[fix](docs) Fix some errors related to privilege and grant in the docs (#11377)

Fix some errors related to privilege and grant in the docs
2022-08-09 11:02:47 +08:00
parent 2b918eaccd
commit 970a35d658
4 changed files with 48 additions and 43 deletions
--- a/docs/en/docs/admin-manual/privilege-ldap/user-privilege.md
+++ b/docs/en/docs/admin-manual/privilege-ldap/user-privilege.md
@ -107,28 +107,29 @@ Doris currently supports the following permissions

 ## Permission hierarchy

-At the same time, according to the scope of application of permissions, we divide them into three levels:
+At the same time, according to the scope of application of permissions, we divide them into four levels:

-1. GLOBAL LEVEL: Global permissions. That is, permissions on `*.*` granted by GRANT statements. The granted permissions apply to any table in any database.
-2. DATABASE LEVEL: Database-level permissions. That is, permissions on `db.*` granted by GRANT statements. The granted permissions apply to any table in the specified database.
-3. TABLE LEVEL: Table-level permissions. That is, permissions on `db.tbl` granted by GRANT statements. The permissions granted apply to the specified tables in the specified database.
+1. GLOBAL LEVEL: Global permissions. That is, permissions on `*.*.*` granted by GRANT statements. The granted permissions apply to any table in any database.
+2. CATALOG LEVEL: Catalog level permissions. That is, the permissions on `ctl.*.*` granted through the GRANT statement. The permissions granted apply to any library table in the specified Catalog.
+3. DATABASE LEVEL: Database-level permissions. That is, the permissions on `ctl.db.*` granted through the GRANT statement. The privileges granted apply to any table in the specified database.
+4. TABLE LEVEL: Table-level permissions. That is, the permissions on `ctl.db.tbl` granted through the GRANT statement. The privileges granted apply to the specified table in the specified database.


 ## ADMIN /GRANT

-ADMIN\_PRIV and GRANT\_PRIV have the authority of **"grant authority"** at the same time, which is more special. The operations related to these two privileges are described here one by one.
+ADMIN_PRIV and GRANT_PRIV have the authority of **"grant authority"** at the same time, which is more special. The operations related to these two privileges are described here one by one.

 1. CREATE USER

-	* Users with ADMIN or GRANT privileges at any level can create new users.
+	* Users with ADMIN privileges, or GRANT privileges at the GLOBAL and DATABASE levels can create new users.

 2. DROP USER

-	* Only ADMIN privileges can delete users.
+	* Users with ADMIN authority or GRANT authority at the global level can drop users.

 3. CREATE/DROP ROLE

-	* Only ADMIN privileges can create roles.
+	* Users with ADMIN authority or GRANT authority at the global level can create or drop role.

 4. GRANT /REVOKE

--- a/docs/en/docs/sql-manual/sql-reference/Account-Management-Statements/GRANT.md
+++ b/docs/en/docs/sql-manual/sql-reference/Account-Management-Statements/GRANT.md
@ -35,7 +35,7 @@ GRANT
 The GRANT command is used to grant the specified user or role specified permissions

 ```sql
-GRANT privilege_list ON db_name[.tbl_name] TO user_identity [ROLE role_name]
+GRANT privilege_list ON priv_level TO user_identity [ROLE role_name]

 GRANT privilege_list ON RESOURCE resource_name TO user_identity [ROLE role_name]
 ````
@ -45,11 +45,11 @@ privilege_list is a list of privileges to be granted, separated by commas. Curre
    NODE_PRIV: Cluster node operation permissions, including node online and offline operations. Only the root user has this permission and cannot be granted to other users.
    ADMIN_PRIV: All privileges except NODE_PRIV.
    GRANT_PRIV: Privilege for operation privileges. Including creating and deleting users, roles, authorization and revocation, setting passwords, etc.
-    SELECT_PRIV: read permission on the specified library or table
-    LOAD_PRIV: Import privileges on the specified library or table
-    ALTER_PRIV: Schema change permission for the specified library or table
-    CREATE_PRIV: Create permission on the specified library or table
-    DROP_PRIV: drop privilege on the specified library or table
+    SELECT_PRIV: read permission on the specified database or table
+    LOAD_PRIV: Import privileges on the specified database or table
+    ALTER_PRIV: Schema change permission for the specified database or table
+    CREATE_PRIV: Create permission on the specified database or table
+    DROP_PRIV: drop privilege on the specified database or table
    USAGE_PRIV: access to the specified resource
    
    ALL and READ_WRITE in legacy permissions will be converted to: SELECT_PRIV,LOAD_PRIV,ALTER_PRIV,CREATE_PRIV,DROP_PRIV;
@ -58,16 +58,17 @@ privilege_list is a list of privileges to be granted, separated by commas. Curre
 Permission classification:

    1. Node Privilege: NODE_PRIV
-    2. Library table permissions: SELECT_PRIV, LOAD_PRIV, ALTER_PRIV, CREATE_PRIV, DROP_PRIV
+    2. database table permissions: SELECT_PRIV, LOAD_PRIV, ALTER_PRIV, CREATE_PRIV, DROP_PRIV
    3. Resource permission: USAGE_PRIV

-db_name[.tbl_name] supports the following three forms:
+Priv_level supports the following four forms:

-    1. *.* permissions can be applied to all libraries and all tables in them
-    2. db.* permissions can be applied to all tables under the specified library
-    3. The db.tbl permission can be applied to the specified table under the specified library
+    1. *.*.* permissions can be applied to all catalogs, all databases and all tables in them
+    2. ctl.*.* permissions can be applied to all databases and all tables in them
+    3. ctl.db.* permissions can be applied to all tables under the specified database
+    4. ctl.db.tbl permission can be applied to the specified table under the specified database
    
-    The library or table specified here can be a library and table that does not exist.
+    The catalog or database, table specified here may be not exist.

 resource_name supports the following two forms:

@ -84,22 +85,22 @@ user_identity:

 ### Example

-1. Grant permissions to all libraries and tables to the user
+1. Grant permissions to all catalog and databases and tables to the user

   ```sql
-   GRANT SELECT_PRIV ON *.* TO 'jack'@'%';
+   GRANT SELECT_PRIV ON *.*.* TO 'jack'@'%';
   ````

-2. Grant permissions to the specified library table to the user
+2. Grant permissions to the specified database table to the user

   ```sql
-   GRANT SELECT_PRIV,ALTER_PRIV,LOAD_PRIV ON db1.tbl1 TO 'jack'@'192.8.%';
+   GRANT SELECT_PRIV,ALTER_PRIV,LOAD_PRIV ON ctl1.db1.tbl1 TO 'jack'@'192.8.%';
   ````

-3. Grant permissions to the specified library table to the role
+3. Grant permissions to the specified database table to the role

   ```sql
-   GRANT LOAD_PRIV ON db1.* TO ROLE 'my_role';
+   GRANT LOAD_PRIV ON ctl1.db1.* TO ROLE 'my_role';
   ````

 4. Grant access to all resources to users
--- a/docs/zh-CN/docs/admin-manual/privilege-ldap/user-privilege.md
+++ b/docs/zh-CN/docs/admin-manual/privilege-ldap/user-privilege.md
@ -109,11 +109,12 @@ Doris 目前支持以下几种权限

 ## 权限层级

-同时，根据权限适用范围的不同，我们将库表的权限分为以下三个层级：
+同时，根据权限适用范围的不同，我们将库表的权限分为以下四个层级：

-1. GLOBAL LEVEL：全局权限。即通过 GRANT 语句授予的 `*.*` 上的权限。被授予的权限适用于任意数据库中的任意表。
-2. DATABASE LEVEL：数据库级权限。即通过 GRANT 语句授予的 `db.*` 上的权限。被授予的权限适用于指定数据库中的任意表。
-3. TABLE LEVEL：表级权限。即通过 GRANT 语句授予的 `db.tbl` 上的权限。被授予的权限适用于指定数据库中的指定表。
+1. GLOBAL LEVEL：全局权限。即通过 GRANT 语句授予的 `*.*.*` 上的权限。被授予的权限适用于任意数据库中的任意表。
+2. CATALOG LEVEL：Catalog级权限。即通过 GRANT 语句授予的 `ctl.*.*` 上的权限。被授予的权限适用于指定Catalog中的任意库表。
+3. DATABASE LEVEL：数据库级权限。即通过 GRANT 语句授予的 `ctl.db.*` 上的权限。被授予的权限适用于指定数据库中的任意表。
+4. TABLE LEVEL：表级权限。即通过 GRANT 语句授予的 `ctl.db.tbl` 上的权限。被授予的权限适用于指定数据库中的指定表。

 将资源的权限分为以下两个层级：

@ -125,13 +126,14 @@ Doris 目前支持以下几种权限
 ADMIN_PRIV 和 GRANT_PRIV 权限同时拥有**授予权限**的权限，较为特殊。这里对和这两个权限相关的操作逐一说明。

 1. CREATE USER
-   - 拥有 ADMIN 权限，或任意层级的 GRANT 权限的用户可以创建新用户。
+   - 拥有 ADMIN 权限，或 GLOBAL 和 DATABASE 层级的 GRANT 权限的用户可以创建新用户。
 2. DROP USER
-   - 只有 ADMIN 权限可以删除用户。
+   - 拥有 ADMIN 权限或全局层级的 GRANT 权限的用户可以删除用户。
 3. CREATE/DROP ROLE
-   - 只有 ADMIN 权限可以创建角色。
+   - 拥有 ADMIN 权限或全局层级的 GRANT 权限的用户可以创建角色。
 4. GRANT/REVOKE
   - 拥有 ADMIN 权限，或者 GLOBAL 层级 GRANT 权限的用户，可以授予或撤销任意用户的权限。
+   - 拥有 CATALOG 层级 GRANT 权限的用户，可以授予或撤销任意用户对指定CATALOG的权限。
   - 拥有 DATABASE 层级 GRANT 权限的用户，可以授予或撤销任意用户对指定数据库的权限。
   - 拥有 TABLE 层级 GRANT 权限的用户，可以授予或撤销任意用户对指定数据库中指定表的权限。
 5. SET PASSWORD
--- a/docs/zh-CN/docs/sql-manual/sql-reference/Account-Management-Statements/GRANT.md
+++ b/docs/zh-CN/docs/sql-manual/sql-reference/Account-Management-Statements/GRANT.md
@ -35,7 +35,7 @@ GRANT
 GRANT 命令用于赋予指定用户或角色指定的权限

 ```sql
-GRANT privilege_list ON db_name[.tbl_name] TO user_identity [ROLE role_name]
+GRANT privilege_list ON priv_level TO user_identity [ROLE role_name]

 GRANT privilege_list ON RESOURCE resource_name TO user_identity [ROLE role_name]
 ```
@ -61,13 +61,14 @@ privilege_list 是需要赋予的权限列表，以逗号分隔。当前 Doris
    2. 库表权限：SELECT_PRIV,LOAD_PRIV,ALTER_PRIV,CREATE_PRIV,DROP_PRIV
    3. 资源权限：USAGE_PRIV

-db_name[.tbl_name] 支持以下三种形式：
+priv_level 支持以下四种形式：

-    1. *.* 权限可以应用于所有库及其中所有表
-    2. db.* 权限可以应用于指定库下的所有表
-    3. db.tbl 权限可以应用于指定库下的指定表
+    1. *.*.* 权限可以应用于所有catalog及其中的所有库表
+    2. ctl.*.* 权限可以应用于指定catalog中的所有库表
+    3. ctl.db.* 权限可以应用于指定库下的所有表
+    4. ctl.db.tbl 权限可以应用于指定库下的指定表
    
-    这里指定的库或表可以是不存在的库和表。
+    这里指定的ctl或库或表可以是不存在的库和表。

 resource_name 支持以下两种形式：

@ -84,22 +85,22 @@ user_identity：

 ### Example

-1. 授予所有库和表的权限给用户
+1. 授予所有catalog和库表的权限给用户
   
    ```sql
-    GRANT SELECT_PRIV ON *.* TO 'jack'@'%';
+    GRANT SELECT_PRIV ON *.*.* TO 'jack'@'%';
    ```
    
 2. 授予指定库表的权限给用户
   
    ```sql
-    GRANT SELECT_PRIV,ALTER_PRIV,LOAD_PRIV ON db1.tbl1 TO 'jack'@'192.8.%';
+    GRANT SELECT_PRIV,ALTER_PRIV,LOAD_PRIV ON ctl1.db1.tbl1 TO 'jack'@'192.8.%';
    ```
    
 3. 授予指定库表的权限给角色
   
    ```sql
-    GRANT LOAD_PRIV ON db1.* TO ROLE 'my_role';
+    GRANT LOAD_PRIV ON ctl1.db1.* TO ROLE 'my_role';
    ```
    
 4. 授予所有资源的使用权限给用户