
>
> - `FAILED_LOGIN_ATTEMPTS` and `PASSWORD_LOCK_TIME`
>
> When the current user logs in, if the user logs in with the wrong password for n times, the account will be locked, and the lock time is set. For example, `FAILED_LOGIN_ATTEMPTS 3 PASSWORD_LOCK_TIME 1 DAY` means that if you log in wrongly for 3 times, the account will be locked for one day.
>
> - ACCOUNT_UNLOCK
>
> `ACCOUNT_UNLOCK` is used to unlock a locked user.

2. Modify the user's password policy

```sql
ALTER USER jack@'%' FAILED_LOGIN_ATTEMPTS 3 PASSWORD_LOCK_TIME 1 DAY;
```
**<comment>**

3. Unlock a user
>Specify the user comment.

```sql
ALTER USER jack@'%' ACCOUNT_UNLOCK
```
## Access Control Requirements

4. Modify the user's comment
The user executing this SQL command must have at least the following privileges:

```sql
ALTER USER jack@'%' COMMENT "this is my first user"
```
| Privilege | Object | Notes |
|:--------------|:----------|:------|
| ADMIN_PRIV | USER or ROLE | This operation can only be performed by users or roles with ADMIN_PRIV permissions |

## Keywords
## Usage Notes

ALTER, USER
1. This command give over supports modifying user roles from versions 2.0. Please use [GRANT](./GRANT.md) and [REVOKE](./REVOKE.md) for related operations

## Best Practice
2. In an ALTER USER command, only one of the following account attributes can be modified at the same time:
- Change password
- Modify `PASSWORD_HISTORY`
- Modify `PASSWORD_EXPIRE`
- Modify `FAILED_LOGIN_ATTEMPTS` and `PASSWORD_LOCK_TIME`
- Unlock users

1. Modify the password policy
## Example

1. Modify `PASSWORD_EXPIRE` will reset the timing of password expiration time.
- Change the user's password

2. Modify `FAILED_LOGIN_ATTEMPTS` or `PASSWORD_LOCK_TIME` will unlock the user.
```sql
ALTER USER jack@'%' IDENTIFIED BY "12345";
```

- Modify the user's password policy

```sql
ALTER USER jack@'%' FAILED_LOGIN_ATTEMPTS 3 PASSWORD_LOCK_TIME 1 DAY;
```

- Unlock a user

```sql
ALTER USER jack@'%' ACCOUNT_UNLOCK
```

- Modify the user's comment

```sql
ALTER USER jack@'%' COMMENT "this is my first user"
```
46 changes: 29 additions & 17 deletions docs/sql-manual/sql-statements/account-management/CREATE-ROLE.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,34 +24,46 @@ specific language governing permissions and limitations
under the License.
-->



## Description

The statement user creates a role
The `CREATE ROLE` statement is used to create an unprivileged role, which can be subsequently granted with the GRANT command.

## Syntax

```sql
CREATE ROLE role_name [comment];
CREATE ROLE <role_name> [<comment>];
```

This statement creates an unprivileged role, which can be subsequently granted with the GRANT command.
## Required Parameters

## Example
**<role_name>**

> The name of the role.

## Optional Parameters

**<comment>**

1. Create a role
> The comment of the role.

```sql
CREATE ROLE role1;
```
## Access Control Requirements

2. Create a role with comment
The user executing this SQL command must have at least the following privileges:

```sql
CREATE ROLE role2 COMMENT "this is my first role";
```
| Privilege | Object | Notes |
|:--------------|:----------|:------|
| ADMIN_PRIV | USER or ROLE | This operation can only be performed by users or roles with ADMIN_PRIV permissions |

## Keywords
## Example

- Create a role

CREATE, ROLE
```sql
CREATE ROLE role1;
```

## Best Practice
- Create a role with comment

```sql
CREATE ROLE role2 COMMENT "this is my first role";
```
Loading
Loading