[iotdb] branch master updated: [IOTDB-3545] Add permission and SQL relation table in doc (#6369)

qiaojialin Tue, 21 Jun 2022 07:56:51 -0700

This is an automated email from the ASF dual-hosted git repository.

qiaojialin pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/iotdb.git



The following commit(s) were added to refs/heads/master by this push:
     new b57604cbe6 [IOTDB-3545] Add permission and SQL relation table in doc 
(#6369)
b57604cbe6 is described below

commit b57604cbe663c96b11e6e85f60ce880fe5caeafc
Author: 任宇华 <[email protected]>
AuthorDate: Tue Jun 21 22:56:31 2022 +0800

    [IOTDB-3545] Add permission and SQL relation table in doc (#6369)
---
 .../Administration-Management/Administration.md    | 288 ++++++++++++++++++---
 .../Administration-Management/Administration.md    | 287 +++++++++++++++++---
 2 files changed, 513 insertions(+), 62 deletions(-)

diff --git a/docs/UserGuide/Administration-Management/Administration.md 
b/docs/UserGuide/Administration-Management/Administration.md
index 5859206deb..5f4f68c7b8 100644
--- a/docs/UserGuide/Administration-Management/Administration.md
+++ b/docs/UserGuide/Administration-Management/Administration.md
@@ -180,6 +180,13 @@ GRANT USER <userName> PRIVILEGES <privileges> ON 
<nodeName>;
 Eg: IoTDB > GRANT USER `tempuser` PRIVILEGES DELETE_TIMESERIES on root.ln.**;
 ```
 
+- Grant User All Privileges
+
+```
+GRANT USER <userName> PRIVILEGES ALL ON <nodeName>; 
+Eg: IoTDB > grant user renyuhua privileges all on root.**
+```
+
 * Grant Role Privileges
 
 ```
@@ -187,6 +194,13 @@ GRANT ROLE <roleName> PRIVILEGES <privileges> ON 
<nodeName>;
 Eg: IoTDB > GRANT ROLE `temprole` PRIVILEGES DELETE_TIMESERIES ON root.ln.**;
 ```
 
+- Grant Role All Privileges
+
+```
+GRANT ROLE <roleName> PRIVILEGES ALL ON <nodeName>;  
+Eg: IoTDB > GRANT ROLE `temprole` PRIVILEGES ALL ON root.ln.**;
+```
+
 * Grant User Role
 
 ```
@@ -201,6 +215,13 @@ REVOKE USER <userName> PRIVILEGES <privileges> ON 
<nodeName>;
 Eg: IoTDB > REVOKE USER `tempuser` PRIVILEGES DELETE_TIMESERIES on root.ln.**;
 ```
 
+* Revoke User All Privileges
+
+```
+REVOKE USER <userName> PRIVILEGES ALL ON <nodeName>; 
+Eg: IoTDB > REVOKE USER `tempuser` PRIVILEGES ALL on root.ln.**;
+```
+
 * Revoke Role Privileges
 
 ```
@@ -208,6 +229,13 @@ REVOKE ROLE <roleName> PRIVILEGES <privileges> ON 
<nodeName>;
 Eg: IoTDB > REVOKE ROLE `temprole` PRIVILEGES DELETE_TIMESERIES ON root.ln.**;
 ```
 
+* Revoke All Role Privileges
+
+```
+REVOKE ROLE <roleName> PRIVILEGES ALL ON <nodeName>;  
+Eg: IoTDB > REVOKE ROLE `temprole` PRIVILEGES ALL ON root.ln.**;
+```
+
 * Revoke Role From User
 
 ```
@@ -295,36 +323,51 @@ At the same time, changes to roles are immediately 
reflected on all users who ow
 
 **List of privileges Included in the System**
 
-|privilege Name|Interpretation|
-|:---|:---|
-|SET\_STORAGE\_GROUP|set storage groups; path dependent|
-|DELETE\_STORAGE\_GROUP|delete storage groups; path dependent|
-|CREATE\_TIMESERIES|create timeseries; path dependent|
-|INSERT\_TIMESERIES|insert data; path dependent|
-|READ\_TIMESERIES|query data; path dependent|
-|DELETE\_TIMESERIES|delete data or timeseries; path dependent|
-|DELETE\_STORAGE\_GROUP|delete storage groups; path dependent|
-|CREATE\_USER|create users; path independent|
-|DELETE\_USER|delete users; path independent|
-|MODIFY\_PASSWORD|modify passwords for all users; path independent; (Those who 
do not have this privilege can still change their own asswords. )|
-|LIST\_USER|list all users; list a user's privileges; list a user's roles; 
list users of Role with four kinds of operation privileges; path independent|
-|GRANT\_USER\_PRIVILEGE|grant user privileges; path independent|
-|REVOKE\_USER\_PRIVILEGE|revoke user privileges; path independent|
-|GRANT\_USER\_ROLE|grant user roles; path independent|
-|REVOKE\_USER\_ROLE|revoke user roles; path independent|
-|CREATE\_ROLE|create roles; path independent|
-|DELETE\_ROLE|delete roles; path independent|
-|LIST\_ROLE|list all roles; list the privileges of a role; list the three 
kinds of operation privileges of all users owning a role; path independent|
-|GRANT\_ROLE\_PRIVILEGE|grant role privileges; path independent|
-|REVOKE\_ROLE\_PRIVILEGE|revoke role privileges; path independent|
-|CREATE_FUNCTION|register UDFs; path independent|
-|DROP_FUNCTION|deregister UDFs; path independent|
-|CREATE_TRIGGER|create triggers; path dependent|
-|DROP_TRIGGER|drop triggers; path dependent|
-|START_TRIGGER|start triggers; path dependent|
-|STOP_TRIGGER|stop triggers; path dependent|
-|CREATE_CONTINUOUS_QUERY|create continuous queries; path independent|
-|DROP_CONTINUOUS_QUERY|drop continuous queries; path independent|
+|privilege Name|Interpretation|Example|
+|:---|:---|----|
+|SET\_STORAGE\_GROUP|set storage groups; path dependent|Eg: `set storage group 
to root.ln;`|
+|DELETE\_STORAGE\_GROUP|delete storage groups; path dependent|Eg: `delete 
storage group root.ln;`|
+|CREATE\_TIMESERIES|create timeseries; path dependent|Eg1: create 
timeseries<br />`create timeseries root.ln.wf02.status with 
datatype=BOOLEAN,encoding=PLAIN;`<br />Eg2: create aligned timeseries<br 
/>`create aligned timeseries root.ln.device1(latitude FLOAT encoding=PLAIN 
compressor=SNAPPY, longitude FLOAT encoding=PLAIN compressor=SNAPPY);`|
+|INSERT\_TIMESERIES|insert data; path dependent|Eg1: `insert into 
root.ln.wf02(timestamp,status) values(1,true);`<br />Eg2: `insert into 
root.sg1.d1(time, s1, s2) aligned values(1, 1, 1)`|
+|READ\_TIMESERIES|query data; path dependent|Eg1: `show storage group;` <br 
/>Eg2: `show child paths root.ln, show child nodes root.ln;`<br />Eg3: `show 
devices;`<br />Eg4: `show timeseries root.**;`<br />Eg5: `show schema 
templates;`<br />Eg6: `show all ttl`<br />Eg7: 
[Query-Data](../Query-Data/Overview.md)（The query statements under this section 
all use this permission）<br />Eg8: CVS format data export<br 
/>`./export-csv.bat -h 127.0.0.1 -p 6667 -u tempuser -pw root -td ./`<br />Eg9: 
P [...]
+|DELETE\_TIMESERIES|delete data or timeseries; path dependent|Eg1: delete 
timeseries<br />`delete timeseries root.ln.wf01.wt01.status`<br />Eg2: delete 
data<br />`delete from root.ln.wf02.wt02.status where time < 10`|
+|CREATE\_USER|create users; path independent|Eg: `create user thulab 
'passwd';`|
+|DELETE\_USER|delete users; path independent|Eg: `drop user xiaoming;`|
+|MODIFY\_PASSWORD|modify passwords for all users; path independent; (Those who 
do not have this privilege can still change their own asswords. )|Eg: `alter 
user tempuser SET PASSWORD 'newpwd';`|
+|LIST\_USER|list all users; list a user's privileges; list a user's roles; 
list users of Role with four kinds of operation privileges; path 
independent|Eg1: `list user;`<br />Eg2: `list privileges user 'admin' on 
root.sgcc.**;`<br />Eg3: `list user privileges admin;`<br />Eg4: `list all user 
of role 'admin';`|
+|GRANT\_USER\_PRIVILEGE|grant user privileges; path independent|Eg:  `grant 
user tempuser privileges DELETE_TIMESERIES on root.ln.**;`|
+|REVOKE\_USER\_PRIVILEGE|revoke user privileges; path independent|Eg:  `revoke 
user tempuser privileges DELETE_TIMESERIES on root.ln.**;`|
+|GRANT\_USER\_ROLE|grant user roles; path independent|Eg:  `grant temprole to 
tempuser;`|
+|REVOKE\_USER\_ROLE|revoke user roles; path independent|Eg:  `revoke temprole 
from tempuser;`|
+|CREATE\_ROLE|create roles; path independent|Eg:  `create role admin;`|
+|DELETE\_ROLE|delete roles; path independent|Eg: `drop role admin;`|
+|LIST\_ROLE|list all roles; list the privileges of a role; list the three 
kinds of operation privileges of all users owning a role; path independent|Eg1: 
`list role`<br />Eg2: `list role privileges actor;`<br />Eg3: `list privileges 
role wirte_role ON root.sgcc;`<br />Eg4: `list all role of user admin;`|
+|GRANT\_ROLE\_PRIVILEGE|grant role privileges; path independent|Eg: `grant 
role temprole privileges DELETE_TIMESERIES ON root.ln.**;`|
+|REVOKE\_ROLE\_PRIVILEGE|revoke role privileges; path independent|Eg: `revoke 
role temprole privileges DELETE_TIMESERIES ON root.ln.**;`|
+|CREATE_FUNCTION|register UDFs; path independent|Eg: `create function example 
AS 'org.apache.iotdb.udf.UDTFExample';`|
+|DROP_FUNCTION|deregister UDFs; path independent|Eg: `drop function example`|
+|CREATE_TRIGGER|create triggers; path dependent|Eg1: `CREATE TRIGGER 
<TRIGGER-NAME> BEFORE INSERT ON <FULL-PATH> AS <CLASSNAME>`<br />Eg2: `CREATE 
TRIGGER <TRIGGER-NAME> AFTER INSERT ON <FULL-PATH> AS <CLASSNAME>`|
+|DROP_TRIGGER|drop triggers; path dependent|Eg: `drop trigger 
'alert-listener-sg1d1s1'`|
+|START_TRIGGER|start triggers; path dependent|Eg: `start trigger 
lert-listener-sg1d1s1'`|
+|STOP_TRIGGER|stop triggers; path dependent|Eg: `stop trigger 
'alert-listener-sg1d1s1'`|
+|CREATE_CONTINUOUS_QUERY|create continuous queries; path independent|Eg: 
`select s1, s1 into t1, t2 from root.sg.d1`|
+|DROP_CONTINUOUS_QUERY|drop continuous queries; path independent|Eg1: `DROP 
CONTINUOUS QUERY cq3`<br />Eg2: `DROP CQ cq3`|
+
+Note that the following SQL statements need to be granted multiple permissions 
before they can be used：
+
+- Import data: Need to assign `READ_TIMESERIES`，`INSERT_TIMESERIES` two 
permissions.。
+
+```
+Eg: IoTDB > ./import-csv.bat -h 127.0.0.1 -p 6667 -u renyuhua -pw root -f 
dump0.csv
+```
+
+-  Query Write-back (SELECT INTO)
+- - `READ_TIMESERIES` permission of source sequence in all `select` clauses is 
required
+  - `INSERT_TIMESERIES` permission of target sequence in all `into` clauses is 
required 
+
+```
+Eg: IoTDB > select s1, s1 into t1, t2 from root.sg.d1 limit 5 offset 1000
+```
 
 ### Username Restrictions
 
@@ -347,4 +390,187 @@ result set. For example, `root.sg.d.*` is a sub pattern of
 
 ### Permission cache
 
-In distributed related permission operations, when changing permissions other 
than creating users and roles, all the cache information of `dataNode` related 
to the user (role) will be cleared first. If any `dataNode` cache information 
is clear and fails, the permission change task will fail.
\ No newline at end of file
+In distributed related permission operations, when changing permissions other 
than creating users and roles, all the cache information of `dataNode` related 
to the user (role) will be cleared first. If any `dataNode` cache information 
is clear and fails, the permission change task will fail.
+
+### Operations restricted by non root users
+
+At present, the following SQL statements supported by iotdb can only be 
operated by the `root` user, and no corresponding permission can be given to 
the new user.
+
+###### TTL
+
+- set ttl
+
+```
+Eg: IoTDB > set ttl to root.ln 3600
+```
+
+- unset ttl
+
+```
+Eg: IoTDB > unset ttl to root.ln
+```
+
+###### Schema Template
+
+- Create Schema Template
+
+```
+Eg: IoTDB > create schema template t1 (temperature FLOAT encoding=RLE, status 
BOOLEAN encoding=PLAIN compression=SNAPPY)
+```
+
+-  Set Schema Template
+
+```
+Eg: IoTDB > set schema template t1 to root.sg1.d1
+```
+
+- Uset Schema Template
+
+```
+Eg: IoTDB > unset schema template t1 from root.sg1.d1
+```
+
+-  Drop Schema Template
+
+```
+Eg: IoTDB > drop schema template t1
+```
+
+###### Tag and Attribute Management
+
+- Rename the tag/attribute key
+
+```text
+ALTER timeseries root.turbine.d1.s1 RENAME tag1 TO newTag1
+```
+
+- reset the tag/attribute value
+
+```text
+ALTER timeseries root.turbine.d1.s1 SET newTag1=newV1, attr1=newV1
+```
+
+- delete the existing tag/attribute
+
+```text
+ALTER timeseries root.turbine.d1.s1 DROP tag1, tag2
+```
+
+- add new tags
+
+```text
+ALTER timeseries root.turbine.d1.s1 ADD TAGS tag3=v3, tag4=v4
+```
+
+- add new attributes
+
+```text
+ALTER timeseries root.turbine.d1.s1 ADD ATTRIBUTES attr3=v3, attr4=v4
+```
+
+- upsert alias, tags and attributes
+
+```text
+ALTER timeseries root.turbine.d1.s1 UPSERT ALIAS=newAlias TAGS(tag3=v3, 
tag4=v4) ATTRIBUTES(attr3=v3, attr4=v4)
+```
+
+###### TsFile Management
+
+- Load TsFiles
+
+```
+Eg: IoTDB > load '/Users/Desktop/data/1575028885956-101-0.tsfile'
+```
+
+- remove a tsfile
+
+```
+Eg: IoTDB > remove 
'/Users/Desktop/data/data/root.vehicle/0/0/1575028885956-101-0.tsfile'
+```
+
+- unload a tsfile and move it to a target directory
+
+```
+Eg: IoTDB > unload 
'/Users/Desktop/data/data/root.vehicle/0/0/1575028885956-101-0.tsfile' 
'/data/data/tmp'
+```
+
+###### Count
+
+- Count storage group/Number of nodes/device/timeseries
+
+```
+Eg: IoTDB > count storage group
+Eg: IoTDB > count nodes root.** LEVEL=2
+Eg: IoTDB > count devices root.ln.**
+Eg: IoTDB > count timeseries root.**
+```
+
+###### Delete Time Partition (experimental)
+
+- Delete Time Partition (experimental)
+
+```
+Eg: IoTDB > DELETE PARTITION root.ln 0,1,2
+```
+
+###### Continuous Query,CQ
+
+- Continuous Query,CQ
+
+```
+Eg: IoTDB > CREATE CONTINUOUS QUERY cq1 BEGIN SELECT max_value(temperature) 
INTO temperature_max FROM root.ln.*.* GROUP BY time(10s) END
+```
+
+###### Maintenance Command
+
+- FLUSH
+
+```
+Eg: IoTDB > flush
+```
+
+- MERGE
+
+```
+Eg: IoTDB > MERGE
+Eg: IoTDB > FULL MERGE
+```
+
+- CLEAR CACHE
+
+```sql
+Eg: IoTDB > CLEAR CACHE
+```
+
+- SET STSTEM TO READONLY / WRITABLE
+
+```
+Eg: IoTDB > SET STSTEM TO READONLY / WRITABLE
+```
+
+- SCHEMA SNAPSHOT
+
+```sql
+Eg: IoTDB > CREATE SNAPSHOT FOR SCHEMA
+```
+
+- Query abort
+
+```
+Eg: IoTDB > KILL QUERY 1
+```
+
+###### Watermark Tool
+
+- Watermark new users 
+
+```
+Eg: IoTDB > grant watermark_embedding to Alice
+```
+
+- Watermark Detection
+
+```
+Eg: IoTDB > revoke watermark_embedding from Alice
+```
+
diff --git a/docs/zh/UserGuide/Administration-Management/Administration.md 
b/docs/zh/UserGuide/Administration-Management/Administration.md
index 2abffc4fa8..ebb4589c59 100644
--- a/docs/zh/UserGuide/Administration-Management/Administration.md
+++ b/docs/zh/UserGuide/Administration-Management/Administration.md
@@ -179,6 +179,13 @@ GRANT USER <userName> PRIVILEGES <privileges> ON 
<nodeName>;
 Eg: IoTDB > GRANT USER `tempuser` PRIVILEGES DELETE_TIMESERIES on root.ln.**;
 ```
 
+- 赋予用户全部的权限
+
+```
+GRANT USER <userName> PRIVILEGES ALL ON <nodeName>; 
+Eg: IoTDB > grant user renyuhua privileges all on root.**
+```
+
 * 赋予角色权限
 
 ```
@@ -186,6 +193,13 @@ GRANT ROLE <roleName> PRIVILEGES <privileges> ON 
<nodeName>;
 Eg: IoTDB > GRANT ROLE `temprole` PRIVILEGES DELETE_TIMESERIES ON root.ln.**;
 ```
 
+- 赋予角色全部的权限
+
+```
+GRANT ROLE <roleName> PRIVILEGES ALL ON <nodeName>;  
+Eg: IoTDB > GRANT ROLE `temprole` PRIVILEGES ALL ON root.ln.**;
+```
+
 * 赋予用户角色
 
 ```
@@ -200,6 +214,13 @@ REVOKE USER <userName> PRIVILEGES <privileges> ON 
<nodeName>;
 Eg: IoTDB > REVOKE USER `tempuser` PRIVILEGES DELETE_TIMESERIES on root.ln.**;
 ```
 
+- 移除用户所有权限
+
+```
+REVOKE USER <userName> PRIVILEGES ALL ON <nodeName>; 
+Eg: IoTDB > REVOKE USER `tempuser` PRIVILEGES ALL on root.ln.**;
+```
+
 * 撤销角色权限
 
 ```
@@ -207,6 +228,13 @@ REVOKE ROLE <roleName> PRIVILEGES <privileges> ON 
<nodeName>;
 Eg: IoTDB > REVOKE ROLE `temprole` PRIVILEGES DELETE_TIMESERIES ON root.ln.**;
 ```
 
+- 撤销角色全部的权限
+
+```
+REVOKE ROLE <roleName> PRIVILEGES ALL ON <nodeName>;  
+Eg: IoTDB > REVOKE ROLE `temprole` PRIVILEGES ALL ON root.ln.**;
+```
+
 * 撤销用户角色
 
 ```
@@ -294,36 +322,51 @@ Eg: IoTDB > ALTER USER `tempuser` SET PASSWORD 'newpwd';
 
 **系统所含权限列表**
 
-|权限名称|说明|
-|:---|:---|
-|SET\_STORAGE\_GROUP|创建存储组。包含设置存储组的权限。路径相关|
-|DELETE\_STORAGE\_GROUP|删除存储组。路径相关|
-|CREATE\_TIMESERIES|创建时间序列。路径相关|
-|INSERT\_TIMESERIES|插入数据。路径相关|
-|READ\_TIMESERIES|查询数据。路径相关|
-|DELETE\_TIMESERIES|删除数据或时间序列。路径相关|
-|DELETE\_STORAGE\_GROUP|删除存储组。路径相关|
-|CREATE\_USER|创建用户。路径无关|
-|DELETE\_USER|删除用户。路径无关|
-|MODIFY\_PASSWORD|修改所有用户的密码。路径无关。（没有该权限者仍然能够修改自己的密码。)|
-|LIST\_USER|列出所有用户，列出某用户权限，列出某用户具有的角色以及列出所有用户的角色四种操作的权限。路径无关|
-|GRANT\_USER\_PRIVILEGE|赋予用户权限。路径无关|
-|REVOKE\_USER\_PRIVILEGE|撤销用户权限。路径无关|
-|GRANT\_USER\_ROLE|赋予用户角色。路径无关|
-|REVOKE\_USER\_ROLE|撤销用户角色。路径无关|
-|CREATE\_ROLE|创建角色。路径无关|
-|DELETE\_ROLE|删除角色。路径无关|
-|LIST\_ROLE|列出所有角色，列出某角色拥有的权限，列出拥有某角色的所有用户三种操作的权限。路径无关|
-|GRANT\_ROLE\_PRIVILEGE|赋予角色权限。路径无关|
-|REVOKE\_ROLE\_PRIVILEGE|撤销角色权限。路径无关|
-|CREATE_FUNCTION|注册 UDF。路径无关|
-|DROP_FUNCTION|卸载 UDF。路径无关|
-|CREATE_TRIGGER|创建触发器。路径相关|
-|DROP_TRIGGER|卸载触发器。路径相关|
-|START_TRIGGER|启动触发器。路径相关|
-|STOP_TRIGGER|停止触发器。路径相关|
-|CREATE_CONTINUOUS_QUERY|创建连续查询。路径无关|
-|DROP_CONTINUOUS_QUERY|卸载连续查询。路径无关|
+|权限名称|说明|示例|
+|:---|:---|----|
+|SET\_STORAGE\_GROUP|创建存储组。包含设置存储组的权限。路径相关|Eg: `set storage group to root.ln;`|
+|DELETE\_STORAGE\_GROUP|删除存储组。路径相关|Eg: `delete storage group root.ln;`|
+|CREATE\_TIMESERIES|创建时间序列。路径相关|Eg1: 创建时间序列<br />`create timeseries 
root.ln.wf02.status with datatype=BOOLEAN,encoding=PLAIN;`<br />Eg2: 
创建对齐时间序列<br />`create aligned timeseries root.ln.device1(latitude FLOAT 
encoding=PLAIN compressor=SNAPPY, longitude FLOAT encoding=PLAIN 
compressor=SNAPPY);`|
+|INSERT\_TIMESERIES|插入数据。路径相关|Eg1: `insert into root.ln.wf02(timestamp,status) 
values(1,true);`<br />Eg2: `insert into root.sg1.d1(time, s1, s2) aligned 
values(1, 1, 1)`|
+|READ\_TIMESERIES|查询数据。路径相关|Eg1: `show storage group;` <br />Eg2: `show child 
paths root.ln, show child nodes root.ln;`<br />Eg3: `show devices;`<br />Eg4: 
`show timeseries root.**;`<br />Eg5: `show schema templates;`<br />Eg6: `show 
all ttl`<br />Eg7: [数据查询](../Query-Data/Overview.md)（这一节之下的查询语句均使用该权限）<br 
/>Eg8: CVS格式数据导出<br />`./export-csv.bat -h 127.0.0.1 -p 6667 -u tempuser -pw 
root -td ./`<br />Eg9: 查询性能追踪<br />`tracing select * from root`<br />Eg10: 
UDF查询<br />`select example(*) fr [...]
+|DELETE\_TIMESERIES|删除数据或时间序列。路径相关|Eg1: 删除时间序列<br />`delete timeseries 
root.ln.wf01.wt01.status`<br />Eg2: 删除数据<br />`delete from 
root.ln.wf02.wt02.status where time < 10`|
+|CREATE\_USER|创建用户。路径无关|Eg: `create user thulab 'passwd';`|
+|DELETE\_USER|删除用户。路径无关|Eg: `drop user xiaoming;`|
+|MODIFY\_PASSWORD|修改所有用户的密码。路径无关。（没有该权限者仍然能够修改自己的密码。)|Eg: `alter user tempuser 
SET PASSWORD 'newpwd';`|
+|LIST\_USER|列出所有用户，列出某用户权限，列出某用户具有的角色以及列出所有用户的角色四种操作的权限。路径无关|Eg1: `list 
user;`<br />Eg2: `list privileges user 'admin' on root.sgcc.**;`<br />Eg3: 
`list user privileges admin;`<br />Eg4: `list all user of role 'admin';`|
+|GRANT\_USER\_PRIVILEGE|赋予用户权限。路径无关|Eg:  `grant user tempuser privileges 
DELETE_TIMESERIES on root.ln.**;`|
+|REVOKE\_USER\_PRIVILEGE|撤销用户权限。路径无关|Eg:  `revoke user tempuser privileges 
DELETE_TIMESERIES on root.ln.**;`|
+|GRANT\_USER\_ROLE|赋予用户角色。路径无关|Eg:  `grant temprole to tempuser;`|
+|REVOKE\_USER\_ROLE|撤销用户角色。路径无关|Eg:  `revoke temprole from tempuser;`|
+|CREATE\_ROLE|创建角色。路径无关|Eg:  `create role admin;`|
+|DELETE\_ROLE|删除角色。路径无关|Eg: `drop role admin;`|
+|LIST\_ROLE|列出所有角色，列出某角色拥有的权限，列出拥有某角色的所有用户三种操作的权限。路径无关|Eg1: `list role`<br 
/>Eg2: `list role privileges actor;`<br />Eg3: `list privileges role wirte_role 
ON root.sgcc;`<br />Eg4: `list all role of user admin;`|
+|GRANT\_ROLE\_PRIVILEGE|赋予角色权限。路径无关|Eg: `grant role temprole privileges 
DELETE_TIMESERIES ON root.ln.**;`|
+|REVOKE\_ROLE\_PRIVILEGE|撤销角色权限。路径无关|Eg: `revoke role temprole privileges 
DELETE_TIMESERIES ON root.ln.**;`|
+|CREATE_FUNCTION|注册 UDF。路径无关|Eg: `create function example AS 
'org.apache.iotdb.udf.UDTFExample';`|
+|DROP_FUNCTION|卸载 UDF。路径无关|Eg: `drop function example`|
+|CREATE_TRIGGER|创建触发器。路径相关|Eg1: `CREATE TRIGGER <TRIGGER-NAME> BEFORE INSERT 
ON <FULL-PATH> AS <CLASSNAME>`<br />Eg2: `CREATE TRIGGER <TRIGGER-NAME> AFTER 
INSERT ON <FULL-PATH> AS <CLASSNAME>`|
+|DROP_TRIGGER|卸载触发器。路径相关|Eg: `drop trigger 'alert-listener-sg1d1s1'`|
+|START_TRIGGER|启动触发器。路径相关|Eg: `start trigger lert-listener-sg1d1s1'`|
+|STOP_TRIGGER|停止触发器。路径相关|Eg: `stop trigger 'alert-listener-sg1d1s1'`|
+|CREATE_CONTINUOUS_QUERY|创建连续查询。路径无关|Eg: `select s1, s1 into t1, t2 from 
root.sg.d1`|
+|DROP_CONTINUOUS_QUERY|卸载连续查询。路径无关|Eg1: `DROP CONTINUOUS QUERY cq3`<br />Eg2: 
`DROP CQ cq3`|
+
+注意: 下述sql语句需要赋予多个权限才可以使用：
+
+- 导入数据，需要赋予`READ_TIMESERIES`，`INSERT_TIMESERIES`两种权限。
+
+```
+Eg: IoTDB > ./import-csv.bat -h 127.0.0.1 -p 6667 -u renyuhua -pw root -f 
dump0.csv
+```
+
+- 查询写回(SELECT_INTO)
+  - 需要所有 `select` 子句中源序列的 `READ_TIMESERIES` 权限
+  - 需要所有 `into` 子句中目标序列 `INSERT_TIMESERIES` 权限
+
+```
+Eg: IoTDB > select s1, s1 into t1, t2 from root.sg.d1 limit 5 offset 1000
+```
 
 ### 用户名限制
 
@@ -343,4 +386,186 @@ IoTDB 规定角色名的字符长度不小于 4，其中角色名不能包含空
 
 ### 权限缓存
 
-在分布式相关的权限操作中，在进行除了创建用户和角色之外的其他权限更改操作时，都会先清除与该用户（角色）相关的所有的`dataNode`的缓存信息，如果任何一台`dataNode`缓存信息清楚失败，这个权限更改的任务就会失败。
\ No newline at end of file
+在分布式相关的权限操作中，在进行除了创建用户和角色之外的其他权限更改操作时，都会先清除与该用户（角色）相关的所有的`dataNode`的缓存信息，如果任何一台`dataNode`缓存信息清楚失败，这个权限更改的任务就会失败。
+
+### 非root用户限制进行的操作
+
+目前以下IoTDB支持的sql语句只有`root`用户可以进行操作，且没有对应的权限可以赋予新用户。
+
+###### TTL
+
+- 设置ttl
+
+```
+Eg: IoTDB > set ttl to root.ln 3600
+```
+
+- 取消ttl
+
+```
+Eg: IoTDB > unset ttl to root.ln
+```
+
+###### 元数据模板
+
+- 创建元数据模板
+
+```
+Eg: IoTDB > create schema template t1 (temperature FLOAT encoding=RLE, status 
BOOLEAN encoding=PLAIN compression=SNAPPY)
+```
+
+- 挂载元数据模板
+
+```
+Eg: IoTDB > set schema template t1 to root.sg1.d1
+```
+
+- 卸载元数据模板
+
+```
+Eg: IoTDB > unset schema template t1 from root.sg1.d1
+```
+
+- 删除元数据模板
+
+```
+Eg: IoTDB > drop schema template t1
+```
+
+###### 标签点管理
+
+- 重命名标签或属性
+
+```text
+ALTER timeseries root.turbine.d1.s1 RENAME tag1 TO newTag1
+```
+
+- 重新设置标签或属性的值
+
+```text
+ALTER timeseries root.turbine.d1.s1 SET newTag1=newV1, attr1=newV1
+```
+
+- 删除已经存在的标签或属性
+
+```text
+ALTER timeseries root.turbine.d1.s1 DROP tag1, tag2
+```
+
+- 添加新的标签
+
+```text
+ALTER timeseries root.turbine.d1.s1 ADD TAGS tag3=v3, tag4=v4
+```
+
+- 添加新的属性
+
+```text
+ALTER timeseries root.turbine.d1.s1 ADD ATTRIBUTES attr3=v3, attr4=v4
+```
+
+- 更新插入别名，标签和属性
+
+```text
+ALTER timeseries root.turbine.d1.s1 UPSERT ALIAS=newAlias TAGS(tag2=newV2, 
tag3=v3) ATTRIBUTES(attr3=v3, attr4=v4)
+```
+
+###### TsFile管理
+
+- 加载TsFile
+
+```
+Eg: IoTDB > load '/Users/Desktop/data/1575028885956-101-0.tsfile'
+```
+
+- 删除TsFile文件
+
+```
+Eg: IoTDB > remove 
'/Users/Desktop/data/data/root.vehicle/0/0/1575028885956-101-0.tsfile'
+```
+
+- 卸载TsFile文件到指定目录
+
+```
+Eg: IoTDB > unload 
'/Users/Desktop/data/data/root.vehicle/0/0/1575028885956-101-0.tsfile' 
'/data/data/tmp'
+```
+
+###### 统计
+
+- 统计存储组/节点数/设备/时间序列
+
+```
+Eg: IoTDB > count storage group
+Eg: IoTDB > count nodes root.** LEVEL=2
+Eg: IoTDB > count devices root.ln.**
+Eg: IoTDB > count timeseries root.**
+```
+
+###### 删除时间分区（实验性功能）
+
+- 删除时间分区（实验性功能）
+
+```
+Eg: IoTDB > DELETE PARTITION root.ln 0,1,2
+```
+
+###### 连续查询
+
+- 连续查询(CQ)
+
+```
+Eg: IoTDB > CREATE CONTINUOUS QUERY cq1 BEGIN SELECT max_value(temperature) 
INTO temperature_max FROM root.ln.*.* GROUP BY time(10s) END
+```
+
+###### 运维命令
+
+- FLUSH
+
+```
+Eg: IoTDB > flush
+```
+
+- MERGE
+
+```
+Eg: IoTDB > MERGE
+Eg: IoTDB > FULL MERGE
+```
+
+- CLEAR CACHE
+
+```sql
+Eg: IoTDB > CLEAR CACHE
+```
+
+- SET STSTEM TO READONLY / WRITABLE
+
+```
+Eg: IoTDB > SET STSTEM TO READONLY / WRITABLE
+```
+
+- SCHEMA SNAPSHOT
+
+```sql
+Eg: IoTDB > CREATE SNAPSHOT FOR SCHEMA
+```
+
+- 查询终止
+
+```
+Eg: IoTDB > KILL QUERY 1
+```
+
+###### 水印工具
+
+- 为新用户施加水印
+
+```
+Eg: IoTDB > grant watermark_embedding to Alice
+```
+
+- 撤销水印
+
+```
+Eg: IoTDB > revoke watermark_embedding from Alice
+```

[iotdb] branch master updated: [IOTDB-3545] Add permission and SQL relation table in doc (#6369)

Reply via email to