This is an automated email from the ASF dual-hosted git repository.
HTHou pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/iotdb-docs.git
The following commit(s) were added to refs/heads/main by this push:
new 6e10d1de add datasync and authority in table sql manual (#1159)
6e10d1de is described below
commit 6e10d1deba54581e9d71af162f16eb87d2ea9a00
Author: leto-b <[email protected]>
AuthorDate: Thu Jun 11 14:08:16 2026 +0800
add datasync and authority in table sql manual (#1159)
---
src/.vuepress/sidebar/V2.0.x/en-Table.ts | 2 +
src/.vuepress/sidebar/V2.0.x/zh-Table.ts | 2 +
.../SQL-Manual/SQL-Authority-Management_apache.md | 378 +++++++++++++++++++++
.../SQL-Manual/SQL-Authority-Management_timecho.md | 378 +++++++++++++++++++++
.../Table/SQL-Manual/SQL-Data-Sync_apache.md | 240 +++++++++++++
.../Table/SQL-Manual/SQL-Data-Sync_timecho.md | 321 +++++++++++++++++
.../SQL-Manual/SQL-Authority-Management_apache.md | 378 +++++++++++++++++++++
.../SQL-Manual/SQL-Authority-Management_timecho.md | 378 +++++++++++++++++++++
.../SQL-Manual/SQL-Data-Sync_apache.md | 240 +++++++++++++
.../SQL-Manual/SQL-Data-Sync_timecho.md | 321 +++++++++++++++++
.../SQL-Manual/SQL-Authority-Management_apache.md | 371 ++++++++++++++++++++
.../SQL-Manual/SQL-Authority-Management_timecho.md | 377 ++++++++++++++++++++
.../Table/SQL-Manual/SQL-Data-Sync_apache.md | 239 +++++++++++++
.../Table/SQL-Manual/SQL-Data-Sync_timecho.md | 320 +++++++++++++++++
.../SQL-Manual/SQL-Authority-Management_apache.md | 371 ++++++++++++++++++++
.../SQL-Manual/SQL-Authority-Management_timecho.md | 377 ++++++++++++++++++++
.../SQL-Manual/SQL-Data-Sync_apache.md | 239 +++++++++++++
.../SQL-Manual/SQL-Data-Sync_timecho.md | 320 +++++++++++++++++
18 files changed, 5252 insertions(+)
diff --git a/src/.vuepress/sidebar/V2.0.x/en-Table.ts
b/src/.vuepress/sidebar/V2.0.x/en-Table.ts
index 850e77f6..8a4fb24c 100644
--- a/src/.vuepress/sidebar/V2.0.x/en-Table.ts
+++ b/src/.vuepress/sidebar/V2.0.x/en-Table.ts
@@ -239,6 +239,8 @@ export const enSidebar = {
{ text: 'Set Operations', link: 'Set-Operations_apache' },
],
},
+ { text: 'Data Sync', link: 'SQL-Data-Sync_apache' },
+ { text: 'Authority Management', link:
'SQL-Authority-Management_apache' },
{ text: 'Maintenance Statements', link:
'SQL-Maintenance-Statements_apache' },
{ text: 'Identifier', link: 'Identifier' },
{ text: 'Keywords', link: 'Keywords' },
diff --git a/src/.vuepress/sidebar/V2.0.x/zh-Table.ts
b/src/.vuepress/sidebar/V2.0.x/zh-Table.ts
index e4b1ce05..96e73b14 100644
--- a/src/.vuepress/sidebar/V2.0.x/zh-Table.ts
+++ b/src/.vuepress/sidebar/V2.0.x/zh-Table.ts
@@ -238,6 +238,8 @@ export const zhSidebar = {
{ text: '集合操作', link: 'Set-Operations_apache' },
],
},
+ { text: '数据同步', link: 'SQL-Data-Sync_apache' },
+ { text: '权限管理', link: 'SQL-Authority-Management_apache' },
{ text: '运维语句', link: 'SQL-Maintenance-Statements_apache' },
{ text: '标识符', link: 'Identifier' },
{ text: '保留字&关键字', link: 'Keywords' },
diff --git
a/src/UserGuide/Master/Table/SQL-Manual/SQL-Authority-Management_apache.md
b/src/UserGuide/Master/Table/SQL-Manual/SQL-Authority-Management_apache.md
new file mode 100644
index 00000000..8b95ff03
--- /dev/null
+++ b/src/UserGuide/Master/Table/SQL-Manual/SQL-Authority-Management_apache.md
@@ -0,0 +1,378 @@
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+-->
+
+# Authority Management
+
+This document is the SQL manual for authority management starting from version
V2.0.7. For detailed function usage, see [Authority
Management](../User-Manual/Authority-Management-Upgrade_apache.md). For an
introduction to authority management functions before version V2.0.7, refer to
[Authority Management](../User-Manual/Authority-Management_apache.md)
+
+## 1. Privilege List
+
+<table>
+ <tbody>
+ <tr>
+ <th>Privilege Type</th>
+ <th>Privilege Name</th>
+ <th>Scope of Effect</th>
+ <th>Description</th>
+ </tr>
+ <!-- Global Privileges - SYSTEM -->
+ <tr>
+ <td rowspan="17">Global Privileges</td>
+ <td rowspan="6">SYSTEM</td>
+ <td rowspan="6">Global</td>
+ <td>Allows users to create, modify, and delete databases.</td>
+ </tr>
+ <tr>
+ <td>Allows users to create, modify, and delete tables and table
views.</td>
+ </tr>
+ <tr>
+ <td>Allows users to create, delete, and view user-defined functions.</td>
+ </tr>
+ <tr>
+ <td>Allows users to create, start, stop, delete, and view PIPEs. Allows
users to create, delete, and view PIPEPLUGINS.</td>
+ </tr>
+ <tr>
+ <td>Allows users to query and cancel queries. Allows users to view
variables. Allows users to view cluster status.</td>
+ </tr>
+ <tr>
+ <td>Allows users to create, delete, and view deep learning models.</td>
+ </tr>
+ <!-- Global Privileges - SECURITY -->
+ <tr>
+ <td rowspan="10">SECURITY</td>
+ <td rowspan="10">Global</td>
+ <td>Allows users to create users.</td>
+ </tr>
+ <tr>
+ <td>Allows users to delete users.</td>
+ </tr>
+ <tr>
+ <td>Allows users to modify user passwords.</td>
+ </tr>
+ <tr>
+ <td>Allows users to view user privilege information.</td>
+ </tr>
+ <tr>
+ <td>Allows users to list all users.</td>
+ </tr>
+ <tr>
+ <td>Allows users to create roles.</td>
+ </tr>
+ <tr>
+ <td>Allows users to delete roles.</td>
+ </tr>
+ <tr>
+ <td>Allows users to view role privilege information.</td>
+ </tr>
+ <tr>
+ <td>Allows users to grant a role to a user or revoke it.</td>
+ </tr>
+ <tr>
+ <td>Allows users to list all roles.</td>
+ </tr>
+ <!-- Global Privileges - AUDIT -->
+ <tr>
+ <td>AUDIT</td>
+ <td>Global</td>
+ <td>Allows users to maintain audit log rules and view audit logs.</td>
+ </tr>
+ <!-- Data Privileges - CREATE -->
+ <tr>
+ <td rowspan="15">Data Privileges</td>
+ <td rowspan="3">CREATE</td>
+ <td>ANY</td>
+ <td>Allows creating any table and any database.</td>
+ </tr>
+ <tr>
+ <td>Database</td>
+ <td>Allows users to create tables under this database; allows users to
create a database with this name.</td>
+ </tr>
+ <tr>
+ <td>Table</td>
+ <td>Allows users to create a table with this name.</td>
+ </tr>
+ <!-- Data Privileges - ALTER -->
+ <tr>
+ <td rowspan="3">ALTER</td>
+ <td>ANY</td>
+ <td>Allows modifying the definition of any table and any database.</td>
+ </tr>
+ <tr>
+ <td>Database</td>
+ <td>Allows users to modify the definition of a database and the
definitions of tables under that database.</td>
+ </tr>
+ <tr>
+ <td>Table</td>
+ <td>Allows users to modify the definition of a table.</td>
+ </tr>
+ <!-- Data Privileges - SELECT -->
+ <tr>
+ <td rowspan="3">SELECT</td>
+ <td>ANY</td>
+ <td>Allows querying data from any table in any database in the
system.</td>
+ </tr>
+ <tr>
+ <td>Database</td>
+ <td>Allows users to query data from any table in this database.</td>
+ </tr>
+ <tr>
+ <td>Table</td>
+ <td>Allows users to query data in this table. When executing multi-table
queries, the database only displays data that the user has permission to
access.</td>
+ </tr>
+ <!-- Data Privileges - INSERT -->
+ <tr>
+ <td rowspan="3">INSERT</td>
+ <td>ANY</td>
+ <td>Allows inserting/updating data into any table in any database.</td>
+ </tr>
+ <tr>
+ <td>Database</td>
+ <td>Allows users to insert/update data into any table within the scope
of this database.</td>
+ </tr>
+ <tr>
+ <td>Table</td>
+ <td>Allows users to insert/update data into this table.</td>
+ </tr>
+ <!-- Data Privileges - DELETE -->
+ <tr>
+ <td rowspan="3">DELETE</td>
+ <td>ANY</td>
+ <td>Allows deleting data from any table.</td>
+ </tr>
+ <tr>
+ <td>Database</td>
+ <td>Allows users to delete data within the scope of this database.</td>
+ </tr>
+ <tr>
+ <td>Table</td>
+ <td>Allows users to delete data from this table.</td>
+ </tr>
+ </tbody>
+</table>
+
+## 2. SQL Statements
+
+### 2.1 User and Role Management
+
+1. Create User (Requires SECURITY privilege)
+
+```SQL
+CREATE USER <USERNAME> <PASSWORD>
+eg: CREATE USER user1 'passwd';
+```
+
+2. Change Password
+
+Users can change their own passwords, but changing other users' passwords
requires the SECURITY privilege.
+
+```SQL
+ALTER USER <USERNAME> SET PASSWORD <password>
+eg: ALTER USER tempuser SET PASSWORD 'newpwd';
+```
+
+3. Drop User (Requires SECURITY privilege)
+
+```SQL
+DROP USER <USERNAME>
+eg: DROP USER user1;
+```
+
+4. Create Role (Requires SECURITY privilege)
+
+```SQL
+CREATE ROLE <ROLENAME>
+eg: CREATE ROLE role1;
+```
+
+5. Drop Role (Requires SECURITY privilege)
+
+```SQL
+DROP ROLE <ROLENAME>
+eg: DROP ROLE role1;
+```
+
+6. Grant Role to User (Requires SECURITY privilege)
+
+```SQL
+GRANT ROLE <ROLENAME> TO <USERNAME>
+eg: GRANT ROLE admin TO user1;
+```
+
+7. Revoke Role from User (Requires SECURITY privilege)
+
+```SQL
+REVOKE ROLE <ROLENAME> FROM <USERNAME>
+eg: REVOKE ROLE admin FROM user1;
+```
+
+8. List All Users (Requires SECURITY privilege)
+
+```SQL
+LIST USER;
+```
+
+9. List All Roles (Requires SECURITY privilege)
+
+```SQL
+LIST ROLE;
+```
+
+10. List All Users Under a Specified Role (Requires SECURITY privilege)
+
+```SQL
+LIST USER OF ROLE <ROLENAME>
+eg: LIST USER OF ROLE roleuser;
+```
+
+11. List All Roles of a Specified User
+
+Users can list their own roles, but listing other users' roles requires the
SECURITY privilege.
+
+```SQL
+LIST ROLE OF USER <USERNAME>
+eg: LIST ROLE OF USER tempuser;
+```
+
+12. List All Privileges of a User
+
+Users can list their own privilege information, but listing other users'
privileges requires the SECURITY privilege.
+
+```SQL
+LIST PRIVILEGES OF USER <USERNAME>
+eg: LIST PRIVILEGES OF USER tempuser;
+```
+
+13. List All Privileges of a Role
+
+Users can list the privilege information of roles they possess, but listing
other roles' privileges requires the SECURITY privilege.
+
+```SQL
+LIST PRIVILEGES OF ROLE <ROLENAME>
+eg: LIST PRIVILEGES OF ROLE actor;
+```
+
+### 2.2 Privilege Management
+
+#### 2.2.1 Grant Privileges
+
+1. Grant user management privileges to a user
+
+```SQL
+GRANT SECURITY TO USER <USERNAME>
+eg: GRANT SECURITY TO USER TEST_USER;
+```
+
+2. Grant a user the privilege to create databases and create tables within the
database scope, and allow the user to manage privileges within that scope
+
+```SQL
+GRANT CREATE ON DATABASE <DATABASE> TO USER <USERNAME> WITH GRANT OPTION
+eg: GRANT CREATE ON DATABASE TESTDB TO USER TEST_USER WITH GRANT OPTION;
+```
+
+3. Grant a role the privilege to query a database
+
+```SQL
+GRANT SELECT ON DATABASE <DATABASE> TO ROLE <ROLENAME>
+eg: GRANT SELECT ON DATABASE TESTDB TO ROLE TEST_ROLE;
+```
+
+4. Grant a user the privilege to query a table
+
+```SQL
+GRANT SELECT ON <DATABASE>.<TABLENAME> TO USER <USERNAME>
+eg: GRANT SELECT ON TESTDB.TESTTABLE TO USER TEST_USER;
+```
+
+5. Grant a role the privilege to query all databases and tables
+
+```SQL
+GRANT SELECT ON ANY TO ROLE <ROLENAME>
+eg: GRANT SELECT ON ANY TO ROLE TEST_ROLE;
+```
+
+6. ALL Syntax Sugar: ALL represents all privileges within the object scope.
You can use the ALL field to flexibly grant privileges.
+
+```SQL
+GRANT ALL TO USER TESTUSER;
+-- Grants all privileges available to the user, including global privileges
and all data privileges in the ANY scope
+
+GRANT ALL ON ANY TO USER TESTUSER;
+-- Grants all data privileges available in the ANY scope to the user. After
executing this statement, the user will have all data privileges on all
databases
+
+GRANT ALL ON DATABASE TESTDB TO USER TESTUSER;
+-- Grants all data privileges available in the DB scope to the user. After
executing this statement, the user will have all data privileges on this
database
+
+GRANT ALL ON TABLE TESTTABLE TO USER TESTUSER;
+-- Grants all data privileges available in the TABLE scope to the user. After
executing this statement, the user will have all data privileges on this table
+```
+
+#### 2.2.2 Revoke Privileges
+
+1. Revoke user management privileges from a user
+
+```SQL
+REVOKE SECURITY FROM USER <USERNAME>
+eg: REVOKE SECURITY FROM USER TEST_USER;
+```
+
+2. Revoke a user's privilege to create databases and create tables within the
database scope
+
+```SQL
+REVOKE CREATE ON DATABASE <DATABASE> FROM USER <USERNAME>
+eg: REVOKE CREATE ON DATABASE TEST_DB FROM USER TEST_USER;
+```
+
+3. Revoke a user's privilege to query a table
+
+```SQL
+REVOKE SELECT ON <DATABASE>.<TABLENAME> FROM USER <USERNAME>
+eg: REVOKE SELECT ON TESTDB.TESTTABLE FROM USER TEST_USER;
+```
+
+4. Revoke a user's privilege to query all databases and tables
+
+```SQL
+REVOKE SELECT ON ANY FROM USER <USERNAME>
+eg: REVOKE SELECT ON ANY FROM USER TEST_USER;
+```
+
+5. ALL Syntax Sugar: ALL represents all privileges within the object scope.
You can use the ALL field to flexibly revoke privileges.
+
+```SQL
+REVOKE ALL FROM USER TESTUSER;
+-- Revokes all global privileges and all data privileges in the ANY scope from
the user
+
+REVOKE ALL ON ANY FROM USER TESTUSER;
+-- Revokes all data privileges in the ANY scope from the user, and does not
affect DB-scope and TABLE-scope privileges
+
+REVOKE ALL ON DATABASE TESTDB FROM USER TESTUSER;
+-- Revokes all data privileges on the DB from the user, and does not affect
TABLE privileges
+
+REVOKE ALL ON TABLE TESTDB FROM USER TESTUSER;
+-- Revokes all data privileges on the TABLE from the user
+```
+
+#### 2.2.3 View User Privileges
+
+```SQL
+LIST PRIVILEGES OF USER <USERNAME>
+eg: LIST PRIVILEGES OF USER tempuser
+```
\ No newline at end of file
diff --git
a/src/UserGuide/Master/Table/SQL-Manual/SQL-Authority-Management_timecho.md
b/src/UserGuide/Master/Table/SQL-Manual/SQL-Authority-Management_timecho.md
new file mode 100644
index 00000000..3528a5f3
--- /dev/null
+++ b/src/UserGuide/Master/Table/SQL-Manual/SQL-Authority-Management_timecho.md
@@ -0,0 +1,378 @@
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+-->
+
+# Authority Management
+
+This document is the SQL manual for authority management starting from version
V2.0.7. For detailed function usage, see [Authority
Management](../User-Manual/Authority-Management-Upgrade_timecho.md). For an
introduction to authority management functions before version V2.0.7, refer to
[Authority Management](../User-Manual/Authority-Management_timecho.md)
+
+## 1. Privilege List
+
+<table>
+ <tbody>
+ <tr>
+ <th>Privilege Type</th>
+ <th>Privilege Name</th>
+ <th>Scope of Effect</th>
+ <th>Description</th>
+ </tr>
+ <!-- Global Privileges - SYSTEM -->
+ <tr>
+ <td rowspan="17">Global Privileges</td>
+ <td rowspan="6">SYSTEM</td>
+ <td rowspan="6">Global</td>
+ <td>Allows users to create, modify, and delete databases.</td>
+ </tr>
+ <tr>
+ <td>Allows users to create, modify, and delete tables and table
views.</td>
+ </tr>
+ <tr>
+ <td>Allows users to create, delete, and view user-defined functions.</td>
+ </tr>
+ <tr>
+ <td>Allows users to create, start, stop, delete, and view PIPEs. Allows
users to create, delete, and view PIPEPLUGINS.</td>
+ </tr>
+ <tr>
+ <td>Allows users to query and cancel queries. Allows users to view
variables. Allows users to view cluster status.</td>
+ </tr>
+ <tr>
+ <td>Allows users to create, delete, and view deep learning models.</td>
+ </tr>
+ <!-- Global Privileges - SECURITY -->
+ <tr>
+ <td rowspan="10">SECURITY</td>
+ <td rowspan="10">Global</td>
+ <td>Allows users to create users.</td>
+ </tr>
+ <tr>
+ <td>Allows users to delete users.</td>
+ </tr>
+ <tr>
+ <td>Allows users to modify user passwords.</td>
+ </tr>
+ <tr>
+ <td>Allows users to view user privilege information.</td>
+ </tr>
+ <tr>
+ <td>Allows users to list all users.</td>
+ </tr>
+ <tr>
+ <td>Allows users to create roles.</td>
+ </tr>
+ <tr>
+ <td>Allows users to delete roles.</td>
+ </tr>
+ <tr>
+ <td>Allows users to view role privilege information.</td>
+ </tr>
+ <tr>
+ <td>Allows users to grant a role to a user or revoke it.</td>
+ </tr>
+ <tr>
+ <td>Allows users to list all roles.</td>
+ </tr>
+ <!-- Global Privileges - AUDIT (New) -->
+ <tr>
+ <td>AUDIT</td>
+ <td>Global</td>
+ <td>Allows users to maintain audit log rules and view audit logs.</td>
+ </tr>
+ <!-- Data Privileges - CREATE -->
+ <tr>
+ <td rowspan="15">Data Privileges</td>
+ <td rowspan="3">CREATE</td>
+ <td>ANY</td>
+ <td>Allows creating any table and any database.</td>
+ </tr>
+ <tr>
+ <td>Database</td>
+ <td>Allows users to create tables under this database; allows users to
create a database with this name.</td>
+ </tr>
+ <tr>
+ <td>Table</td>
+ <td>Allows users to create a table with this name.</td>
+ </tr>
+ <!-- Data Privileges - ALTER -->
+ <tr>
+ <td rowspan="3">ALTER</td>
+ <td>ANY</td>
+ <td>Allows modifying the definition of any table and any database.</td>
+ </tr>
+ <tr>
+ <td>Database</td>
+ <td>Allows users to modify the definition of a database and the
definitions of tables under that database.</td>
+ </tr>
+ <tr>
+ <td>Table</td>
+ <td>Allows users to modify the definition of a table.</td>
+ </tr>
+ <!-- Data Privileges - SELECT -->
+ <tr>
+ <td rowspan="3">SELECT</td>
+ <td>ANY</td>
+ <td>Allows querying data from any table in any database in the
system.</td>
+ </tr>
+ <tr>
+ <td>Database</td>
+ <td>Allows users to query data from any table in this database.</td>
+ </tr>
+ <tr>
+ <td>Table</td>
+ <td>Allows users to query data in this table. When executing multi-table
queries, the database only displays data that the user has permission to
access.</td>
+ </tr>
+ <!-- Data Privileges - INSERT -->
+ <tr>
+ <td rowspan="3">INSERT</td>
+ <td>ANY</td>
+ <td>Allows inserting/updating data into any table in any database.</td>
+ </tr>
+ <tr>
+ <td>Database</td>
+ <td>Allows users to insert/update data into any table within the scope
of this database.</td>
+ </tr>
+ <tr>
+ <td>Table</td>
+ <td>Allows users to insert/update data into this table.</td>
+ </tr>
+ <!-- Data Privileges - DELETE -->
+ <tr>
+ <td rowspan="3">DELETE</td>
+ <td>ANY</td>
+ <td>Allows deleting data from any table.</td>
+ </tr>
+ <tr>
+ <td>Database</td>
+ <td>Allows users to delete data within the scope of this database.</td>
+ </tr>
+ <tr>
+ <td>Table</td>
+ <td>Allows users to delete data from this table.</td>
+ </tr>
+ </tbody>
+</table>
+
+## 2. SQL Statements
+
+### 2.1 User and Role Management
+
+1. Create User (Requires SECURITY privilege)
+
+```SQL
+CREATE USER <USERNAME> <PASSWORD>
+eg: CREATE USER user1 'Passwd@202604';
+```
+
+2. Change Password
+
+Users can change their own passwords, but changing other users' passwords
requires the SECURITY privilege.
+
+```SQL
+ALTER USER <USERNAME> SET PASSWORD <password>
+eg: ALTER USER tempuser SET PASSWORD 'Newpwd@202604';
+```
+
+3. Drop User (Requires SECURITY privilege)
+
+```SQL
+DROP USER <USERNAME>
+eg: DROP USER user1;
+```
+
+4. Create Role (Requires SECURITY privilege)
+
+```SQL
+CREATE ROLE <ROLENAME>
+eg: CREATE ROLE role1;
+```
+
+5. Drop Role (Requires SECURITY privilege)
+
+```SQL
+DROP ROLE <ROLENAME>
+eg: DROP ROLE role1;
+```
+
+6. Grant Role to User (Requires SECURITY privilege)
+
+```SQL
+GRANT ROLE <ROLENAME> TO <USERNAME>
+eg: GRANT ROLE admin TO user1;
+```
+
+7. Revoke Role from User (Requires SECURITY privilege)
+
+```SQL
+REVOKE ROLE <ROLENAME> FROM <USERNAME>
+eg: REVOKE ROLE admin FROM user1;
+```
+
+8. List All Users (Requires SECURITY privilege)
+
+```SQL
+LIST USER;
+```
+
+9. List All Roles (Requires SECURITY privilege)
+
+```SQL
+LIST ROLE;
+```
+
+10. List All Users Under a Specified Role (Requires SECURITY privilege)
+
+```SQL
+LIST USER OF ROLE <ROLENAME>
+eg: LIST USER OF ROLE roleuser;
+```
+
+11. List All Roles of a Specified User
+
+Users can list their own roles, but listing other users' roles requires the
SECURITY privilege.
+
+```SQL
+LIST ROLE OF USER <USERNAME>
+eg: LIST ROLE OF USER tempuser;
+```
+
+12. List All Privileges of a User
+
+Users can list their own privilege information, but listing other users'
privileges requires the SECURITY privilege.
+
+```SQL
+LIST PRIVILEGES OF USER <USERNAME>
+eg: LIST PRIVILEGES OF USER tempuser;
+```
+
+13. List All Privileges of a Role
+
+Users can list the privilege information of roles they possess, but listing
other roles' privileges requires the SECURITY privilege.
+
+```SQL
+LIST PRIVILEGES OF ROLE <ROLENAME>
+eg: LIST PRIVILEGES OF ROLE actor;
+```
+
+### 2.2 Privilege Management
+
+#### 2.2.1 Grant Privileges
+
+1. Grant user management privileges to a user
+
+```SQL
+GRANT SECURITY TO USER <USERNAME>
+eg: GRANT SECURITY TO USER TEST_USER;
+```
+
+2. Grant a user the privilege to create databases and create tables within the
database scope, and allow the user to manage privileges within that scope
+
+```SQL
+GRANT CREATE ON DATABASE <DATABASE> TO USER <USERNAME> WITH GRANT OPTION
+eg: GRANT CREATE ON DATABASE TESTDB TO USER TEST_USER WITH GRANT OPTION;
+```
+
+3. Grant a role the privilege to query a database
+
+```SQL
+GRANT SELECT ON DATABASE <DATABASE> TO ROLE <ROLENAME>
+eg: GRANT SELECT ON DATABASE TESTDB TO ROLE TEST_ROLE;
+```
+
+4. Grant a user the privilege to query a table
+
+```SQL
+GRANT SELECT ON <DATABASE>.<TABLENAME> TO USER <USERNAME>
+eg: GRANT SELECT ON TESTDB.TESTTABLE TO USER TEST_USER;
+```
+
+5. Grant a role the privilege to query all databases and tables
+
+```SQL
+GRANT SELECT ON ANY TO ROLE <ROLENAME>
+eg: GRANT SELECT ON ANY TO ROLE TEST_ROLE;
+```
+
+6. ALL Syntax Sugar: ALL represents all privileges within the object scope.
You can use the ALL field to flexibly grant privileges.
+
+```SQL
+GRANT ALL TO USER TESTUSER;
+-- Grants all privileges available to the user, including global privileges
and all data privileges in the ANY scope
+
+GRANT ALL ON ANY TO USER TESTUSER;
+-- Grants all data privileges available in the ANY scope to the user. After
executing this statement, the user will have all data privileges on all
databases
+
+GRANT ALL ON DATABASE TESTDB TO USER TESTUSER;
+-- Grants all data privileges available in the DB scope to the user. After
executing this statement, the user will have all data privileges on this
database
+
+GRANT ALL ON TABLE TESTTABLE TO USER TESTUSER;
+-- Grants all data privileges available in the TABLE scope to the user. After
executing this statement, the user will have all data privileges on this table
+```
+
+#### 2.2.2 Revoke Privileges
+
+1. Revoke user management privileges from a user
+
+```SQL
+REVOKE SECURITY FROM USER <USERNAME>
+eg: REVOKE SECURITY FROM USER TEST_USER;
+```
+
+2. Revoke a user's privilege to create databases and create tables within the
database scope
+
+```SQL
+REVOKE CREATE ON DATABASE <DATABASE> FROM USER <USERNAME>
+eg: REVOKE CREATE ON DATABASE TEST_DB FROM USER TEST_USER;
+```
+
+3. Revoke a user's privilege to query a table
+
+```SQL
+REVOKE SELECT ON <DATABASE>.<TABLENAME> FROM USER <USERNAME>
+eg: REVOKE SELECT ON TESTDB.TESTTABLE FROM USER TEST_USER;
+```
+
+4. Revoke a user's privilege to query all databases and tables
+
+```SQL
+REVOKE SELECT ON ANY FROM USER <USERNAME>
+eg: REVOKE SELECT ON ANY FROM USER TEST_USER;
+```
+
+5. ALL Syntax Sugar: ALL represents all privileges within the object scope.
You can use the ALL field to flexibly revoke privileges.
+
+```SQL
+REVOKE ALL FROM USER TESTUSER;
+-- Revokes all global privileges and all data privileges in the ANY scope from
the user
+
+REVOKE ALL ON ANY FROM USER TESTUSER;
+-- Revokes all data privileges in the ANY scope from the user, and does not
affect DB-scope and TABLE-scope privileges
+
+REVOKE ALL ON DATABASE TESTDB FROM USER TESTUSER;
+-- Revokes all data privileges on the DB from the user, and does not affect
TABLE privileges
+
+REVOKE ALL ON TABLE TESTDB FROM USER TESTUSER;
+-- Revokes all data privileges on the TABLE from the user
+```
+
+#### 2.2.3 View User Privileges
+
+```SQL
+LIST PRIVILEGES OF USER <USERNAME>
+eg: LIST PRIVILEGES OF USER tempuser
+```
\ No newline at end of file
diff --git a/src/UserGuide/Master/Table/SQL-Manual/SQL-Data-Sync_apache.md
b/src/UserGuide/Master/Table/SQL-Manual/SQL-Data-Sync_apache.md
new file mode 100644
index 00000000..d3365d40
--- /dev/null
+++ b/src/UserGuide/Master/Table/SQL-Manual/SQL-Data-Sync_apache.md
@@ -0,0 +1,240 @@
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+-->
+
+# Data Sync
+
+This document mainly contains the SQL statements for the data synchronization
function. For detailed function introduction and usage instructions, see [Data
Sync](../User-Manual/Data-Sync_apache.md)
+
+## 1. Create Task
+
+**Syntax:**
+
+```SQL
+CREATE PIPE [IF NOT EXISTS] <PipeId> -- PipeId is the name that uniquely
identifies the task
+-- Data extraction plugin, optional plugin
+WITH SOURCE (
+ [<parameter> = <value>,],
+)
+-- Data processing plugin, optional plugin
+WITH PROCESSOR (
+ [<parameter> = <value>,],
+)
+-- Data connection plugin, required plugin
+WITH SINK (
+ [<parameter> = <value>,],
+)
+```
+
+**Example 1: Full Data Synchronization**
+
+```SQL
+create pipe A2B
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6668',
+)
+```
+
+**Example 2: Partial Data Synchronization**
+
+```SQL
+create pipe A2B
+WITH SOURCE (
+ 'source'= 'iotdb-source',
+ 'mode.streaming' = 'true',
+ 'database-name'='db_b.*',
+ 'start-time' = '2023.08.23T08:00:00+00:00',
+ 'end-time' = '2023.10.23T08:00:00+00:00'
+)
+with SINK (
+ 'sink'='iotdb-thrift-async-sink',
+ 'node-urls' = '127.0.0.1:6668',
+)
+```
+
+**Example 3: Edge-Cloud Data Transmission**
+
+* Execute the following statement on IoTDB B to synchronize data from B to A
+
+```SQL
+create pipe BA
+with source (
+ 'database-name'='db_b.*',
+ 'table-name'='.*',
+)
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6667',
+)
+```
+
+* Execute the following statement on IoTDB C to synchronize data from C to A
+
+```SQL
+create pipe CA
+with source (
+ 'database-name'='db_c.*',
+ 'table-name'='.*',
+)
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6668',
+)
+```
+
+* Execute the following statement on IoTDB D to synchronize data from D to A
+
+```SQL
+create pipe DA
+with source (
+ 'database-name'='db_d.*',
+ 'table-name'='.*',
+)
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6669',
+)
+```
+
+**Example 4: Cascaded Data Transmission**
+
+* Execute the following statement on IoTDB A to synchronize data from A to B
+
+```SQL
+create pipe AB
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6668',
+)
+```
+
+* Execute the following statement on IoTDB B to synchronize data from B to C
+
+```SQL
+create pipe BC
+with source (
+)
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6669',
+)
+```
+
+**Example 5: Compressed Synchronization**
+
+```SQL
+create pipe A2B
+with sink (
+ 'node-urls' = '127.0.0.1:6668',
+ 'compressor' = 'snappy,lz4',
+ 'rate-limit-bytes-per-second'='1048576'
+)
+```
+
+**Example 6: Encrypted Synchronization**
+
+```SQL
+create pipe A2B
+with sink (
+ 'sink'='iotdb-thrift-ssl-sink',
+ 'node-urls'='127.0.0.1:6667',
+ 'ssl.trust-store-path'='pki/trusted',
+ 'ssl.trust-store-pwd'='root'
+)
+```
+
+## 2. Start Task
+
+**Syntax:**
+
+```SQL
+START PIPE <PipeId>
+```
+
+**Example:**
+
+```SQL
+START PIPE A2B
+```
+
+## 3. Stop Task
+
+**Syntax:**
+
+```SQL
+STOP PIPE <PipeId>
+```
+
+**Example:**
+
+```SQL
+STOP PIPE A2B
+```
+
+## 4. Drop Task
+
+**Syntax:**
+
+```SQL
+DROP PIPE [IF EXISTS] <PipeId>
+```
+
+**Example:**
+
+```SQL
+DROP PIPE IF EXISTS A2B
+```
+
+## 5. Show Tasks
+
+**Syntax:**
+
+```SQL
+-- Show all tasks
+SHOW PIPES
+-- Show a specific task
+SHOW PIPE <PipeId>
+```
+
+**Example:**
+
+```SQL
+SHOW PIPES
+
+SHOW PIPE A2B
+```
+
+## 6. Alter Task
+
+**Syntax:**
+
+```SQL
+ALTER PIPE [IF EXISTS] <PipeId>
+ MODIFY/REPLACE SOURCE(...)
+ MODIFY/REPLACE PROCESSOR(...)
+ MODIFY/REPLACE SINK(...)
+```
+
+**Example:**
+
+```SQL
+ALTER PIPE A2B REPLACE SINK ('sink'='iotdb-thrift-sink', 'node-urls' =
'127.0.0.1:6668');
+```
\ No newline at end of file
diff --git a/src/UserGuide/Master/Table/SQL-Manual/SQL-Data-Sync_timecho.md
b/src/UserGuide/Master/Table/SQL-Manual/SQL-Data-Sync_timecho.md
new file mode 100644
index 00000000..41eff7ee
--- /dev/null
+++ b/src/UserGuide/Master/Table/SQL-Manual/SQL-Data-Sync_timecho.md
@@ -0,0 +1,321 @@
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+-->
+
+# Data Sync
+
+This document mainly contains the SQL statements for the data synchronization
function. For detailed function introduction and usage instructions, see [Data
Sync](../User-Manual/Data-Sync_timecho.md)
+
+## 1. Create Task
+
+**Syntax:**
+
+```SQL
+CREATE PIPE [IF NOT EXISTS] <PipeId> -- PipeId is the name that uniquely
identifies the task
+-- Data extraction plugin, optional
+WITH SOURCE (
+ [<parameter> = <value>,],
+)
+-- Data processing plugin, optional
+WITH PROCESSOR (
+ [<parameter> = <value>,],
+)
+-- Data connection plugin, required
+WITH SINK (
+ [<parameter> = <value>,],
+)
+```
+
+**Example 1: Full Data Synchronization**
+
+```SQL
+create pipe A2B
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6668',
+)
+```
+
+**Example 2: Partial Data Synchronization**
+
+```SQL
+create pipe A2B
+WITH SOURCE (
+ 'source'= 'iotdb-source',
+ 'mode.streaming' = 'true',
+ 'database-name'='db_b.*',
+ 'start-time' = '2023.08.23T08:00:00+00:00',
+ 'end-time' = '2023.10.23T08:00:00+00:00'
+)
+with SINK (
+ 'sink'='iotdb-thrift-async-sink',
+ 'node-urls' = '127.0.0.1:6668',
+)
+```
+
+**Example 3: Bidirectional Data Transmission**
+
+* Execute the following statement on IoTDB A
+
+```SQL
+create pipe AB
+with source (
+ 'source.mode.double-living' ='true'
+)
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6668',
+)
+```
+
+* Execute the following statement on IoTDB B
+
+```SQL
+create pipe BA
+with source (
+ 'source.mode.double-living' ='true'
+)
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6667',
+)
+```
+
+**Example 4: Edge-Cloud Data Transmission**
+
+* Execute the following statement on IoTDB B to synchronize data from B to A
+
+```SQL
+create pipe BA
+with source (
+ 'database-name'='db_b.*',
+ 'table-name'='.*',
+)
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6667',
+)
+```
+
+* Execute the following statement on IoTDB C to synchronize data from C to A
+
+```SQL
+create pipe CA
+with source (
+ 'database-name'='db_c.*',
+ 'table-name'='.*',
+)
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6668',
+)
+```
+
+* Execute the following statement on IoTDB D to synchronize data from D to A
+
+```SQL
+create pipe DA
+with source (
+ 'database-name'='db_d.*',
+ 'table-name'='.*',
+)
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6669',
+)
+```
+
+**Example 5: Cascaded Data Transmission**
+
+* Execute the following statement on IoTDB A to synchronize data from A to B
+
+```SQL
+create pipe AB
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6668',
+)
+```
+
+* Execute the following statement on IoTDB B to synchronize data from B to C
+
+```SQL
+create pipe BC
+with source (
+)
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6669',
+)
+```
+
+**Example 6: Cross-Gap Data Transmission**
+
+```SQL
+create pipe A2B
+with sink (
+ 'sink'='iotdb-air-gap-sink',
+ 'node-urls' = '10.53.53.53:9780',
+)
+```
+
+**Example 7: Compressed Synchronization**
+
+```SQL
+create pipe A2B
+with sink (
+ 'node-urls' = '127.0.0.1:6668',
+ 'compressor' = 'snappy,lz4',
+ 'rate-limit-bytes-per-second'='1048576'
+)
+```
+
+**Example 8: Encrypted Synchronization**
+
+```SQL
+create pipe A2B
+with sink (
+ 'sink'='iotdb-thrift-ssl-sink',
+ 'node-urls'='127.0.0.1:6667',
+ 'ssl.trust-store-path'='pki/trusted',
+ 'ssl.trust-store-pwd'='root'
+)
+```
+
+**Example 9: Local Export of Object Type Data**
+
+```SQL
+CREATE PIPE tsfile_export_local
+WITH SOURCE (
+ 'source' = 'iotdb-source',
+ 'table-name' = 'test_table'
+)
+WITH PROCESSOR (
+ 'processor' = 'do-nothing-processor'
+)
+WITH SINK (
+ 'sink' = 'tsfile-local-sink',
+ 'sink.local.target-path' = '/data/backup/export_2024',
+ 'sink.rate-limit-bytes-per-second' = '10485760'
+);
+```
+
+**Example 10: Remote Transmission of Object Type Data**
+
+* This method requires pre-registration of the `tsfile_remote_sink` plugin
+
+```SQL
+CREATE PIPE tsfile_export_scp
+WITH SOURCE (
+ 'source' = 'iotdb-source',
+ 'table-name' = 'test_table'
+)
+WITH PROCESSOR (
+ 'processor' = 'do-nothing-processor'
+)
+WITH SINK (
+ 'sink' = 'tsfile_remote_sink',
+ 'sink.file-mode' = 'scp',
+ 'sink.scp.host' = '192.168.1.100',
+ 'sink.scp.port' = '22',
+ 'sink.scp.user' = 'backup_user',
+ 'sink.scp.password' = 'ComplexPass123!',
+ 'sink.scp.remote-path' = '/remote/archive/',
+ 'sink.rate-limit-bytes-per-second' = '10485760'
+);
+```
+
+## 2. Start Task
+
+**Syntax:**
+
+```SQL
+START PIPE <PipeId>
+```
+
+**Example:**
+
+```SQL
+START PIPE A2B
+```
+
+## 3. Stop Task
+
+**Syntax:**
+
+```SQL
+STOP PIPE <PipeId>
+```
+
+**Example:**
+
+```SQL
+STOP PIPE A2B
+```
+
+## 4. Drop Task
+
+**Syntax:**
+
+```SQL
+DROP PIPE [IF EXISTS] <PipeId>
+```
+
+**Example:**
+
+```SQL
+DROP PIPE IF EXISTS A2B
+```
+
+## 5. Show Tasks
+
+**Syntax:**
+
+```SQL
+-- Show all tasks
+SHOW PIPES
+-- Show a specific task
+SHOW PIPE <PipeId>
+```
+
+**Example:**
+
+```SQL
+SHOW PIPES
+
+SHOW PIPE A2B
+```
+
+## 6. Alter Task
+
+**Syntax:**
+
+```SQL
+ALTER PIPE [IF EXISTS] <PipeId>
+ MODIFY/REPLACE SOURCE(...)
+ MODIFY/REPLACE PROCESSOR(...)
+ MODIFY/REPLACE SINK(...)
+```
+
+**Example:**
+
+```SQL
+ALTER PIPE A2B REPLACE SINK ('sink'='iotdb-thrift-sink', 'node-urls' =
'127.0.0.1:6668');
+```
\ No newline at end of file
diff --git
a/src/UserGuide/latest-Table/SQL-Manual/SQL-Authority-Management_apache.md
b/src/UserGuide/latest-Table/SQL-Manual/SQL-Authority-Management_apache.md
new file mode 100644
index 00000000..8b95ff03
--- /dev/null
+++ b/src/UserGuide/latest-Table/SQL-Manual/SQL-Authority-Management_apache.md
@@ -0,0 +1,378 @@
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+-->
+
+# Authority Management
+
+This document is the SQL manual for authority management starting from version
V2.0.7. For detailed function usage, see [Authority
Management](../User-Manual/Authority-Management-Upgrade_apache.md). For an
introduction to authority management functions before version V2.0.7, refer to
[Authority Management](../User-Manual/Authority-Management_apache.md)
+
+## 1. Privilege List
+
+<table>
+ <tbody>
+ <tr>
+ <th>Privilege Type</th>
+ <th>Privilege Name</th>
+ <th>Scope of Effect</th>
+ <th>Description</th>
+ </tr>
+ <!-- Global Privileges - SYSTEM -->
+ <tr>
+ <td rowspan="17">Global Privileges</td>
+ <td rowspan="6">SYSTEM</td>
+ <td rowspan="6">Global</td>
+ <td>Allows users to create, modify, and delete databases.</td>
+ </tr>
+ <tr>
+ <td>Allows users to create, modify, and delete tables and table
views.</td>
+ </tr>
+ <tr>
+ <td>Allows users to create, delete, and view user-defined functions.</td>
+ </tr>
+ <tr>
+ <td>Allows users to create, start, stop, delete, and view PIPEs. Allows
users to create, delete, and view PIPEPLUGINS.</td>
+ </tr>
+ <tr>
+ <td>Allows users to query and cancel queries. Allows users to view
variables. Allows users to view cluster status.</td>
+ </tr>
+ <tr>
+ <td>Allows users to create, delete, and view deep learning models.</td>
+ </tr>
+ <!-- Global Privileges - SECURITY -->
+ <tr>
+ <td rowspan="10">SECURITY</td>
+ <td rowspan="10">Global</td>
+ <td>Allows users to create users.</td>
+ </tr>
+ <tr>
+ <td>Allows users to delete users.</td>
+ </tr>
+ <tr>
+ <td>Allows users to modify user passwords.</td>
+ </tr>
+ <tr>
+ <td>Allows users to view user privilege information.</td>
+ </tr>
+ <tr>
+ <td>Allows users to list all users.</td>
+ </tr>
+ <tr>
+ <td>Allows users to create roles.</td>
+ </tr>
+ <tr>
+ <td>Allows users to delete roles.</td>
+ </tr>
+ <tr>
+ <td>Allows users to view role privilege information.</td>
+ </tr>
+ <tr>
+ <td>Allows users to grant a role to a user or revoke it.</td>
+ </tr>
+ <tr>
+ <td>Allows users to list all roles.</td>
+ </tr>
+ <!-- Global Privileges - AUDIT -->
+ <tr>
+ <td>AUDIT</td>
+ <td>Global</td>
+ <td>Allows users to maintain audit log rules and view audit logs.</td>
+ </tr>
+ <!-- Data Privileges - CREATE -->
+ <tr>
+ <td rowspan="15">Data Privileges</td>
+ <td rowspan="3">CREATE</td>
+ <td>ANY</td>
+ <td>Allows creating any table and any database.</td>
+ </tr>
+ <tr>
+ <td>Database</td>
+ <td>Allows users to create tables under this database; allows users to
create a database with this name.</td>
+ </tr>
+ <tr>
+ <td>Table</td>
+ <td>Allows users to create a table with this name.</td>
+ </tr>
+ <!-- Data Privileges - ALTER -->
+ <tr>
+ <td rowspan="3">ALTER</td>
+ <td>ANY</td>
+ <td>Allows modifying the definition of any table and any database.</td>
+ </tr>
+ <tr>
+ <td>Database</td>
+ <td>Allows users to modify the definition of a database and the
definitions of tables under that database.</td>
+ </tr>
+ <tr>
+ <td>Table</td>
+ <td>Allows users to modify the definition of a table.</td>
+ </tr>
+ <!-- Data Privileges - SELECT -->
+ <tr>
+ <td rowspan="3">SELECT</td>
+ <td>ANY</td>
+ <td>Allows querying data from any table in any database in the
system.</td>
+ </tr>
+ <tr>
+ <td>Database</td>
+ <td>Allows users to query data from any table in this database.</td>
+ </tr>
+ <tr>
+ <td>Table</td>
+ <td>Allows users to query data in this table. When executing multi-table
queries, the database only displays data that the user has permission to
access.</td>
+ </tr>
+ <!-- Data Privileges - INSERT -->
+ <tr>
+ <td rowspan="3">INSERT</td>
+ <td>ANY</td>
+ <td>Allows inserting/updating data into any table in any database.</td>
+ </tr>
+ <tr>
+ <td>Database</td>
+ <td>Allows users to insert/update data into any table within the scope
of this database.</td>
+ </tr>
+ <tr>
+ <td>Table</td>
+ <td>Allows users to insert/update data into this table.</td>
+ </tr>
+ <!-- Data Privileges - DELETE -->
+ <tr>
+ <td rowspan="3">DELETE</td>
+ <td>ANY</td>
+ <td>Allows deleting data from any table.</td>
+ </tr>
+ <tr>
+ <td>Database</td>
+ <td>Allows users to delete data within the scope of this database.</td>
+ </tr>
+ <tr>
+ <td>Table</td>
+ <td>Allows users to delete data from this table.</td>
+ </tr>
+ </tbody>
+</table>
+
+## 2. SQL Statements
+
+### 2.1 User and Role Management
+
+1. Create User (Requires SECURITY privilege)
+
+```SQL
+CREATE USER <USERNAME> <PASSWORD>
+eg: CREATE USER user1 'passwd';
+```
+
+2. Change Password
+
+Users can change their own passwords, but changing other users' passwords
requires the SECURITY privilege.
+
+```SQL
+ALTER USER <USERNAME> SET PASSWORD <password>
+eg: ALTER USER tempuser SET PASSWORD 'newpwd';
+```
+
+3. Drop User (Requires SECURITY privilege)
+
+```SQL
+DROP USER <USERNAME>
+eg: DROP USER user1;
+```
+
+4. Create Role (Requires SECURITY privilege)
+
+```SQL
+CREATE ROLE <ROLENAME>
+eg: CREATE ROLE role1;
+```
+
+5. Drop Role (Requires SECURITY privilege)
+
+```SQL
+DROP ROLE <ROLENAME>
+eg: DROP ROLE role1;
+```
+
+6. Grant Role to User (Requires SECURITY privilege)
+
+```SQL
+GRANT ROLE <ROLENAME> TO <USERNAME>
+eg: GRANT ROLE admin TO user1;
+```
+
+7. Revoke Role from User (Requires SECURITY privilege)
+
+```SQL
+REVOKE ROLE <ROLENAME> FROM <USERNAME>
+eg: REVOKE ROLE admin FROM user1;
+```
+
+8. List All Users (Requires SECURITY privilege)
+
+```SQL
+LIST USER;
+```
+
+9. List All Roles (Requires SECURITY privilege)
+
+```SQL
+LIST ROLE;
+```
+
+10. List All Users Under a Specified Role (Requires SECURITY privilege)
+
+```SQL
+LIST USER OF ROLE <ROLENAME>
+eg: LIST USER OF ROLE roleuser;
+```
+
+11. List All Roles of a Specified User
+
+Users can list their own roles, but listing other users' roles requires the
SECURITY privilege.
+
+```SQL
+LIST ROLE OF USER <USERNAME>
+eg: LIST ROLE OF USER tempuser;
+```
+
+12. List All Privileges of a User
+
+Users can list their own privilege information, but listing other users'
privileges requires the SECURITY privilege.
+
+```SQL
+LIST PRIVILEGES OF USER <USERNAME>
+eg: LIST PRIVILEGES OF USER tempuser;
+```
+
+13. List All Privileges of a Role
+
+Users can list the privilege information of roles they possess, but listing
other roles' privileges requires the SECURITY privilege.
+
+```SQL
+LIST PRIVILEGES OF ROLE <ROLENAME>
+eg: LIST PRIVILEGES OF ROLE actor;
+```
+
+### 2.2 Privilege Management
+
+#### 2.2.1 Grant Privileges
+
+1. Grant user management privileges to a user
+
+```SQL
+GRANT SECURITY TO USER <USERNAME>
+eg: GRANT SECURITY TO USER TEST_USER;
+```
+
+2. Grant a user the privilege to create databases and create tables within the
database scope, and allow the user to manage privileges within that scope
+
+```SQL
+GRANT CREATE ON DATABASE <DATABASE> TO USER <USERNAME> WITH GRANT OPTION
+eg: GRANT CREATE ON DATABASE TESTDB TO USER TEST_USER WITH GRANT OPTION;
+```
+
+3. Grant a role the privilege to query a database
+
+```SQL
+GRANT SELECT ON DATABASE <DATABASE> TO ROLE <ROLENAME>
+eg: GRANT SELECT ON DATABASE TESTDB TO ROLE TEST_ROLE;
+```
+
+4. Grant a user the privilege to query a table
+
+```SQL
+GRANT SELECT ON <DATABASE>.<TABLENAME> TO USER <USERNAME>
+eg: GRANT SELECT ON TESTDB.TESTTABLE TO USER TEST_USER;
+```
+
+5. Grant a role the privilege to query all databases and tables
+
+```SQL
+GRANT SELECT ON ANY TO ROLE <ROLENAME>
+eg: GRANT SELECT ON ANY TO ROLE TEST_ROLE;
+```
+
+6. ALL Syntax Sugar: ALL represents all privileges within the object scope.
You can use the ALL field to flexibly grant privileges.
+
+```SQL
+GRANT ALL TO USER TESTUSER;
+-- Grants all privileges available to the user, including global privileges
and all data privileges in the ANY scope
+
+GRANT ALL ON ANY TO USER TESTUSER;
+-- Grants all data privileges available in the ANY scope to the user. After
executing this statement, the user will have all data privileges on all
databases
+
+GRANT ALL ON DATABASE TESTDB TO USER TESTUSER;
+-- Grants all data privileges available in the DB scope to the user. After
executing this statement, the user will have all data privileges on this
database
+
+GRANT ALL ON TABLE TESTTABLE TO USER TESTUSER;
+-- Grants all data privileges available in the TABLE scope to the user. After
executing this statement, the user will have all data privileges on this table
+```
+
+#### 2.2.2 Revoke Privileges
+
+1. Revoke user management privileges from a user
+
+```SQL
+REVOKE SECURITY FROM USER <USERNAME>
+eg: REVOKE SECURITY FROM USER TEST_USER;
+```
+
+2. Revoke a user's privilege to create databases and create tables within the
database scope
+
+```SQL
+REVOKE CREATE ON DATABASE <DATABASE> FROM USER <USERNAME>
+eg: REVOKE CREATE ON DATABASE TEST_DB FROM USER TEST_USER;
+```
+
+3. Revoke a user's privilege to query a table
+
+```SQL
+REVOKE SELECT ON <DATABASE>.<TABLENAME> FROM USER <USERNAME>
+eg: REVOKE SELECT ON TESTDB.TESTTABLE FROM USER TEST_USER;
+```
+
+4. Revoke a user's privilege to query all databases and tables
+
+```SQL
+REVOKE SELECT ON ANY FROM USER <USERNAME>
+eg: REVOKE SELECT ON ANY FROM USER TEST_USER;
+```
+
+5. ALL Syntax Sugar: ALL represents all privileges within the object scope.
You can use the ALL field to flexibly revoke privileges.
+
+```SQL
+REVOKE ALL FROM USER TESTUSER;
+-- Revokes all global privileges and all data privileges in the ANY scope from
the user
+
+REVOKE ALL ON ANY FROM USER TESTUSER;
+-- Revokes all data privileges in the ANY scope from the user, and does not
affect DB-scope and TABLE-scope privileges
+
+REVOKE ALL ON DATABASE TESTDB FROM USER TESTUSER;
+-- Revokes all data privileges on the DB from the user, and does not affect
TABLE privileges
+
+REVOKE ALL ON TABLE TESTDB FROM USER TESTUSER;
+-- Revokes all data privileges on the TABLE from the user
+```
+
+#### 2.2.3 View User Privileges
+
+```SQL
+LIST PRIVILEGES OF USER <USERNAME>
+eg: LIST PRIVILEGES OF USER tempuser
+```
\ No newline at end of file
diff --git
a/src/UserGuide/latest-Table/SQL-Manual/SQL-Authority-Management_timecho.md
b/src/UserGuide/latest-Table/SQL-Manual/SQL-Authority-Management_timecho.md
new file mode 100644
index 00000000..3528a5f3
--- /dev/null
+++ b/src/UserGuide/latest-Table/SQL-Manual/SQL-Authority-Management_timecho.md
@@ -0,0 +1,378 @@
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+-->
+
+# Authority Management
+
+This document is the SQL manual for authority management starting from version
V2.0.7. For detailed function usage, see [Authority
Management](../User-Manual/Authority-Management-Upgrade_timecho.md). For an
introduction to authority management functions before version V2.0.7, refer to
[Authority Management](../User-Manual/Authority-Management_timecho.md)
+
+## 1. Privilege List
+
+<table>
+ <tbody>
+ <tr>
+ <th>Privilege Type</th>
+ <th>Privilege Name</th>
+ <th>Scope of Effect</th>
+ <th>Description</th>
+ </tr>
+ <!-- Global Privileges - SYSTEM -->
+ <tr>
+ <td rowspan="17">Global Privileges</td>
+ <td rowspan="6">SYSTEM</td>
+ <td rowspan="6">Global</td>
+ <td>Allows users to create, modify, and delete databases.</td>
+ </tr>
+ <tr>
+ <td>Allows users to create, modify, and delete tables and table
views.</td>
+ </tr>
+ <tr>
+ <td>Allows users to create, delete, and view user-defined functions.</td>
+ </tr>
+ <tr>
+ <td>Allows users to create, start, stop, delete, and view PIPEs. Allows
users to create, delete, and view PIPEPLUGINS.</td>
+ </tr>
+ <tr>
+ <td>Allows users to query and cancel queries. Allows users to view
variables. Allows users to view cluster status.</td>
+ </tr>
+ <tr>
+ <td>Allows users to create, delete, and view deep learning models.</td>
+ </tr>
+ <!-- Global Privileges - SECURITY -->
+ <tr>
+ <td rowspan="10">SECURITY</td>
+ <td rowspan="10">Global</td>
+ <td>Allows users to create users.</td>
+ </tr>
+ <tr>
+ <td>Allows users to delete users.</td>
+ </tr>
+ <tr>
+ <td>Allows users to modify user passwords.</td>
+ </tr>
+ <tr>
+ <td>Allows users to view user privilege information.</td>
+ </tr>
+ <tr>
+ <td>Allows users to list all users.</td>
+ </tr>
+ <tr>
+ <td>Allows users to create roles.</td>
+ </tr>
+ <tr>
+ <td>Allows users to delete roles.</td>
+ </tr>
+ <tr>
+ <td>Allows users to view role privilege information.</td>
+ </tr>
+ <tr>
+ <td>Allows users to grant a role to a user or revoke it.</td>
+ </tr>
+ <tr>
+ <td>Allows users to list all roles.</td>
+ </tr>
+ <!-- Global Privileges - AUDIT (New) -->
+ <tr>
+ <td>AUDIT</td>
+ <td>Global</td>
+ <td>Allows users to maintain audit log rules and view audit logs.</td>
+ </tr>
+ <!-- Data Privileges - CREATE -->
+ <tr>
+ <td rowspan="15">Data Privileges</td>
+ <td rowspan="3">CREATE</td>
+ <td>ANY</td>
+ <td>Allows creating any table and any database.</td>
+ </tr>
+ <tr>
+ <td>Database</td>
+ <td>Allows users to create tables under this database; allows users to
create a database with this name.</td>
+ </tr>
+ <tr>
+ <td>Table</td>
+ <td>Allows users to create a table with this name.</td>
+ </tr>
+ <!-- Data Privileges - ALTER -->
+ <tr>
+ <td rowspan="3">ALTER</td>
+ <td>ANY</td>
+ <td>Allows modifying the definition of any table and any database.</td>
+ </tr>
+ <tr>
+ <td>Database</td>
+ <td>Allows users to modify the definition of a database and the
definitions of tables under that database.</td>
+ </tr>
+ <tr>
+ <td>Table</td>
+ <td>Allows users to modify the definition of a table.</td>
+ </tr>
+ <!-- Data Privileges - SELECT -->
+ <tr>
+ <td rowspan="3">SELECT</td>
+ <td>ANY</td>
+ <td>Allows querying data from any table in any database in the
system.</td>
+ </tr>
+ <tr>
+ <td>Database</td>
+ <td>Allows users to query data from any table in this database.</td>
+ </tr>
+ <tr>
+ <td>Table</td>
+ <td>Allows users to query data in this table. When executing multi-table
queries, the database only displays data that the user has permission to
access.</td>
+ </tr>
+ <!-- Data Privileges - INSERT -->
+ <tr>
+ <td rowspan="3">INSERT</td>
+ <td>ANY</td>
+ <td>Allows inserting/updating data into any table in any database.</td>
+ </tr>
+ <tr>
+ <td>Database</td>
+ <td>Allows users to insert/update data into any table within the scope
of this database.</td>
+ </tr>
+ <tr>
+ <td>Table</td>
+ <td>Allows users to insert/update data into this table.</td>
+ </tr>
+ <!-- Data Privileges - DELETE -->
+ <tr>
+ <td rowspan="3">DELETE</td>
+ <td>ANY</td>
+ <td>Allows deleting data from any table.</td>
+ </tr>
+ <tr>
+ <td>Database</td>
+ <td>Allows users to delete data within the scope of this database.</td>
+ </tr>
+ <tr>
+ <td>Table</td>
+ <td>Allows users to delete data from this table.</td>
+ </tr>
+ </tbody>
+</table>
+
+## 2. SQL Statements
+
+### 2.1 User and Role Management
+
+1. Create User (Requires SECURITY privilege)
+
+```SQL
+CREATE USER <USERNAME> <PASSWORD>
+eg: CREATE USER user1 'Passwd@202604';
+```
+
+2. Change Password
+
+Users can change their own passwords, but changing other users' passwords
requires the SECURITY privilege.
+
+```SQL
+ALTER USER <USERNAME> SET PASSWORD <password>
+eg: ALTER USER tempuser SET PASSWORD 'Newpwd@202604';
+```
+
+3. Drop User (Requires SECURITY privilege)
+
+```SQL
+DROP USER <USERNAME>
+eg: DROP USER user1;
+```
+
+4. Create Role (Requires SECURITY privilege)
+
+```SQL
+CREATE ROLE <ROLENAME>
+eg: CREATE ROLE role1;
+```
+
+5. Drop Role (Requires SECURITY privilege)
+
+```SQL
+DROP ROLE <ROLENAME>
+eg: DROP ROLE role1;
+```
+
+6. Grant Role to User (Requires SECURITY privilege)
+
+```SQL
+GRANT ROLE <ROLENAME> TO <USERNAME>
+eg: GRANT ROLE admin TO user1;
+```
+
+7. Revoke Role from User (Requires SECURITY privilege)
+
+```SQL
+REVOKE ROLE <ROLENAME> FROM <USERNAME>
+eg: REVOKE ROLE admin FROM user1;
+```
+
+8. List All Users (Requires SECURITY privilege)
+
+```SQL
+LIST USER;
+```
+
+9. List All Roles (Requires SECURITY privilege)
+
+```SQL
+LIST ROLE;
+```
+
+10. List All Users Under a Specified Role (Requires SECURITY privilege)
+
+```SQL
+LIST USER OF ROLE <ROLENAME>
+eg: LIST USER OF ROLE roleuser;
+```
+
+11. List All Roles of a Specified User
+
+Users can list their own roles, but listing other users' roles requires the
SECURITY privilege.
+
+```SQL
+LIST ROLE OF USER <USERNAME>
+eg: LIST ROLE OF USER tempuser;
+```
+
+12. List All Privileges of a User
+
+Users can list their own privilege information, but listing other users'
privileges requires the SECURITY privilege.
+
+```SQL
+LIST PRIVILEGES OF USER <USERNAME>
+eg: LIST PRIVILEGES OF USER tempuser;
+```
+
+13. List All Privileges of a Role
+
+Users can list the privilege information of roles they possess, but listing
other roles' privileges requires the SECURITY privilege.
+
+```SQL
+LIST PRIVILEGES OF ROLE <ROLENAME>
+eg: LIST PRIVILEGES OF ROLE actor;
+```
+
+### 2.2 Privilege Management
+
+#### 2.2.1 Grant Privileges
+
+1. Grant user management privileges to a user
+
+```SQL
+GRANT SECURITY TO USER <USERNAME>
+eg: GRANT SECURITY TO USER TEST_USER;
+```
+
+2. Grant a user the privilege to create databases and create tables within the
database scope, and allow the user to manage privileges within that scope
+
+```SQL
+GRANT CREATE ON DATABASE <DATABASE> TO USER <USERNAME> WITH GRANT OPTION
+eg: GRANT CREATE ON DATABASE TESTDB TO USER TEST_USER WITH GRANT OPTION;
+```
+
+3. Grant a role the privilege to query a database
+
+```SQL
+GRANT SELECT ON DATABASE <DATABASE> TO ROLE <ROLENAME>
+eg: GRANT SELECT ON DATABASE TESTDB TO ROLE TEST_ROLE;
+```
+
+4. Grant a user the privilege to query a table
+
+```SQL
+GRANT SELECT ON <DATABASE>.<TABLENAME> TO USER <USERNAME>
+eg: GRANT SELECT ON TESTDB.TESTTABLE TO USER TEST_USER;
+```
+
+5. Grant a role the privilege to query all databases and tables
+
+```SQL
+GRANT SELECT ON ANY TO ROLE <ROLENAME>
+eg: GRANT SELECT ON ANY TO ROLE TEST_ROLE;
+```
+
+6. ALL Syntax Sugar: ALL represents all privileges within the object scope.
You can use the ALL field to flexibly grant privileges.
+
+```SQL
+GRANT ALL TO USER TESTUSER;
+-- Grants all privileges available to the user, including global privileges
and all data privileges in the ANY scope
+
+GRANT ALL ON ANY TO USER TESTUSER;
+-- Grants all data privileges available in the ANY scope to the user. After
executing this statement, the user will have all data privileges on all
databases
+
+GRANT ALL ON DATABASE TESTDB TO USER TESTUSER;
+-- Grants all data privileges available in the DB scope to the user. After
executing this statement, the user will have all data privileges on this
database
+
+GRANT ALL ON TABLE TESTTABLE TO USER TESTUSER;
+-- Grants all data privileges available in the TABLE scope to the user. After
executing this statement, the user will have all data privileges on this table
+```
+
+#### 2.2.2 Revoke Privileges
+
+1. Revoke user management privileges from a user
+
+```SQL
+REVOKE SECURITY FROM USER <USERNAME>
+eg: REVOKE SECURITY FROM USER TEST_USER;
+```
+
+2. Revoke a user's privilege to create databases and create tables within the
database scope
+
+```SQL
+REVOKE CREATE ON DATABASE <DATABASE> FROM USER <USERNAME>
+eg: REVOKE CREATE ON DATABASE TEST_DB FROM USER TEST_USER;
+```
+
+3. Revoke a user's privilege to query a table
+
+```SQL
+REVOKE SELECT ON <DATABASE>.<TABLENAME> FROM USER <USERNAME>
+eg: REVOKE SELECT ON TESTDB.TESTTABLE FROM USER TEST_USER;
+```
+
+4. Revoke a user's privilege to query all databases and tables
+
+```SQL
+REVOKE SELECT ON ANY FROM USER <USERNAME>
+eg: REVOKE SELECT ON ANY FROM USER TEST_USER;
+```
+
+5. ALL Syntax Sugar: ALL represents all privileges within the object scope.
You can use the ALL field to flexibly revoke privileges.
+
+```SQL
+REVOKE ALL FROM USER TESTUSER;
+-- Revokes all global privileges and all data privileges in the ANY scope from
the user
+
+REVOKE ALL ON ANY FROM USER TESTUSER;
+-- Revokes all data privileges in the ANY scope from the user, and does not
affect DB-scope and TABLE-scope privileges
+
+REVOKE ALL ON DATABASE TESTDB FROM USER TESTUSER;
+-- Revokes all data privileges on the DB from the user, and does not affect
TABLE privileges
+
+REVOKE ALL ON TABLE TESTDB FROM USER TESTUSER;
+-- Revokes all data privileges on the TABLE from the user
+```
+
+#### 2.2.3 View User Privileges
+
+```SQL
+LIST PRIVILEGES OF USER <USERNAME>
+eg: LIST PRIVILEGES OF USER tempuser
+```
\ No newline at end of file
diff --git a/src/UserGuide/latest-Table/SQL-Manual/SQL-Data-Sync_apache.md
b/src/UserGuide/latest-Table/SQL-Manual/SQL-Data-Sync_apache.md
new file mode 100644
index 00000000..d3365d40
--- /dev/null
+++ b/src/UserGuide/latest-Table/SQL-Manual/SQL-Data-Sync_apache.md
@@ -0,0 +1,240 @@
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+-->
+
+# Data Sync
+
+This document mainly contains the SQL statements for the data synchronization
function. For detailed function introduction and usage instructions, see [Data
Sync](../User-Manual/Data-Sync_apache.md)
+
+## 1. Create Task
+
+**Syntax:**
+
+```SQL
+CREATE PIPE [IF NOT EXISTS] <PipeId> -- PipeId is the name that uniquely
identifies the task
+-- Data extraction plugin, optional plugin
+WITH SOURCE (
+ [<parameter> = <value>,],
+)
+-- Data processing plugin, optional plugin
+WITH PROCESSOR (
+ [<parameter> = <value>,],
+)
+-- Data connection plugin, required plugin
+WITH SINK (
+ [<parameter> = <value>,],
+)
+```
+
+**Example 1: Full Data Synchronization**
+
+```SQL
+create pipe A2B
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6668',
+)
+```
+
+**Example 2: Partial Data Synchronization**
+
+```SQL
+create pipe A2B
+WITH SOURCE (
+ 'source'= 'iotdb-source',
+ 'mode.streaming' = 'true',
+ 'database-name'='db_b.*',
+ 'start-time' = '2023.08.23T08:00:00+00:00',
+ 'end-time' = '2023.10.23T08:00:00+00:00'
+)
+with SINK (
+ 'sink'='iotdb-thrift-async-sink',
+ 'node-urls' = '127.0.0.1:6668',
+)
+```
+
+**Example 3: Edge-Cloud Data Transmission**
+
+* Execute the following statement on IoTDB B to synchronize data from B to A
+
+```SQL
+create pipe BA
+with source (
+ 'database-name'='db_b.*',
+ 'table-name'='.*',
+)
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6667',
+)
+```
+
+* Execute the following statement on IoTDB C to synchronize data from C to A
+
+```SQL
+create pipe CA
+with source (
+ 'database-name'='db_c.*',
+ 'table-name'='.*',
+)
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6668',
+)
+```
+
+* Execute the following statement on IoTDB D to synchronize data from D to A
+
+```SQL
+create pipe DA
+with source (
+ 'database-name'='db_d.*',
+ 'table-name'='.*',
+)
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6669',
+)
+```
+
+**Example 4: Cascaded Data Transmission**
+
+* Execute the following statement on IoTDB A to synchronize data from A to B
+
+```SQL
+create pipe AB
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6668',
+)
+```
+
+* Execute the following statement on IoTDB B to synchronize data from B to C
+
+```SQL
+create pipe BC
+with source (
+)
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6669',
+)
+```
+
+**Example 5: Compressed Synchronization**
+
+```SQL
+create pipe A2B
+with sink (
+ 'node-urls' = '127.0.0.1:6668',
+ 'compressor' = 'snappy,lz4',
+ 'rate-limit-bytes-per-second'='1048576'
+)
+```
+
+**Example 6: Encrypted Synchronization**
+
+```SQL
+create pipe A2B
+with sink (
+ 'sink'='iotdb-thrift-ssl-sink',
+ 'node-urls'='127.0.0.1:6667',
+ 'ssl.trust-store-path'='pki/trusted',
+ 'ssl.trust-store-pwd'='root'
+)
+```
+
+## 2. Start Task
+
+**Syntax:**
+
+```SQL
+START PIPE <PipeId>
+```
+
+**Example:**
+
+```SQL
+START PIPE A2B
+```
+
+## 3. Stop Task
+
+**Syntax:**
+
+```SQL
+STOP PIPE <PipeId>
+```
+
+**Example:**
+
+```SQL
+STOP PIPE A2B
+```
+
+## 4. Drop Task
+
+**Syntax:**
+
+```SQL
+DROP PIPE [IF EXISTS] <PipeId>
+```
+
+**Example:**
+
+```SQL
+DROP PIPE IF EXISTS A2B
+```
+
+## 5. Show Tasks
+
+**Syntax:**
+
+```SQL
+-- Show all tasks
+SHOW PIPES
+-- Show a specific task
+SHOW PIPE <PipeId>
+```
+
+**Example:**
+
+```SQL
+SHOW PIPES
+
+SHOW PIPE A2B
+```
+
+## 6. Alter Task
+
+**Syntax:**
+
+```SQL
+ALTER PIPE [IF EXISTS] <PipeId>
+ MODIFY/REPLACE SOURCE(...)
+ MODIFY/REPLACE PROCESSOR(...)
+ MODIFY/REPLACE SINK(...)
+```
+
+**Example:**
+
+```SQL
+ALTER PIPE A2B REPLACE SINK ('sink'='iotdb-thrift-sink', 'node-urls' =
'127.0.0.1:6668');
+```
\ No newline at end of file
diff --git a/src/UserGuide/latest-Table/SQL-Manual/SQL-Data-Sync_timecho.md
b/src/UserGuide/latest-Table/SQL-Manual/SQL-Data-Sync_timecho.md
new file mode 100644
index 00000000..41eff7ee
--- /dev/null
+++ b/src/UserGuide/latest-Table/SQL-Manual/SQL-Data-Sync_timecho.md
@@ -0,0 +1,321 @@
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+-->
+
+# Data Sync
+
+This document mainly contains the SQL statements for the data synchronization
function. For detailed function introduction and usage instructions, see [Data
Sync](../User-Manual/Data-Sync_timecho.md)
+
+## 1. Create Task
+
+**Syntax:**
+
+```SQL
+CREATE PIPE [IF NOT EXISTS] <PipeId> -- PipeId is the name that uniquely
identifies the task
+-- Data extraction plugin, optional
+WITH SOURCE (
+ [<parameter> = <value>,],
+)
+-- Data processing plugin, optional
+WITH PROCESSOR (
+ [<parameter> = <value>,],
+)
+-- Data connection plugin, required
+WITH SINK (
+ [<parameter> = <value>,],
+)
+```
+
+**Example 1: Full Data Synchronization**
+
+```SQL
+create pipe A2B
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6668',
+)
+```
+
+**Example 2: Partial Data Synchronization**
+
+```SQL
+create pipe A2B
+WITH SOURCE (
+ 'source'= 'iotdb-source',
+ 'mode.streaming' = 'true',
+ 'database-name'='db_b.*',
+ 'start-time' = '2023.08.23T08:00:00+00:00',
+ 'end-time' = '2023.10.23T08:00:00+00:00'
+)
+with SINK (
+ 'sink'='iotdb-thrift-async-sink',
+ 'node-urls' = '127.0.0.1:6668',
+)
+```
+
+**Example 3: Bidirectional Data Transmission**
+
+* Execute the following statement on IoTDB A
+
+```SQL
+create pipe AB
+with source (
+ 'source.mode.double-living' ='true'
+)
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6668',
+)
+```
+
+* Execute the following statement on IoTDB B
+
+```SQL
+create pipe BA
+with source (
+ 'source.mode.double-living' ='true'
+)
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6667',
+)
+```
+
+**Example 4: Edge-Cloud Data Transmission**
+
+* Execute the following statement on IoTDB B to synchronize data from B to A
+
+```SQL
+create pipe BA
+with source (
+ 'database-name'='db_b.*',
+ 'table-name'='.*',
+)
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6667',
+)
+```
+
+* Execute the following statement on IoTDB C to synchronize data from C to A
+
+```SQL
+create pipe CA
+with source (
+ 'database-name'='db_c.*',
+ 'table-name'='.*',
+)
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6668',
+)
+```
+
+* Execute the following statement on IoTDB D to synchronize data from D to A
+
+```SQL
+create pipe DA
+with source (
+ 'database-name'='db_d.*',
+ 'table-name'='.*',
+)
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6669',
+)
+```
+
+**Example 5: Cascaded Data Transmission**
+
+* Execute the following statement on IoTDB A to synchronize data from A to B
+
+```SQL
+create pipe AB
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6668',
+)
+```
+
+* Execute the following statement on IoTDB B to synchronize data from B to C
+
+```SQL
+create pipe BC
+with source (
+)
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6669',
+)
+```
+
+**Example 6: Cross-Gap Data Transmission**
+
+```SQL
+create pipe A2B
+with sink (
+ 'sink'='iotdb-air-gap-sink',
+ 'node-urls' = '10.53.53.53:9780',
+)
+```
+
+**Example 7: Compressed Synchronization**
+
+```SQL
+create pipe A2B
+with sink (
+ 'node-urls' = '127.0.0.1:6668',
+ 'compressor' = 'snappy,lz4',
+ 'rate-limit-bytes-per-second'='1048576'
+)
+```
+
+**Example 8: Encrypted Synchronization**
+
+```SQL
+create pipe A2B
+with sink (
+ 'sink'='iotdb-thrift-ssl-sink',
+ 'node-urls'='127.0.0.1:6667',
+ 'ssl.trust-store-path'='pki/trusted',
+ 'ssl.trust-store-pwd'='root'
+)
+```
+
+**Example 9: Local Export of Object Type Data**
+
+```SQL
+CREATE PIPE tsfile_export_local
+WITH SOURCE (
+ 'source' = 'iotdb-source',
+ 'table-name' = 'test_table'
+)
+WITH PROCESSOR (
+ 'processor' = 'do-nothing-processor'
+)
+WITH SINK (
+ 'sink' = 'tsfile-local-sink',
+ 'sink.local.target-path' = '/data/backup/export_2024',
+ 'sink.rate-limit-bytes-per-second' = '10485760'
+);
+```
+
+**Example 10: Remote Transmission of Object Type Data**
+
+* This method requires pre-registration of the `tsfile_remote_sink` plugin
+
+```SQL
+CREATE PIPE tsfile_export_scp
+WITH SOURCE (
+ 'source' = 'iotdb-source',
+ 'table-name' = 'test_table'
+)
+WITH PROCESSOR (
+ 'processor' = 'do-nothing-processor'
+)
+WITH SINK (
+ 'sink' = 'tsfile_remote_sink',
+ 'sink.file-mode' = 'scp',
+ 'sink.scp.host' = '192.168.1.100',
+ 'sink.scp.port' = '22',
+ 'sink.scp.user' = 'backup_user',
+ 'sink.scp.password' = 'ComplexPass123!',
+ 'sink.scp.remote-path' = '/remote/archive/',
+ 'sink.rate-limit-bytes-per-second' = '10485760'
+);
+```
+
+## 2. Start Task
+
+**Syntax:**
+
+```SQL
+START PIPE <PipeId>
+```
+
+**Example:**
+
+```SQL
+START PIPE A2B
+```
+
+## 3. Stop Task
+
+**Syntax:**
+
+```SQL
+STOP PIPE <PipeId>
+```
+
+**Example:**
+
+```SQL
+STOP PIPE A2B
+```
+
+## 4. Drop Task
+
+**Syntax:**
+
+```SQL
+DROP PIPE [IF EXISTS] <PipeId>
+```
+
+**Example:**
+
+```SQL
+DROP PIPE IF EXISTS A2B
+```
+
+## 5. Show Tasks
+
+**Syntax:**
+
+```SQL
+-- Show all tasks
+SHOW PIPES
+-- Show a specific task
+SHOW PIPE <PipeId>
+```
+
+**Example:**
+
+```SQL
+SHOW PIPES
+
+SHOW PIPE A2B
+```
+
+## 6. Alter Task
+
+**Syntax:**
+
+```SQL
+ALTER PIPE [IF EXISTS] <PipeId>
+ MODIFY/REPLACE SOURCE(...)
+ MODIFY/REPLACE PROCESSOR(...)
+ MODIFY/REPLACE SINK(...)
+```
+
+**Example:**
+
+```SQL
+ALTER PIPE A2B REPLACE SINK ('sink'='iotdb-thrift-sink', 'node-urls' =
'127.0.0.1:6668');
+```
\ No newline at end of file
diff --git
a/src/zh/UserGuide/Master/Table/SQL-Manual/SQL-Authority-Management_apache.md
b/src/zh/UserGuide/Master/Table/SQL-Manual/SQL-Authority-Management_apache.md
new file mode 100644
index 00000000..247e0d2b
--- /dev/null
+++
b/src/zh/UserGuide/Master/Table/SQL-Manual/SQL-Authority-Management_apache.md
@@ -0,0 +1,371 @@
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+-->
+# 权限管理
+
+本文档为 V2.0.7 版本起权限管理的 SQL
手册,详细功能使用可见[权限管理](../User-Manual/Authority-Management-Upgrade_apache.md),如需查阅
V2.0.7 版本之前权限管理的功能介绍可参考[权限管理](../User-Manual/Authority-Management_apache.md)
+
+## 1. 权限列表
+
+<table>
+ <tbody>
+ <tr>
+ <th>权限类型</th>
+ <th>权限名称</th>
+ <th>生效范围</th>
+ <th>描述</th>
+ </tr>
+ <!-- 全局权限 - SYSTEM -->
+ <tr>
+ <td rowspan="16">全局权限</td>
+ <td rowspan="6">SYSTEM</td>
+ <td rowspan="6">全局</td>
+ <td>允许用户创建、修改、删除数据库。</td>
+ </tr>
+ <tr>
+ <td>允许用户创建、修改、删除表及表视图。</td>
+ </tr>
+ <tr>
+ <td>允许用户创建、删除、查看用户自定义函数。</td>
+ </tr>
+ <tr>
+ <td>允许用户创建、开始、停止、删除、查看PIPE。允许用户创建、删除、查看PIPEPLUGINS。</td>
+ </tr>
+ <tr>
+ <td>允许用户查询、取消查询。允许用户查看变量。允许用户查看集群状态。</td>
+ </tr>
+ <tr>
+ <td>允许用户创建、删除、查看深度学习模型。</td>
+ </tr>
+ <!-- 全局权限 - SECURITY -->
+ <tr>
+ <td rowspan="10">SECURITY</td>
+ <td rowspan="10">全局</td>
+ <td>允许用户创建用户。</td>
+ </tr>
+ <tr>
+ <td>允许用户删除用户。</td>
+ </tr>
+ <tr>
+ <td>允许用户修改用户密码。</td>
+ </tr>
+ <tr>
+ <td>允许用户查看用户的权限信息。</td>
+ </tr>
+ <tr>
+ <td>允许用户列出所有用户。</td>
+ </tr>
+ <tr>
+ <td>允许用户创建角色。</td>
+ </tr>
+ <tr>
+ <td>允许用户删除角色。</td>
+ </tr>
+ <tr>
+ <td>允许用户查看角色的权限信息。</td>
+ </tr>
+ <tr>
+ <td>允许用户将角色授予某个用户或撤销。</td>
+ </tr>
+ <tr>
+ <td>允许用户列出所有角色。</td>
+ </tr>
+ <!-- 数据权限 - CREATE -->
+ <tr>
+ <td rowspan="15">数据权限</td>
+ <td rowspan="3">CREATE</td>
+ <td>ANY</td>
+ <td>允许创建任意表、创建任意数据库。</td>
+ </tr>
+ <tr>
+ <td>数据库</td>
+ <td>允许用户在该数据库下创建表;允许用户创建该名称的数据库。</td>
+ </tr>
+ <tr>
+ <td>表</td>
+ <td>允许用户创建该名称的表。</td>
+ </tr>
+ <!-- 数据权限 - ALTER -->
+ <tr>
+ <td rowspan="3">ALTER</td>
+ <td>ANY</td>
+ <td>允许修改任意表的定义、任意数据库的定义。</td>
+ </tr>
+ <tr>
+ <td>数据库</td>
+ <td>允许用户修改数据库的定义,允许用户修改数据库下表的定义。</td>
+ </tr>
+ <tr>
+ <td>表</td>
+ <td>允许用户修改表的定义。</td>
+ </tr>
+ <!-- 数据权限 - SELECT -->
+ <tr>
+ <td rowspan="3">SELECT</td>
+ <td>ANY</td>
+ <td>允许查询系统内任意数据库中任意表的数据。</td>
+ </tr>
+ <tr>
+ <td>数据库</td>
+ <td>允许用户查询该数据库中任意表的数据。</td>
+ </tr>
+ <tr>
+ <td>表</td>
+ <td>允许用户查询该表中的数据。执行多表查询时,数据库仅展示用户有权限访问的数据。</td>
+ </tr>
+ <!-- 数据权限 - INSERT -->
+ <tr>
+ <td rowspan="3">INSERT</td>
+ <td>ANY</td>
+ <td>允许任意数据库的任意表插入/更新数据。</td>
+ </tr>
+ <tr>
+ <td>数据库</td>
+ <td>允许用户向该数据库范围内任意表插入/更新数据。</td>
+ </tr>
+ <tr>
+ <td>表</td>
+ <td>允许用户向该表中插入/更新数据。</td>
+ </tr>
+ <!-- 数据权限 - DELETE -->
+ <tr>
+ <td rowspan="3">DELETE</td>
+ <td>ANY</td>
+ <td>允许删除任意表的数据。</td>
+ </tr>
+ <tr>
+ <td>数据库</td>
+ <td>允许用户删除该数据库范围内的数据。</td>
+ </tr>
+ <tr>
+ <td>表</td>
+ <td>允许用户删除该表中的数据。</td>
+ </tr>
+ </tbody>
+</table>
+
+## 2. SQL 语句
+
+### 2.1 用户与角色管理
+
+1. 创建用户(需 SECURITY 权限)
+
+```SQL
+CREATE USER <USERNAME> <PASSWORD>
+eg: CREATE USER user1 'passwd';
+```
+
+2. 修改密码
+
+用户可以修改自己的密码,但修改其他用户密码需要具备 SECURITY 权限。
+
+```SQL
+ALTER USER <USERNAME> SET PASSWORD <password>
+eg: ALTER USER tempuser SET PASSWORD 'newpwd';
+```
+
+3. 删除用户(需 SECURITY 权限)
+
+```SQL
+DROP USER <USERNAME>
+eg: DROP USER user1;
+```
+
+4. 创建角色 (需 SECURITY 权限)
+
+```SQL
+CREATE ROLE <ROLENAME>
+eg: CREATE ROLE role1;
+```
+
+5. 删除角色 (需 SECURITY 权限)
+
+```SQL
+DROP ROLE <ROLENAME>
+eg: DROP ROLE role1;
+```
+
+6. 赋予用户角色 (需 SECURITY 权限)
+
+```SQL
+GRANT ROLE <ROLENAME> TO <USERNAME>
+eg: GRANT ROLE admin TO user1;
+```
+
+7. 移除用户角色 (需 SECURITY 权限)
+
+```SQL
+REVOKE ROLE <ROLENAME> FROM <USERNAME>
+eg: REVOKE ROLE admin FROM user1;
+```
+
+8. 列出所有用户(需 SECURITY 权限)
+
+```SQL
+LIST USER;
+```
+
+9. 列出所有的角色 (需 SECURITY 权限)
+
+```SQL
+LIST ROLE;
+```
+
+10. 列出指定角色下所有用户(需 SECURITY 权限)
+
+```SQL
+LIST USER OF ROLE <ROLENAME>
+eg: LIST USER OF ROLE roleuser;
+```
+
+11. 列出指定用户下的所有角色
+
+用户可以列出自己的角色,但列出其他用户的角色需要拥有 SECURITY 权限。
+
+```SQL
+LIST ROLE OF USER <USERNAME>
+eg: LIST ROLE OF USER tempuser;
+```
+
+12. 列出用户所有权限
+
+用户可以列出自己的权限信息,但列出其他用户的权限需要拥有 SECURITY 权限。
+
+```SQL
+LIST PRIVILEGES OF USER <USERNAME>
+eg: LIST PRIVILEGES OF USER tempuser;
+```
+
+13. 列出角色所有权限
+
+用户可以列出自己具有的角色的权限信息,列出其他角色的权限需要有 SECURITY 权限。
+
+```SQL
+LIST PRIVILEGES OF ROLE <ROLENAME>
+eg: LIST PRIVILEGES OF ROLE actor;
+```
+
+### 2.2 权限管理
+
+#### 2.2.1 授予权限
+
+1. 给用户授予管理用户的权限
+
+```SQL
+GRANT SECURITY TO USER <USERNAME>
+eg: GRANT SECURITY TO USER TEST_USER;
+```
+
+2. 给用户授予创建数据库及在数据库范围内创建表的权限,且允许用户在该范围内管理权限
+
+```SQL
+GRANT CREATE ON DATABASE <DATABASE> TO USER <USERNAME> WITH GRANT OPTION
+eg: GRANT CREATE ON DATABASE TESTDB TO USER TEST_USER WITH GRANT OPTION;
+```
+
+3. 给角色授予查询数据库的权限
+
+```SQL
+GRANT SELECT ON DATABASE <DATABASE>TO ROLE <ROLENAME>
+eg: GRANT SELECT ON DATABASE TESTDB TO ROLE TEST_ROLE;
+```
+
+4. 给用户授予查询表的权限
+
+```SQL
+GRANT SELECT ON <DATABASE>.<TABLENAME> TO USER <USERNAME>
+eg: GRANT SELECT ON TESTDB.TESTTABLE TO USER TEST_USER;
+```
+
+5. 给角色授予查询所有数据库及表的权限
+
+```SQL
+GRANT SELECT ON ANY TO ROLE <ROLENAME>
+eg: GRANT SELECT ON ANY TO ROLE TEST_ROLE;
+```
+
+6. ALL 语法糖:ALL 表示对象范围内所有权限,可以使用 ALL 字段灵活地授予权限。
+
+```SQL
+GRANT ALL TO USER TESTUSER;
+-- 将用户可以获取的所有权限授予给用户,包括全局权限和 ANY 范围的所有数据权限
+
+GRANT ALL ON ANY TO USER TESTUSER;
+-- 将 ANY 范围内可以获取的所有权限授予给用户,执行该语句后,用户将拥有在所有数据库上的所有数据权限
+
+GRANT ALL ON DATABASE TESTDB TO USER TESTUSER;
+-- 将 DB 范围内可以获取的所有权限授予给用户,执行该语句后,用户将拥有在该数据库上的所有数据权限
+
+GRANT ALL ON TABLE TESTTABLE TO USER TESTUSER;
+-- 将 TABLE 范围内可以获取的所有权限授予给用户,执行该语句后,用户将拥有在该表上的所有数据权限
+```
+
+#### 2.2.2 撤销权限
+
+1. 取消用户管理用户的权限
+
+```SQL
+REVOKE SECURITY FROM USER <USERNAME>
+eg: REVOKE SECURITY FROM USER TEST_USER;
+```
+
+2. 取消用户创建数据库及在数据库范围内创建表的权限
+
+```SQL
+REVOKE CREATE ON DATABASE <DATABASE> FROM USER <USERNAME>
+eg: REVOKE CREATE ON DATABASE TEST_DB FROM USER TEST_USER;
+```
+
+3. 取消用户查询表的权限
+
+```SQL
+REVOKE SELECT ON <DATABASE>.<TABLENAME> FROM USER <USERNAME>
+eg: REVOKE SELECT ON TESTDB.TESTTABLE FROM USER TEST_USER;
+```
+
+4. 取消用户查询所有数据库及表的权限
+
+```SQL
+REVOKE SELECT ON ANY FROM USER <USERNAME>
+eg: REVOKE SELECT ON ANY FROM USER TEST_USER;
+```
+
+5. ALL 语法糖:ALL 表示对象范围内所有权限,可以使用 ALL 字段灵活地撤销权限。
+
+```SQL
+REVOKE ALL FROM USER TESTUSER;
+-- 取消用户所有的全局权限以及 ANY 范围的所有数据权限
+
+REVOKE ALL ON ANY FROM USER TESTUSER;
+-- 取消用户 ANY 范围的所有数据权限,不会影响 DB 范围和 TABLE 范围的权限
+
+REVOKE ALL ON DATABASE TESTDB FROM USER TESTUSER;
+-- 取消用户在 DB 上的所有数据权限,不会影响 TABLE 权限
+
+REVOKE ALL ON TABLE TESTDB FROM USER TESTUSER;
+-- 取消用户在 TABLE 上的所有数据权限
+```
+
+#### 2.2.3 查看用户权限
+
+```SQL
+LIST PRIVILEGES OF USER <USERNAME>
+eg: LIST PRIVILEGES OF USER tempuser
+```
diff --git
a/src/zh/UserGuide/Master/Table/SQL-Manual/SQL-Authority-Management_timecho.md
b/src/zh/UserGuide/Master/Table/SQL-Manual/SQL-Authority-Management_timecho.md
new file mode 100644
index 00000000..34fc1bf5
--- /dev/null
+++
b/src/zh/UserGuide/Master/Table/SQL-Manual/SQL-Authority-Management_timecho.md
@@ -0,0 +1,377 @@
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+-->
+# 权限管理
+
+本文档为 V2.0.7 版本起权限管理的 SQL
手册,详细功能使用可见[权限管理](../User-Manual/Authority-Management-Upgrade_timecho.md),如需查阅
V2.0.7 版本之前权限管理的功能介绍可参考[权限管理](../User-Manual/Authority-Management_timecho.md)
+
+## 1. 权限列表
+
+<table>
+ <tbody>
+ <tr>
+ <th>权限类型</th>
+ <th>权限名称</th>
+ <th>生效范围</th>
+ <th>描述</th>
+ </tr>
+ <!-- 全局权限 - SYSTEM -->
+ <tr>
+ <td rowspan="17">全局权限</td>
+ <td rowspan="6">SYSTEM</td>
+ <td rowspan="6">全局</td>
+ <td>允许用户创建、修改、删除数据库。</td>
+ </tr>
+ <tr>
+ <td>允许用户创建、修改、删除表及表视图。</td>
+ </tr>
+ <tr>
+ <td>允许用户创建、删除、查看用户自定义函数。</td>
+ </tr>
+ <tr>
+ <td>允许用户创建、开始、停止、删除、查看PIPE。允许用户创建、删除、查看PIPEPLUGINS。</td>
+ </tr>
+ <tr>
+ <td>允许用户查询、取消查询。允许用户查看变量。允许用户查看集群状态。</td>
+ </tr>
+ <tr>
+ <td>允许用户创建、删除、查看深度学习模型。</td>
+ </tr>
+ <!-- 全局权限 - SECURITY -->
+ <tr>
+ <td rowspan="10">SECURITY</td>
+ <td rowspan="10">全局</td>
+ <td>允许用户创建用户。</td>
+ </tr>
+ <tr>
+ <td>允许用户删除用户。</td>
+ </tr>
+ <tr>
+ <td>允许用户修改用户密码。</td>
+ </tr>
+ <tr>
+ <td>允许用户查看用户的权限信息。</td>
+ </tr>
+ <tr>
+ <td>允许用户列出所有用户。</td>
+ </tr>
+ <tr>
+ <td>允许用户创建角色。</td>
+ </tr>
+ <tr>
+ <td>允许用户删除角色。</td>
+ </tr>
+ <tr>
+ <td>允许用户查看角色的权限信息。</td>
+ </tr>
+ <tr>
+ <td>允许用户将角色授予某个用户或撤销。</td>
+ </tr>
+ <tr>
+ <td>允许用户列出所有角色。</td>
+ </tr>
+ <!-- 全局权限 - AUDIT(新增) -->
+ <tr>
+ <td>AUDIT</td>
+ <td>全局</td>
+ <td>允许用户维护审计日志的规则 允许用户查看审计日志。</td>
+ </tr>
+ <!-- 数据权限 - CREATE -->
+ <tr>
+ <td rowspan="15">数据权限</td>
+ <td rowspan="3">CREATE</td>
+ <td>ANY</td>
+ <td>允许创建任意表、创建任意数据库。</td>
+ </tr>
+ <tr>
+ <td>数据库</td>
+ <td>允许用户在该数据库下创建表;允许用户创建该名称的数据库。</td>
+ </tr>
+ <tr>
+ <td>表</td>
+ <td>允许用户创建该名称的表。</td>
+ </tr>
+ <!-- 数据权限 - ALTER -->
+ <tr>
+ <td rowspan="3">ALTER</td>
+ <td>ANY</td>
+ <td>允许修改任意表的定义、任意数据库的定义。</td>
+ </tr>
+ <tr>
+ <td>数据库</td>
+ <td>允许用户修改数据库的定义,允许用户修改数据库下表的定义。</td>
+ </tr>
+ <tr>
+ <td>表</td>
+ <td>允许用户修改表的定义。</td>
+ </tr>
+ <!-- 数据权限 - SELECT -->
+ <tr>
+ <td rowspan="3">SELECT</td>
+ <td>ANY</td>
+ <td>允许查询系统内任意数据库中任意表的数据。</td>
+ </tr>
+ <tr>
+ <td>数据库</td>
+ <td>允许用户查询该数据库中任意表的数据。</td>
+ </tr>
+ <tr>
+ <td>表</td>
+ <td>允许用户查询该表中的数据。执行多表查询时,数据库仅展示用户有权限访问的数据。</td>
+ </tr>
+ <!-- 数据权限 - INSERT -->
+ <tr>
+ <td rowspan="3">INSERT</td>
+ <td>ANY</td>
+ <td>允许任意数据库的任意表插入/更新数据。</td>
+ </tr>
+ <tr>
+ <td>数据库</td>
+ <td>允许用户向该数据库范围内任意表插入/更新数据。</td>
+ </tr>
+ <tr>
+ <td>表</td>
+ <td>允许用户向该表中插入/更新数据。</td>
+ </tr>
+ <!-- 数据权限 - DELETE -->
+ <tr>
+ <td rowspan="3">DELETE</td>
+ <td>ANY</td>
+ <td>允许删除任意表的数据。</td>
+ </tr>
+ <tr>
+ <td>数据库</td>
+ <td>允许用户删除该数据库范围内的数据。</td>
+ </tr>
+ <tr>
+ <td>表</td>
+ <td>允许用户删除该表中的数据。</td>
+ </tr>
+ </tbody>
+</table>
+
+## 2. SQL 语句
+
+### 2.1 用户与角色管理
+
+1. 创建用户(需 SECURITY 权限)
+
+```SQL
+CREATE USER <USERNAME> <PASSWORD>
+eg: CREATE USER user1 'Passwd@202604';
+```
+
+2. 修改密码
+
+用户可以修改自己的密码,但修改其他用户密码需要具备 SECURITY 权限。
+
+```SQL
+ALTER USER <USERNAME> SET PASSWORD <password>
+eg: ALTER USER tempuser SET PASSWORD 'Newpwd@202604';
+```
+
+3. 删除用户(需 SECURITY 权限)
+
+```SQL
+DROP USER <USERNAME>
+eg: DROP USER user1;
+```
+
+4. 创建角色 (需 SECURITY 权限)
+
+```SQL
+CREATE ROLE <ROLENAME>
+eg: CREATE ROLE role1;
+```
+
+5. 删除角色 (需 SECURITY 权限)
+
+```SQL
+DROP ROLE <ROLENAME>
+eg: DROP ROLE role1;
+```
+
+6. 赋予用户角色 (需 SECURITY 权限)
+
+```SQL
+GRANT ROLE <ROLENAME> TO <USERNAME>
+eg: GRANT ROLE admin TO user1;
+```
+
+7. 移除用户角色 (需 SECURITY 权限)
+
+```SQL
+REVOKE ROLE <ROLENAME> FROM <USERNAME>
+eg: REVOKE ROLE admin FROM user1;
+```
+
+8. 列出所有用户(需 SECURITY 权限)
+
+```SQL
+LIST USER;
+```
+
+9. 列出所有的角色 (需 SECURITY 权限)
+
+```SQL
+LIST ROLE;
+```
+
+10. 列出指定角色下所有用户(需 SECURITY 权限)
+
+```SQL
+LIST USER OF ROLE <ROLENAME>
+eg: LIST USER OF ROLE roleuser;
+```
+
+11. 列出指定用户下的所有角色
+
+用户可以列出自己的角色,但列出其他用户的角色需要拥有 SECURITY 权限。
+
+```SQL
+LIST ROLE OF USER <USERNAME>
+eg: LIST ROLE OF USER tempuser;
+```
+
+12. 列出用户所有权限
+
+用户可以列出自己的权限信息,但列出其他用户的权限需要拥有 SECURITY 权限。
+
+```SQL
+LIST PRIVILEGES OF USER <USERNAME>
+eg: LIST PRIVILEGES OF USER tempuser;
+```
+
+13. 列出角色所有权限
+
+用户可以列出自己具有的角色的权限信息,列出其他角色的权限需要有 SECURITY 权限。
+
+```SQL
+LIST PRIVILEGES OF ROLE <ROLENAME>
+eg: LIST PRIVILEGES OF ROLE actor;
+```
+
+### 2.2 权限管理
+
+#### 2.2.1 授予权限
+
+1. 给用户授予管理用户的权限
+
+```SQL
+GRANT SECURITY TO USER <USERNAME>
+eg: GRANT SECURITY TO USER TEST_USER;
+```
+
+2. 给用户授予创建数据库及在数据库范围内创建表的权限,且允许用户在该范围内管理权限
+
+```SQL
+GRANT CREATE ON DATABASE <DATABASE> TO USER <USERNAME> WITH GRANT OPTION
+eg: GRANT CREATE ON DATABASE TESTDB TO USER TEST_USER WITH GRANT OPTION;
+```
+
+3. 给角色授予查询数据库的权限
+
+```SQL
+GRANT SELECT ON DATABASE <DATABASE>TO ROLE <ROLENAME>
+eg: GRANT SELECT ON DATABASE TESTDB TO ROLE TEST_ROLE;
+```
+
+4. 给用户授予查询表的权限
+
+```SQL
+GRANT SELECT ON <DATABASE>.<TABLENAME> TO USER <USERNAME>
+eg: GRANT SELECT ON TESTDB.TESTTABLE TO USER TEST_USER;
+```
+
+5. 给角色授予查询所有数据库及表的权限
+
+```SQL
+GRANT SELECT ON ANY TO ROLE <ROLENAME>
+eg: GRANT SELECT ON ANY TO ROLE TEST_ROLE;
+```
+
+6. ALL 语法糖:ALL 表示对象范围内所有权限,可以使用 ALL 字段灵活地授予权限。
+
+```SQL
+GRANT ALL TO USER TESTUSER;
+-- 将用户可以获取的所有权限授予给用户,包括全局权限和 ANY 范围的所有数据权限
+
+GRANT ALL ON ANY TO USER TESTUSER;
+-- 将 ANY 范围内可以获取的所有权限授予给用户,执行该语句后,用户将拥有在所有数据库上的所有数据权限
+
+GRANT ALL ON DATABASE TESTDB TO USER TESTUSER;
+-- 将 DB 范围内可以获取的所有权限授予给用户,执行该语句后,用户将拥有在该数据库上的所有数据权限
+
+GRANT ALL ON TABLE TESTTABLE TO USER TESTUSER;
+-- 将 TABLE 范围内可以获取的所有权限授予给用户,执行该语句后,用户将拥有在该表上的所有数据权限
+```
+
+#### 2.2.2 撤销权限
+
+1. 取消用户管理用户的权限
+
+```SQL
+REVOKE SECURITY FROM USER <USERNAME>
+eg: REVOKE SECURITY FROM USER TEST_USER;
+```
+
+2. 取消用户创建数据库及在数据库范围内创建表的权限
+
+```SQL
+REVOKE CREATE ON DATABASE <DATABASE> FROM USER <USERNAME>
+eg: REVOKE CREATE ON DATABASE TEST_DB FROM USER TEST_USER;
+```
+
+3. 取消用户查询表的权限
+
+```SQL
+REVOKE SELECT ON <DATABASE>.<TABLENAME> FROM USER <USERNAME>
+eg: REVOKE SELECT ON TESTDB.TESTTABLE FROM USER TEST_USER;
+```
+
+4. 取消用户查询所有数据库及表的权限
+
+```SQL
+REVOKE SELECT ON ANY FROM USER <USERNAME>
+eg: REVOKE SELECT ON ANY FROM USER TEST_USER;
+```
+
+5. ALL 语法糖:ALL 表示对象范围内所有权限,可以使用 ALL 字段灵活地撤销权限。
+
+```SQL
+REVOKE ALL FROM USER TESTUSER;
+-- 取消用户所有的全局权限以及 ANY 范围的所有数据权限
+
+REVOKE ALL ON ANY FROM USER TESTUSER;
+-- 取消用户 ANY 范围的所有数据权限,不会影响 DB 范围和 TABLE 范围的权限
+
+REVOKE ALL ON DATABASE TESTDB FROM USER TESTUSER;
+-- 取消用户在 DB 上的所有数据权限,不会影响 TABLE 权限
+
+REVOKE ALL ON TABLE TESTDB FROM USER TESTUSER;
+-- 取消用户在 TABLE 上的所有数据权限
+```
+
+#### 2.2.3 查看用户权限
+
+```SQL
+LIST PRIVILEGES OF USER <USERNAME>
+eg: LIST PRIVILEGES OF USER tempuser
+```
diff --git a/src/zh/UserGuide/Master/Table/SQL-Manual/SQL-Data-Sync_apache.md
b/src/zh/UserGuide/Master/Table/SQL-Manual/SQL-Data-Sync_apache.md
new file mode 100644
index 00000000..13d050c9
--- /dev/null
+++ b/src/zh/UserGuide/Master/Table/SQL-Manual/SQL-Data-Sync_apache.md
@@ -0,0 +1,239 @@
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+-->
+# 数据同步
+
+本文档主要为数据同步功能的SQL语句,详细功能介绍及使用说明见 [数据同步](../User-Manual/Data-Sync_apache.md)
+
+## 1. 创建任务
+
+**语法:**
+
+```SQL
+CREATE PIPE [IF NOT EXISTS] <PipeId> -- PipeId 是能够唯一标定任务的名字
+-- 数据抽取插件,可选插件
+WITH SOURCE (
+ [<parameter> = <value>,],
+)
+-- 数据处理插件,可选插件
+WITH PROCESSOR (
+ [<parameter> = <value>,],
+)
+-- 数据连接插件,必填插件
+WITH SINK (
+ [<parameter> = <value>,],
+)
+```
+
+**示例一:全量数据同步**
+
+```SQL
+create pipe A2B
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6668',
+)
+```
+
+**示例二:部分数据同步**
+
+```SQL
+create pipe A2B
+WITH SOURCE (
+ 'source'= 'iotdb-source',
+ 'mode.streaming' = 'true'
+ 'database-name'='db_b.*',
+ 'start-time' = '2023.08.23T08:00:00+00:00',
+ 'end-time' = '2023.10.23T08:00:00+00:00'
+)
+with SINK (
+ 'sink'='iotdb-thrift-async-sink',
+ 'node-urls' = '127.0.0.1:6668',
+)
+```
+
+**示例三:边云数据传输**
+
+* 在 B IoTDB 上执行下列语句,将 B 中数据同步至 A
+
+```SQL
+create pipe BA
+with source (
+ 'database-name'='db_b.*',
+ 'table-name'='.*',
+)
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6667',
+)
+```
+
+* 在 C IoTDB 上执行下列语句,将 C 中数据同步至 A
+
+```SQL
+create pipe CA
+with source (
+ 'database-name'='db_c.*',
+ 'table-name'='.*',
+)
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6668',
+)
+```
+
+* 在 D IoTDB 上执行下列语句,将 D 中数据同步至 A
+
+```SQL
+create pipe DA
+with source (
+ 'database-name'='db_d.*',
+ 'table-name'='.*',
+)
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6669',
+)
+```
+
+**示例四:级联数据传输**
+
+* 在 A IoTDB 上执行下列语句,将 A 中数据同步至 B
+
+```SQL
+create pipe AB
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6668',
+)
+```
+
+* 在 B IoTDB 上执行下列语句,将 B 中数据同步至 C
+
+```SQL
+create pipe BC
+with source (
+)
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6669',
+)
+```
+
+**示例五:压缩同步**
+
+```SQL
+create pipe A2B
+with sink (
+ 'node-urls' = '127.0.0.1:6668',
+ 'compressor' = 'snappy,lz4',
+ 'rate-limit-bytes-per-second'='1048576'
+)
+```
+
+**示例六:加密同步**
+
+```SQL
+create pipe A2B
+with sink (
+ 'sink'='iotdb-thrift-ssl-sink',
+ 'node-urls'='127.0.0.1:6667',
+ 'ssl.trust-store-path'='pki/trusted',
+ 'ssl.trust-store-pwd'='root'
+)
+```
+
+## 2. 开始任务
+
+**语法:**
+
+```SQL
+START PIPE<PipeId>
+```
+
+**示例:**
+
+```SQL
+START PIPE A2B
+```
+
+## 3. 停止任务
+
+**语法:**
+
+```SQL
+STOP PIPE <PipeId>
+```
+
+**示例:**
+
+```SQL
+STOP PIPE A2B
+```
+
+## 4. 删除任务
+
+**语法:**
+
+```SQL
+DROP PIPE [IF EXISTS] <PipeId>
+```
+
+**示例:**
+
+```SQL
+DROP PIPE IF EXISTS A2B
+```
+
+## 5. 查看任务
+
+**语法:**
+
+```SQL
+-- 查看全部任务
+SHOW PIPES
+-- 查看指定任务
+SHOW PIPE <PipeId>
+```
+
+**示例:**
+
+```SQL
+SHOW PIPES
+
+SHOW PIPE A2B
+```
+
+## 6. 修改任务
+
+**语法:**
+
+```SQL
+ALTER PIPE [IF EXISTS] <PipeId>
+ MODIFY/REPLACE SOURCE(...)
+ MODIFY/REPLACE PROCESSOR(...)
+ MODIFY/REPLACE SINK(...)
+```
+
+**示例:**
+
+```SQL
+ALTER PIPE A2B REPLACE SINK ('sink'='iotdb-thrift-sink', 'node-urls' =
'127.0.0.1:6668');
+```
diff --git a/src/zh/UserGuide/Master/Table/SQL-Manual/SQL-Data-Sync_timecho.md
b/src/zh/UserGuide/Master/Table/SQL-Manual/SQL-Data-Sync_timecho.md
new file mode 100644
index 00000000..e272c905
--- /dev/null
+++ b/src/zh/UserGuide/Master/Table/SQL-Manual/SQL-Data-Sync_timecho.md
@@ -0,0 +1,320 @@
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+-->
+# 数据同步
+
+本文档主要为数据同步功能的SQL语句,详细功能介绍及使用说明见 [数据同步](../User-Manual/Data-Sync_timecho.md)
+
+## 1. 创建任务
+
+**语法:**
+
+```SQL
+CREATE PIPE [IF NOT EXISTS] <PipeId> -- PipeId 是能够唯一标定任务的名字
+-- 数据抽取插件,可选插件
+WITH SOURCE (
+ [<parameter> = <value>,],
+)
+-- 数据处理插件,可选插件
+WITH PROCESSOR (
+ [<parameter> = <value>,],
+)
+-- 数据连接插件,必填插件
+WITH SINK (
+ [<parameter> = <value>,],
+)
+```
+
+**示例一:全量数据同步**
+
+```SQL
+create pipe A2B
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6668',
+)
+```
+
+**示例二:部分数据同步**
+
+```SQL
+create pipe A2B
+WITH SOURCE (
+ 'source'= 'iotdb-source',
+ 'mode.streaming' = 'true'
+ 'database-name'='db_b.*',
+ 'start-time' = '2023.08.23T08:00:00+00:00',
+ 'end-time' = '2023.10.23T08:00:00+00:00'
+)
+with SINK (
+ 'sink'='iotdb-thrift-async-sink',
+ 'node-urls' = '127.0.0.1:6668',
+)
+```
+
+**示例三:双向数据传输**
+
+* 在 A IoTDB 上执行下列语句
+
+```SQL
+create pipe AB
+with source (
+ 'source.mode.double-living' ='true'
+)
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6668',
+)
+```
+
+* 在 B IoTDB 上执行下列语句
+
+```SQL
+create pipe BA
+with source (
+ 'source.mode.double-living' ='true'
+)
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6667',
+)
+```
+
+**示例四:边云数据传输**
+
+* 在 B IoTDB 上执行下列语句,将 B 中数据同步至 A
+
+```SQL
+create pipe BA
+with source (
+ 'database-name'='db_b.*',
+ 'table-name'='.*',
+)
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6667',
+)
+```
+
+* 在 C IoTDB 上执行下列语句,将 C 中数据同步至 A
+
+```SQL
+create pipe CA
+with source (
+ 'database-name'='db_c.*',
+ 'table-name'='.*',
+)
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6668',
+)
+```
+
+* 在 D IoTDB 上执行下列语句,将 D 中数据同步至 A
+
+```SQL
+create pipe DA
+with source (
+ 'database-name'='db_d.*',
+ 'table-name'='.*',
+)
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6669',
+)
+```
+
+**示例五:级联数据传输**
+
+* 在 A IoTDB 上执行下列语句,将 A 中数据同步至 B
+
+```SQL
+create pipe AB
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6668',
+)
+```
+
+* 在 B IoTDB 上执行下列语句,将 B 中数据同步至 C
+
+```SQL
+create pipe BC
+with source (
+)
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6669',
+)
+```
+
+**示例六:跨网闸数据传输**
+
+```SQL
+create pipe A2B
+with sink (
+ 'sink'='iotdb-air-gap-sink',
+ 'node-urls' = '10.53.53.53:9780',
+)
+```
+
+**示例七:压缩同步**
+
+```SQL
+create pipe A2B
+with sink (
+ 'node-urls' = '127.0.0.1:6668',
+ 'compressor' = 'snappy,lz4',
+ 'rate-limit-bytes-per-second'='1048576'
+)
+```
+
+**示例八:加密同步**
+
+```SQL
+create pipe A2B
+with sink (
+ 'sink'='iotdb-thrift-ssl-sink',
+ 'node-urls'='127.0.0.1:6667',
+ 'ssl.trust-store-path'='pki/trusted',
+ 'ssl.trust-store-pwd'='root'
+)
+```
+
+**示例九:本地导出 Object 类型数据**
+
+```SQL
+CREATE PIPE tsfile_export_local
+WITH SOURCE (
+ 'source' = 'iotdb-source',
+ 'table-name' = 'test_table'
+)
+WITH PROCESSOR (
+ 'processor' = 'do-nothing-processor'
+)
+WITH SINK (
+ 'sink' = 'tsfile-local-sink',
+ 'sink.local.target-path' = '/data/backup/export_2024'
+ 'sink.rate-limit-bytes-per-second' = '10485760'
+);
+```
+
+**示例十:远程传输 Object 类型数据**
+
+* 该方式需提前注册 `tsfile_remote_sink` 插件
+
+```SQL
+CREATE PIPE tsfile_export_scp
+WITH SOURCE (
+ 'source' = 'iotdb-source',
+ 'table-name' = 'test_table'
+)
+WITH PROCESSOR (
+ 'processor' = 'do-nothing-processor'
+)
+WITH SINK (
+ 'sink' = 'tsfile_remote_sink',
+ 'sink.file-mode' = 'scp',
+ 'sink.scp.host' = '192.168.1.100',
+ 'sink.scp.port' = '22',
+ 'sink.scp.user' = 'backup_user',
+ 'sink.scp.password' = 'ComplexPass123!',
+ 'sink.scp.remote-path' = '/remote/archive/',
+ 'sink.rate-limit-bytes-per-second' = '10485760'
+);
+```
+
+## 2. 开始任务
+
+**语法:**
+
+```SQL
+START PIPE<PipeId>
+```
+
+**示例:**
+
+```SQL
+START PIPE A2B
+```
+
+## 3. 停止任务
+
+**语法:**
+
+```SQL
+STOP PIPE <PipeId>
+```
+
+**示例:**
+
+```SQL
+STOP PIPE A2B
+```
+
+## 4. 删除任务
+
+**语法:**
+
+```SQL
+DROP PIPE [IF EXISTS] <PipeId>
+```
+
+**示例:**
+
+```SQL
+DROP PIPE IF EXISTS A2B
+```
+
+## 5. 查看任务
+
+**语法:**
+
+```SQL
+-- 查看全部任务
+SHOW PIPES
+-- 查看指定任务
+SHOW PIPE <PipeId>
+```
+
+**示例:**
+
+```SQL
+SHOW PIPES
+
+SHOW PIPE A2B
+```
+
+## 6. 修改任务
+
+**语法:**
+
+```SQL
+ALTER PIPE [IF EXISTS] <PipeId>
+ MODIFY/REPLACE SOURCE(...)
+ MODIFY/REPLACE PROCESSOR(...)
+ MODIFY/REPLACE SINK(...)
+```
+
+**示例:**
+
+```SQL
+ALTER PIPE A2B REPLACE SINK ('sink'='iotdb-thrift-sink', 'node-urls' =
'127.0.0.1:6668');
+```
diff --git
a/src/zh/UserGuide/latest-Table/SQL-Manual/SQL-Authority-Management_apache.md
b/src/zh/UserGuide/latest-Table/SQL-Manual/SQL-Authority-Management_apache.md
new file mode 100644
index 00000000..247e0d2b
--- /dev/null
+++
b/src/zh/UserGuide/latest-Table/SQL-Manual/SQL-Authority-Management_apache.md
@@ -0,0 +1,371 @@
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+-->
+# 权限管理
+
+本文档为 V2.0.7 版本起权限管理的 SQL
手册,详细功能使用可见[权限管理](../User-Manual/Authority-Management-Upgrade_apache.md),如需查阅
V2.0.7 版本之前权限管理的功能介绍可参考[权限管理](../User-Manual/Authority-Management_apache.md)
+
+## 1. 权限列表
+
+<table>
+ <tbody>
+ <tr>
+ <th>权限类型</th>
+ <th>权限名称</th>
+ <th>生效范围</th>
+ <th>描述</th>
+ </tr>
+ <!-- 全局权限 - SYSTEM -->
+ <tr>
+ <td rowspan="16">全局权限</td>
+ <td rowspan="6">SYSTEM</td>
+ <td rowspan="6">全局</td>
+ <td>允许用户创建、修改、删除数据库。</td>
+ </tr>
+ <tr>
+ <td>允许用户创建、修改、删除表及表视图。</td>
+ </tr>
+ <tr>
+ <td>允许用户创建、删除、查看用户自定义函数。</td>
+ </tr>
+ <tr>
+ <td>允许用户创建、开始、停止、删除、查看PIPE。允许用户创建、删除、查看PIPEPLUGINS。</td>
+ </tr>
+ <tr>
+ <td>允许用户查询、取消查询。允许用户查看变量。允许用户查看集群状态。</td>
+ </tr>
+ <tr>
+ <td>允许用户创建、删除、查看深度学习模型。</td>
+ </tr>
+ <!-- 全局权限 - SECURITY -->
+ <tr>
+ <td rowspan="10">SECURITY</td>
+ <td rowspan="10">全局</td>
+ <td>允许用户创建用户。</td>
+ </tr>
+ <tr>
+ <td>允许用户删除用户。</td>
+ </tr>
+ <tr>
+ <td>允许用户修改用户密码。</td>
+ </tr>
+ <tr>
+ <td>允许用户查看用户的权限信息。</td>
+ </tr>
+ <tr>
+ <td>允许用户列出所有用户。</td>
+ </tr>
+ <tr>
+ <td>允许用户创建角色。</td>
+ </tr>
+ <tr>
+ <td>允许用户删除角色。</td>
+ </tr>
+ <tr>
+ <td>允许用户查看角色的权限信息。</td>
+ </tr>
+ <tr>
+ <td>允许用户将角色授予某个用户或撤销。</td>
+ </tr>
+ <tr>
+ <td>允许用户列出所有角色。</td>
+ </tr>
+ <!-- 数据权限 - CREATE -->
+ <tr>
+ <td rowspan="15">数据权限</td>
+ <td rowspan="3">CREATE</td>
+ <td>ANY</td>
+ <td>允许创建任意表、创建任意数据库。</td>
+ </tr>
+ <tr>
+ <td>数据库</td>
+ <td>允许用户在该数据库下创建表;允许用户创建该名称的数据库。</td>
+ </tr>
+ <tr>
+ <td>表</td>
+ <td>允许用户创建该名称的表。</td>
+ </tr>
+ <!-- 数据权限 - ALTER -->
+ <tr>
+ <td rowspan="3">ALTER</td>
+ <td>ANY</td>
+ <td>允许修改任意表的定义、任意数据库的定义。</td>
+ </tr>
+ <tr>
+ <td>数据库</td>
+ <td>允许用户修改数据库的定义,允许用户修改数据库下表的定义。</td>
+ </tr>
+ <tr>
+ <td>表</td>
+ <td>允许用户修改表的定义。</td>
+ </tr>
+ <!-- 数据权限 - SELECT -->
+ <tr>
+ <td rowspan="3">SELECT</td>
+ <td>ANY</td>
+ <td>允许查询系统内任意数据库中任意表的数据。</td>
+ </tr>
+ <tr>
+ <td>数据库</td>
+ <td>允许用户查询该数据库中任意表的数据。</td>
+ </tr>
+ <tr>
+ <td>表</td>
+ <td>允许用户查询该表中的数据。执行多表查询时,数据库仅展示用户有权限访问的数据。</td>
+ </tr>
+ <!-- 数据权限 - INSERT -->
+ <tr>
+ <td rowspan="3">INSERT</td>
+ <td>ANY</td>
+ <td>允许任意数据库的任意表插入/更新数据。</td>
+ </tr>
+ <tr>
+ <td>数据库</td>
+ <td>允许用户向该数据库范围内任意表插入/更新数据。</td>
+ </tr>
+ <tr>
+ <td>表</td>
+ <td>允许用户向该表中插入/更新数据。</td>
+ </tr>
+ <!-- 数据权限 - DELETE -->
+ <tr>
+ <td rowspan="3">DELETE</td>
+ <td>ANY</td>
+ <td>允许删除任意表的数据。</td>
+ </tr>
+ <tr>
+ <td>数据库</td>
+ <td>允许用户删除该数据库范围内的数据。</td>
+ </tr>
+ <tr>
+ <td>表</td>
+ <td>允许用户删除该表中的数据。</td>
+ </tr>
+ </tbody>
+</table>
+
+## 2. SQL 语句
+
+### 2.1 用户与角色管理
+
+1. 创建用户(需 SECURITY 权限)
+
+```SQL
+CREATE USER <USERNAME> <PASSWORD>
+eg: CREATE USER user1 'passwd';
+```
+
+2. 修改密码
+
+用户可以修改自己的密码,但修改其他用户密码需要具备 SECURITY 权限。
+
+```SQL
+ALTER USER <USERNAME> SET PASSWORD <password>
+eg: ALTER USER tempuser SET PASSWORD 'newpwd';
+```
+
+3. 删除用户(需 SECURITY 权限)
+
+```SQL
+DROP USER <USERNAME>
+eg: DROP USER user1;
+```
+
+4. 创建角色 (需 SECURITY 权限)
+
+```SQL
+CREATE ROLE <ROLENAME>
+eg: CREATE ROLE role1;
+```
+
+5. 删除角色 (需 SECURITY 权限)
+
+```SQL
+DROP ROLE <ROLENAME>
+eg: DROP ROLE role1;
+```
+
+6. 赋予用户角色 (需 SECURITY 权限)
+
+```SQL
+GRANT ROLE <ROLENAME> TO <USERNAME>
+eg: GRANT ROLE admin TO user1;
+```
+
+7. 移除用户角色 (需 SECURITY 权限)
+
+```SQL
+REVOKE ROLE <ROLENAME> FROM <USERNAME>
+eg: REVOKE ROLE admin FROM user1;
+```
+
+8. 列出所有用户(需 SECURITY 权限)
+
+```SQL
+LIST USER;
+```
+
+9. 列出所有的角色 (需 SECURITY 权限)
+
+```SQL
+LIST ROLE;
+```
+
+10. 列出指定角色下所有用户(需 SECURITY 权限)
+
+```SQL
+LIST USER OF ROLE <ROLENAME>
+eg: LIST USER OF ROLE roleuser;
+```
+
+11. 列出指定用户下的所有角色
+
+用户可以列出自己的角色,但列出其他用户的角色需要拥有 SECURITY 权限。
+
+```SQL
+LIST ROLE OF USER <USERNAME>
+eg: LIST ROLE OF USER tempuser;
+```
+
+12. 列出用户所有权限
+
+用户可以列出自己的权限信息,但列出其他用户的权限需要拥有 SECURITY 权限。
+
+```SQL
+LIST PRIVILEGES OF USER <USERNAME>
+eg: LIST PRIVILEGES OF USER tempuser;
+```
+
+13. 列出角色所有权限
+
+用户可以列出自己具有的角色的权限信息,列出其他角色的权限需要有 SECURITY 权限。
+
+```SQL
+LIST PRIVILEGES OF ROLE <ROLENAME>
+eg: LIST PRIVILEGES OF ROLE actor;
+```
+
+### 2.2 权限管理
+
+#### 2.2.1 授予权限
+
+1. 给用户授予管理用户的权限
+
+```SQL
+GRANT SECURITY TO USER <USERNAME>
+eg: GRANT SECURITY TO USER TEST_USER;
+```
+
+2. 给用户授予创建数据库及在数据库范围内创建表的权限,且允许用户在该范围内管理权限
+
+```SQL
+GRANT CREATE ON DATABASE <DATABASE> TO USER <USERNAME> WITH GRANT OPTION
+eg: GRANT CREATE ON DATABASE TESTDB TO USER TEST_USER WITH GRANT OPTION;
+```
+
+3. 给角色授予查询数据库的权限
+
+```SQL
+GRANT SELECT ON DATABASE <DATABASE>TO ROLE <ROLENAME>
+eg: GRANT SELECT ON DATABASE TESTDB TO ROLE TEST_ROLE;
+```
+
+4. 给用户授予查询表的权限
+
+```SQL
+GRANT SELECT ON <DATABASE>.<TABLENAME> TO USER <USERNAME>
+eg: GRANT SELECT ON TESTDB.TESTTABLE TO USER TEST_USER;
+```
+
+5. 给角色授予查询所有数据库及表的权限
+
+```SQL
+GRANT SELECT ON ANY TO ROLE <ROLENAME>
+eg: GRANT SELECT ON ANY TO ROLE TEST_ROLE;
+```
+
+6. ALL 语法糖:ALL 表示对象范围内所有权限,可以使用 ALL 字段灵活地授予权限。
+
+```SQL
+GRANT ALL TO USER TESTUSER;
+-- 将用户可以获取的所有权限授予给用户,包括全局权限和 ANY 范围的所有数据权限
+
+GRANT ALL ON ANY TO USER TESTUSER;
+-- 将 ANY 范围内可以获取的所有权限授予给用户,执行该语句后,用户将拥有在所有数据库上的所有数据权限
+
+GRANT ALL ON DATABASE TESTDB TO USER TESTUSER;
+-- 将 DB 范围内可以获取的所有权限授予给用户,执行该语句后,用户将拥有在该数据库上的所有数据权限
+
+GRANT ALL ON TABLE TESTTABLE TO USER TESTUSER;
+-- 将 TABLE 范围内可以获取的所有权限授予给用户,执行该语句后,用户将拥有在该表上的所有数据权限
+```
+
+#### 2.2.2 撤销权限
+
+1. 取消用户管理用户的权限
+
+```SQL
+REVOKE SECURITY FROM USER <USERNAME>
+eg: REVOKE SECURITY FROM USER TEST_USER;
+```
+
+2. 取消用户创建数据库及在数据库范围内创建表的权限
+
+```SQL
+REVOKE CREATE ON DATABASE <DATABASE> FROM USER <USERNAME>
+eg: REVOKE CREATE ON DATABASE TEST_DB FROM USER TEST_USER;
+```
+
+3. 取消用户查询表的权限
+
+```SQL
+REVOKE SELECT ON <DATABASE>.<TABLENAME> FROM USER <USERNAME>
+eg: REVOKE SELECT ON TESTDB.TESTTABLE FROM USER TEST_USER;
+```
+
+4. 取消用户查询所有数据库及表的权限
+
+```SQL
+REVOKE SELECT ON ANY FROM USER <USERNAME>
+eg: REVOKE SELECT ON ANY FROM USER TEST_USER;
+```
+
+5. ALL 语法糖:ALL 表示对象范围内所有权限,可以使用 ALL 字段灵活地撤销权限。
+
+```SQL
+REVOKE ALL FROM USER TESTUSER;
+-- 取消用户所有的全局权限以及 ANY 范围的所有数据权限
+
+REVOKE ALL ON ANY FROM USER TESTUSER;
+-- 取消用户 ANY 范围的所有数据权限,不会影响 DB 范围和 TABLE 范围的权限
+
+REVOKE ALL ON DATABASE TESTDB FROM USER TESTUSER;
+-- 取消用户在 DB 上的所有数据权限,不会影响 TABLE 权限
+
+REVOKE ALL ON TABLE TESTDB FROM USER TESTUSER;
+-- 取消用户在 TABLE 上的所有数据权限
+```
+
+#### 2.2.3 查看用户权限
+
+```SQL
+LIST PRIVILEGES OF USER <USERNAME>
+eg: LIST PRIVILEGES OF USER tempuser
+```
diff --git
a/src/zh/UserGuide/latest-Table/SQL-Manual/SQL-Authority-Management_timecho.md
b/src/zh/UserGuide/latest-Table/SQL-Manual/SQL-Authority-Management_timecho.md
new file mode 100644
index 00000000..34fc1bf5
--- /dev/null
+++
b/src/zh/UserGuide/latest-Table/SQL-Manual/SQL-Authority-Management_timecho.md
@@ -0,0 +1,377 @@
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+-->
+# 权限管理
+
+本文档为 V2.0.7 版本起权限管理的 SQL
手册,详细功能使用可见[权限管理](../User-Manual/Authority-Management-Upgrade_timecho.md),如需查阅
V2.0.7 版本之前权限管理的功能介绍可参考[权限管理](../User-Manual/Authority-Management_timecho.md)
+
+## 1. 权限列表
+
+<table>
+ <tbody>
+ <tr>
+ <th>权限类型</th>
+ <th>权限名称</th>
+ <th>生效范围</th>
+ <th>描述</th>
+ </tr>
+ <!-- 全局权限 - SYSTEM -->
+ <tr>
+ <td rowspan="17">全局权限</td>
+ <td rowspan="6">SYSTEM</td>
+ <td rowspan="6">全局</td>
+ <td>允许用户创建、修改、删除数据库。</td>
+ </tr>
+ <tr>
+ <td>允许用户创建、修改、删除表及表视图。</td>
+ </tr>
+ <tr>
+ <td>允许用户创建、删除、查看用户自定义函数。</td>
+ </tr>
+ <tr>
+ <td>允许用户创建、开始、停止、删除、查看PIPE。允许用户创建、删除、查看PIPEPLUGINS。</td>
+ </tr>
+ <tr>
+ <td>允许用户查询、取消查询。允许用户查看变量。允许用户查看集群状态。</td>
+ </tr>
+ <tr>
+ <td>允许用户创建、删除、查看深度学习模型。</td>
+ </tr>
+ <!-- 全局权限 - SECURITY -->
+ <tr>
+ <td rowspan="10">SECURITY</td>
+ <td rowspan="10">全局</td>
+ <td>允许用户创建用户。</td>
+ </tr>
+ <tr>
+ <td>允许用户删除用户。</td>
+ </tr>
+ <tr>
+ <td>允许用户修改用户密码。</td>
+ </tr>
+ <tr>
+ <td>允许用户查看用户的权限信息。</td>
+ </tr>
+ <tr>
+ <td>允许用户列出所有用户。</td>
+ </tr>
+ <tr>
+ <td>允许用户创建角色。</td>
+ </tr>
+ <tr>
+ <td>允许用户删除角色。</td>
+ </tr>
+ <tr>
+ <td>允许用户查看角色的权限信息。</td>
+ </tr>
+ <tr>
+ <td>允许用户将角色授予某个用户或撤销。</td>
+ </tr>
+ <tr>
+ <td>允许用户列出所有角色。</td>
+ </tr>
+ <!-- 全局权限 - AUDIT(新增) -->
+ <tr>
+ <td>AUDIT</td>
+ <td>全局</td>
+ <td>允许用户维护审计日志的规则 允许用户查看审计日志。</td>
+ </tr>
+ <!-- 数据权限 - CREATE -->
+ <tr>
+ <td rowspan="15">数据权限</td>
+ <td rowspan="3">CREATE</td>
+ <td>ANY</td>
+ <td>允许创建任意表、创建任意数据库。</td>
+ </tr>
+ <tr>
+ <td>数据库</td>
+ <td>允许用户在该数据库下创建表;允许用户创建该名称的数据库。</td>
+ </tr>
+ <tr>
+ <td>表</td>
+ <td>允许用户创建该名称的表。</td>
+ </tr>
+ <!-- 数据权限 - ALTER -->
+ <tr>
+ <td rowspan="3">ALTER</td>
+ <td>ANY</td>
+ <td>允许修改任意表的定义、任意数据库的定义。</td>
+ </tr>
+ <tr>
+ <td>数据库</td>
+ <td>允许用户修改数据库的定义,允许用户修改数据库下表的定义。</td>
+ </tr>
+ <tr>
+ <td>表</td>
+ <td>允许用户修改表的定义。</td>
+ </tr>
+ <!-- 数据权限 - SELECT -->
+ <tr>
+ <td rowspan="3">SELECT</td>
+ <td>ANY</td>
+ <td>允许查询系统内任意数据库中任意表的数据。</td>
+ </tr>
+ <tr>
+ <td>数据库</td>
+ <td>允许用户查询该数据库中任意表的数据。</td>
+ </tr>
+ <tr>
+ <td>表</td>
+ <td>允许用户查询该表中的数据。执行多表查询时,数据库仅展示用户有权限访问的数据。</td>
+ </tr>
+ <!-- 数据权限 - INSERT -->
+ <tr>
+ <td rowspan="3">INSERT</td>
+ <td>ANY</td>
+ <td>允许任意数据库的任意表插入/更新数据。</td>
+ </tr>
+ <tr>
+ <td>数据库</td>
+ <td>允许用户向该数据库范围内任意表插入/更新数据。</td>
+ </tr>
+ <tr>
+ <td>表</td>
+ <td>允许用户向该表中插入/更新数据。</td>
+ </tr>
+ <!-- 数据权限 - DELETE -->
+ <tr>
+ <td rowspan="3">DELETE</td>
+ <td>ANY</td>
+ <td>允许删除任意表的数据。</td>
+ </tr>
+ <tr>
+ <td>数据库</td>
+ <td>允许用户删除该数据库范围内的数据。</td>
+ </tr>
+ <tr>
+ <td>表</td>
+ <td>允许用户删除该表中的数据。</td>
+ </tr>
+ </tbody>
+</table>
+
+## 2. SQL 语句
+
+### 2.1 用户与角色管理
+
+1. 创建用户(需 SECURITY 权限)
+
+```SQL
+CREATE USER <USERNAME> <PASSWORD>
+eg: CREATE USER user1 'Passwd@202604';
+```
+
+2. 修改密码
+
+用户可以修改自己的密码,但修改其他用户密码需要具备 SECURITY 权限。
+
+```SQL
+ALTER USER <USERNAME> SET PASSWORD <password>
+eg: ALTER USER tempuser SET PASSWORD 'Newpwd@202604';
+```
+
+3. 删除用户(需 SECURITY 权限)
+
+```SQL
+DROP USER <USERNAME>
+eg: DROP USER user1;
+```
+
+4. 创建角色 (需 SECURITY 权限)
+
+```SQL
+CREATE ROLE <ROLENAME>
+eg: CREATE ROLE role1;
+```
+
+5. 删除角色 (需 SECURITY 权限)
+
+```SQL
+DROP ROLE <ROLENAME>
+eg: DROP ROLE role1;
+```
+
+6. 赋予用户角色 (需 SECURITY 权限)
+
+```SQL
+GRANT ROLE <ROLENAME> TO <USERNAME>
+eg: GRANT ROLE admin TO user1;
+```
+
+7. 移除用户角色 (需 SECURITY 权限)
+
+```SQL
+REVOKE ROLE <ROLENAME> FROM <USERNAME>
+eg: REVOKE ROLE admin FROM user1;
+```
+
+8. 列出所有用户(需 SECURITY 权限)
+
+```SQL
+LIST USER;
+```
+
+9. 列出所有的角色 (需 SECURITY 权限)
+
+```SQL
+LIST ROLE;
+```
+
+10. 列出指定角色下所有用户(需 SECURITY 权限)
+
+```SQL
+LIST USER OF ROLE <ROLENAME>
+eg: LIST USER OF ROLE roleuser;
+```
+
+11. 列出指定用户下的所有角色
+
+用户可以列出自己的角色,但列出其他用户的角色需要拥有 SECURITY 权限。
+
+```SQL
+LIST ROLE OF USER <USERNAME>
+eg: LIST ROLE OF USER tempuser;
+```
+
+12. 列出用户所有权限
+
+用户可以列出自己的权限信息,但列出其他用户的权限需要拥有 SECURITY 权限。
+
+```SQL
+LIST PRIVILEGES OF USER <USERNAME>
+eg: LIST PRIVILEGES OF USER tempuser;
+```
+
+13. 列出角色所有权限
+
+用户可以列出自己具有的角色的权限信息,列出其他角色的权限需要有 SECURITY 权限。
+
+```SQL
+LIST PRIVILEGES OF ROLE <ROLENAME>
+eg: LIST PRIVILEGES OF ROLE actor;
+```
+
+### 2.2 权限管理
+
+#### 2.2.1 授予权限
+
+1. 给用户授予管理用户的权限
+
+```SQL
+GRANT SECURITY TO USER <USERNAME>
+eg: GRANT SECURITY TO USER TEST_USER;
+```
+
+2. 给用户授予创建数据库及在数据库范围内创建表的权限,且允许用户在该范围内管理权限
+
+```SQL
+GRANT CREATE ON DATABASE <DATABASE> TO USER <USERNAME> WITH GRANT OPTION
+eg: GRANT CREATE ON DATABASE TESTDB TO USER TEST_USER WITH GRANT OPTION;
+```
+
+3. 给角色授予查询数据库的权限
+
+```SQL
+GRANT SELECT ON DATABASE <DATABASE>TO ROLE <ROLENAME>
+eg: GRANT SELECT ON DATABASE TESTDB TO ROLE TEST_ROLE;
+```
+
+4. 给用户授予查询表的权限
+
+```SQL
+GRANT SELECT ON <DATABASE>.<TABLENAME> TO USER <USERNAME>
+eg: GRANT SELECT ON TESTDB.TESTTABLE TO USER TEST_USER;
+```
+
+5. 给角色授予查询所有数据库及表的权限
+
+```SQL
+GRANT SELECT ON ANY TO ROLE <ROLENAME>
+eg: GRANT SELECT ON ANY TO ROLE TEST_ROLE;
+```
+
+6. ALL 语法糖:ALL 表示对象范围内所有权限,可以使用 ALL 字段灵活地授予权限。
+
+```SQL
+GRANT ALL TO USER TESTUSER;
+-- 将用户可以获取的所有权限授予给用户,包括全局权限和 ANY 范围的所有数据权限
+
+GRANT ALL ON ANY TO USER TESTUSER;
+-- 将 ANY 范围内可以获取的所有权限授予给用户,执行该语句后,用户将拥有在所有数据库上的所有数据权限
+
+GRANT ALL ON DATABASE TESTDB TO USER TESTUSER;
+-- 将 DB 范围内可以获取的所有权限授予给用户,执行该语句后,用户将拥有在该数据库上的所有数据权限
+
+GRANT ALL ON TABLE TESTTABLE TO USER TESTUSER;
+-- 将 TABLE 范围内可以获取的所有权限授予给用户,执行该语句后,用户将拥有在该表上的所有数据权限
+```
+
+#### 2.2.2 撤销权限
+
+1. 取消用户管理用户的权限
+
+```SQL
+REVOKE SECURITY FROM USER <USERNAME>
+eg: REVOKE SECURITY FROM USER TEST_USER;
+```
+
+2. 取消用户创建数据库及在数据库范围内创建表的权限
+
+```SQL
+REVOKE CREATE ON DATABASE <DATABASE> FROM USER <USERNAME>
+eg: REVOKE CREATE ON DATABASE TEST_DB FROM USER TEST_USER;
+```
+
+3. 取消用户查询表的权限
+
+```SQL
+REVOKE SELECT ON <DATABASE>.<TABLENAME> FROM USER <USERNAME>
+eg: REVOKE SELECT ON TESTDB.TESTTABLE FROM USER TEST_USER;
+```
+
+4. 取消用户查询所有数据库及表的权限
+
+```SQL
+REVOKE SELECT ON ANY FROM USER <USERNAME>
+eg: REVOKE SELECT ON ANY FROM USER TEST_USER;
+```
+
+5. ALL 语法糖:ALL 表示对象范围内所有权限,可以使用 ALL 字段灵活地撤销权限。
+
+```SQL
+REVOKE ALL FROM USER TESTUSER;
+-- 取消用户所有的全局权限以及 ANY 范围的所有数据权限
+
+REVOKE ALL ON ANY FROM USER TESTUSER;
+-- 取消用户 ANY 范围的所有数据权限,不会影响 DB 范围和 TABLE 范围的权限
+
+REVOKE ALL ON DATABASE TESTDB FROM USER TESTUSER;
+-- 取消用户在 DB 上的所有数据权限,不会影响 TABLE 权限
+
+REVOKE ALL ON TABLE TESTDB FROM USER TESTUSER;
+-- 取消用户在 TABLE 上的所有数据权限
+```
+
+#### 2.2.3 查看用户权限
+
+```SQL
+LIST PRIVILEGES OF USER <USERNAME>
+eg: LIST PRIVILEGES OF USER tempuser
+```
diff --git a/src/zh/UserGuide/latest-Table/SQL-Manual/SQL-Data-Sync_apache.md
b/src/zh/UserGuide/latest-Table/SQL-Manual/SQL-Data-Sync_apache.md
new file mode 100644
index 00000000..13d050c9
--- /dev/null
+++ b/src/zh/UserGuide/latest-Table/SQL-Manual/SQL-Data-Sync_apache.md
@@ -0,0 +1,239 @@
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+-->
+# 数据同步
+
+本文档主要为数据同步功能的SQL语句,详细功能介绍及使用说明见 [数据同步](../User-Manual/Data-Sync_apache.md)
+
+## 1. 创建任务
+
+**语法:**
+
+```SQL
+CREATE PIPE [IF NOT EXISTS] <PipeId> -- PipeId 是能够唯一标定任务的名字
+-- 数据抽取插件,可选插件
+WITH SOURCE (
+ [<parameter> = <value>,],
+)
+-- 数据处理插件,可选插件
+WITH PROCESSOR (
+ [<parameter> = <value>,],
+)
+-- 数据连接插件,必填插件
+WITH SINK (
+ [<parameter> = <value>,],
+)
+```
+
+**示例一:全量数据同步**
+
+```SQL
+create pipe A2B
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6668',
+)
+```
+
+**示例二:部分数据同步**
+
+```SQL
+create pipe A2B
+WITH SOURCE (
+ 'source'= 'iotdb-source',
+ 'mode.streaming' = 'true'
+ 'database-name'='db_b.*',
+ 'start-time' = '2023.08.23T08:00:00+00:00',
+ 'end-time' = '2023.10.23T08:00:00+00:00'
+)
+with SINK (
+ 'sink'='iotdb-thrift-async-sink',
+ 'node-urls' = '127.0.0.1:6668',
+)
+```
+
+**示例三:边云数据传输**
+
+* 在 B IoTDB 上执行下列语句,将 B 中数据同步至 A
+
+```SQL
+create pipe BA
+with source (
+ 'database-name'='db_b.*',
+ 'table-name'='.*',
+)
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6667',
+)
+```
+
+* 在 C IoTDB 上执行下列语句,将 C 中数据同步至 A
+
+```SQL
+create pipe CA
+with source (
+ 'database-name'='db_c.*',
+ 'table-name'='.*',
+)
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6668',
+)
+```
+
+* 在 D IoTDB 上执行下列语句,将 D 中数据同步至 A
+
+```SQL
+create pipe DA
+with source (
+ 'database-name'='db_d.*',
+ 'table-name'='.*',
+)
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6669',
+)
+```
+
+**示例四:级联数据传输**
+
+* 在 A IoTDB 上执行下列语句,将 A 中数据同步至 B
+
+```SQL
+create pipe AB
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6668',
+)
+```
+
+* 在 B IoTDB 上执行下列语句,将 B 中数据同步至 C
+
+```SQL
+create pipe BC
+with source (
+)
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6669',
+)
+```
+
+**示例五:压缩同步**
+
+```SQL
+create pipe A2B
+with sink (
+ 'node-urls' = '127.0.0.1:6668',
+ 'compressor' = 'snappy,lz4',
+ 'rate-limit-bytes-per-second'='1048576'
+)
+```
+
+**示例六:加密同步**
+
+```SQL
+create pipe A2B
+with sink (
+ 'sink'='iotdb-thrift-ssl-sink',
+ 'node-urls'='127.0.0.1:6667',
+ 'ssl.trust-store-path'='pki/trusted',
+ 'ssl.trust-store-pwd'='root'
+)
+```
+
+## 2. 开始任务
+
+**语法:**
+
+```SQL
+START PIPE<PipeId>
+```
+
+**示例:**
+
+```SQL
+START PIPE A2B
+```
+
+## 3. 停止任务
+
+**语法:**
+
+```SQL
+STOP PIPE <PipeId>
+```
+
+**示例:**
+
+```SQL
+STOP PIPE A2B
+```
+
+## 4. 删除任务
+
+**语法:**
+
+```SQL
+DROP PIPE [IF EXISTS] <PipeId>
+```
+
+**示例:**
+
+```SQL
+DROP PIPE IF EXISTS A2B
+```
+
+## 5. 查看任务
+
+**语法:**
+
+```SQL
+-- 查看全部任务
+SHOW PIPES
+-- 查看指定任务
+SHOW PIPE <PipeId>
+```
+
+**示例:**
+
+```SQL
+SHOW PIPES
+
+SHOW PIPE A2B
+```
+
+## 6. 修改任务
+
+**语法:**
+
+```SQL
+ALTER PIPE [IF EXISTS] <PipeId>
+ MODIFY/REPLACE SOURCE(...)
+ MODIFY/REPLACE PROCESSOR(...)
+ MODIFY/REPLACE SINK(...)
+```
+
+**示例:**
+
+```SQL
+ALTER PIPE A2B REPLACE SINK ('sink'='iotdb-thrift-sink', 'node-urls' =
'127.0.0.1:6668');
+```
diff --git a/src/zh/UserGuide/latest-Table/SQL-Manual/SQL-Data-Sync_timecho.md
b/src/zh/UserGuide/latest-Table/SQL-Manual/SQL-Data-Sync_timecho.md
new file mode 100644
index 00000000..e272c905
--- /dev/null
+++ b/src/zh/UserGuide/latest-Table/SQL-Manual/SQL-Data-Sync_timecho.md
@@ -0,0 +1,320 @@
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+-->
+# 数据同步
+
+本文档主要为数据同步功能的SQL语句,详细功能介绍及使用说明见 [数据同步](../User-Manual/Data-Sync_timecho.md)
+
+## 1. 创建任务
+
+**语法:**
+
+```SQL
+CREATE PIPE [IF NOT EXISTS] <PipeId> -- PipeId 是能够唯一标定任务的名字
+-- 数据抽取插件,可选插件
+WITH SOURCE (
+ [<parameter> = <value>,],
+)
+-- 数据处理插件,可选插件
+WITH PROCESSOR (
+ [<parameter> = <value>,],
+)
+-- 数据连接插件,必填插件
+WITH SINK (
+ [<parameter> = <value>,],
+)
+```
+
+**示例一:全量数据同步**
+
+```SQL
+create pipe A2B
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6668',
+)
+```
+
+**示例二:部分数据同步**
+
+```SQL
+create pipe A2B
+WITH SOURCE (
+ 'source'= 'iotdb-source',
+ 'mode.streaming' = 'true'
+ 'database-name'='db_b.*',
+ 'start-time' = '2023.08.23T08:00:00+00:00',
+ 'end-time' = '2023.10.23T08:00:00+00:00'
+)
+with SINK (
+ 'sink'='iotdb-thrift-async-sink',
+ 'node-urls' = '127.0.0.1:6668',
+)
+```
+
+**示例三:双向数据传输**
+
+* 在 A IoTDB 上执行下列语句
+
+```SQL
+create pipe AB
+with source (
+ 'source.mode.double-living' ='true'
+)
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6668',
+)
+```
+
+* 在 B IoTDB 上执行下列语句
+
+```SQL
+create pipe BA
+with source (
+ 'source.mode.double-living' ='true'
+)
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6667',
+)
+```
+
+**示例四:边云数据传输**
+
+* 在 B IoTDB 上执行下列语句,将 B 中数据同步至 A
+
+```SQL
+create pipe BA
+with source (
+ 'database-name'='db_b.*',
+ 'table-name'='.*',
+)
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6667',
+)
+```
+
+* 在 C IoTDB 上执行下列语句,将 C 中数据同步至 A
+
+```SQL
+create pipe CA
+with source (
+ 'database-name'='db_c.*',
+ 'table-name'='.*',
+)
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6668',
+)
+```
+
+* 在 D IoTDB 上执行下列语句,将 D 中数据同步至 A
+
+```SQL
+create pipe DA
+with source (
+ 'database-name'='db_d.*',
+ 'table-name'='.*',
+)
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6669',
+)
+```
+
+**示例五:级联数据传输**
+
+* 在 A IoTDB 上执行下列语句,将 A 中数据同步至 B
+
+```SQL
+create pipe AB
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6668',
+)
+```
+
+* 在 B IoTDB 上执行下列语句,将 B 中数据同步至 C
+
+```SQL
+create pipe BC
+with source (
+)
+with sink (
+ 'sink'='iotdb-thrift-sink',
+ 'node-urls' = '127.0.0.1:6669',
+)
+```
+
+**示例六:跨网闸数据传输**
+
+```SQL
+create pipe A2B
+with sink (
+ 'sink'='iotdb-air-gap-sink',
+ 'node-urls' = '10.53.53.53:9780',
+)
+```
+
+**示例七:压缩同步**
+
+```SQL
+create pipe A2B
+with sink (
+ 'node-urls' = '127.0.0.1:6668',
+ 'compressor' = 'snappy,lz4',
+ 'rate-limit-bytes-per-second'='1048576'
+)
+```
+
+**示例八:加密同步**
+
+```SQL
+create pipe A2B
+with sink (
+ 'sink'='iotdb-thrift-ssl-sink',
+ 'node-urls'='127.0.0.1:6667',
+ 'ssl.trust-store-path'='pki/trusted',
+ 'ssl.trust-store-pwd'='root'
+)
+```
+
+**示例九:本地导出 Object 类型数据**
+
+```SQL
+CREATE PIPE tsfile_export_local
+WITH SOURCE (
+ 'source' = 'iotdb-source',
+ 'table-name' = 'test_table'
+)
+WITH PROCESSOR (
+ 'processor' = 'do-nothing-processor'
+)
+WITH SINK (
+ 'sink' = 'tsfile-local-sink',
+ 'sink.local.target-path' = '/data/backup/export_2024'
+ 'sink.rate-limit-bytes-per-second' = '10485760'
+);
+```
+
+**示例十:远程传输 Object 类型数据**
+
+* 该方式需提前注册 `tsfile_remote_sink` 插件
+
+```SQL
+CREATE PIPE tsfile_export_scp
+WITH SOURCE (
+ 'source' = 'iotdb-source',
+ 'table-name' = 'test_table'
+)
+WITH PROCESSOR (
+ 'processor' = 'do-nothing-processor'
+)
+WITH SINK (
+ 'sink' = 'tsfile_remote_sink',
+ 'sink.file-mode' = 'scp',
+ 'sink.scp.host' = '192.168.1.100',
+ 'sink.scp.port' = '22',
+ 'sink.scp.user' = 'backup_user',
+ 'sink.scp.password' = 'ComplexPass123!',
+ 'sink.scp.remote-path' = '/remote/archive/',
+ 'sink.rate-limit-bytes-per-second' = '10485760'
+);
+```
+
+## 2. 开始任务
+
+**语法:**
+
+```SQL
+START PIPE<PipeId>
+```
+
+**示例:**
+
+```SQL
+START PIPE A2B
+```
+
+## 3. 停止任务
+
+**语法:**
+
+```SQL
+STOP PIPE <PipeId>
+```
+
+**示例:**
+
+```SQL
+STOP PIPE A2B
+```
+
+## 4. 删除任务
+
+**语法:**
+
+```SQL
+DROP PIPE [IF EXISTS] <PipeId>
+```
+
+**示例:**
+
+```SQL
+DROP PIPE IF EXISTS A2B
+```
+
+## 5. 查看任务
+
+**语法:**
+
+```SQL
+-- 查看全部任务
+SHOW PIPES
+-- 查看指定任务
+SHOW PIPE <PipeId>
+```
+
+**示例:**
+
+```SQL
+SHOW PIPES
+
+SHOW PIPE A2B
+```
+
+## 6. 修改任务
+
+**语法:**
+
+```SQL
+ALTER PIPE [IF EXISTS] <PipeId>
+ MODIFY/REPLACE SOURCE(...)
+ MODIFY/REPLACE PROCESSOR(...)
+ MODIFY/REPLACE SINK(...)
+```
+
+**示例:**
+
+```SQL
+ALTER PIPE A2B REPLACE SINK ('sink'='iotdb-thrift-sink', 'node-urls' =
'127.0.0.1:6668');
+```
