SET DEFAULT ROLE

    SetDefaultRoleStmt:

    SetDefaultRoleOpt:

    SetDefaultRoleOpt

    RolenameList:

    UsernameList:

    root 用户连接 TiDB:

    创建新角色 analyticsteam 和新用户 jennifer

    1. CREATE ROLE analyticsteam;
    2. Query OK, 0 rows affected (0.02 sec)
    4. GRANT SELECT ON test.* TO analyticsteam;
    5. Query OK, 0 rows affected (0.02 sec)
    7. CREATE USER jennifer;
    8. Query OK, 0 rows affected (0.01 sec)
    10. GRANT analyticsteam TO jennifer;

    以 用户连接 TiDB:

    1. mysql -h 127.0.0.1 -P 4000 -u jennifer

    root 用户连接 TiDB:

    1. mysql -h 127.0.0.1 -P 4000 -u root

    执行 SET DEFAULT ROLE 语句将用户 jenniferanalyticsteam 角色相关联:

    1. SET DEFAULT ROLE analyticsteam TO jennifer;
    2. Query OK, 0 rows affected (0.02 sec)

    jennifer 用户连接 TiDB:

    此时 jennifer 用户无需执行 SET ROLE 语句就能拥有 analyticsteam 角色相关联的权限:

    1. SHOW GRANTS;
    2. +---------------------------------------------+
    3. | Grants for User                             |
    5. | GRANT USAGE ON *.* TO 'jennifer'@'%'        |
    6. | GRANT Select ON test.* TO 'jennifer'@'%'    |
    7. | GRANT 'analyticsteam'@'%' TO 'jennifer'@'%' |
    8. +---------------------------------------------+
    9. 3 rows in set (0.00 sec)
    11. +----------------+
    12. | Tables_in_test |
    13. +----------------+
    14. | t1             |
    15. +----------------+
    16. 1 row in set (0.00 sec)

    SET DEFAULT ROLE 语句不会自动将相关角色授予 (GRANT) 用户。若尝试为 jennifer 尚未被授予的角色执行 SET DEFAULT ROLE 语句会导致以下错误:

    1. SET DEFAULT ROLE analyticsteam TO jennifer;