Skip to content

AI Translate 02-user to Simplified-Chinese #2806

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Sep 26, 2025
Merged

AI Translate 02-user to Simplified-Chinese #2806

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
1da654d
[INIT] Start translation to Simplified-Chinese
github-actions[bot] Sep 25, 2025
0426462
🌐 Translate 04-user-create-role.md to Simplified-Chinese
github-actions[bot] Sep 25, 2025
81e1e4c
Merge branch 'main' into translation-833f25b6
BohuTANG Sep 26, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion .translation-init
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1 @@
Translation initialization: 2025-09-25T15:10:29.619330

81 changes: 67 additions & 14 deletions docs/cn/sql-reference/10-sql-commands/00-ddl/02-user/04-user-create-role.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,28 +4,81 @@ sidebar_position: 5
---
import FunctionDescription from '@site/src/components/FunctionDescription';

<FunctionDescription description="新增或更新:v1.2.703"/>
<FunctionDescription description="引入或更新于:v1.2.703"/>

创建一个新的 role。

创建 role 后,您可以将对象权限授予该 role,从而为系统中的对象启用访问控制安全性。

另请参见:[GRANT](10-grant.md)
创建一个新的角色(Role)用于访问控制。角色(Role)用于对权限进行分组,可以分配给用户或其他角色(Role),为在 Databend 中管理权限提供了一种灵活的方式。

## 语法

```sql
CREATE ROLE [ IF NOT EXISTS ] <name> [ COMMENT = '<string_literal>' ]
CREATE ROLE [ IF NOT EXISTS ] <name>
```

- `<name>` 不能包含以下非法字符:
- 单引号 (')
- 双引号 (")
- 退格 (\b)
- 换页 (\f)
**参数:**

- `IF NOT EXISTS`:仅在角色(Role)不存在时创建(推荐使用以避免错误)。
- `<name>`:角色(Role)名称(不能包含单引号、双引号、退格符或换页符)。

## 示例

```sql
CREATE ROLE role1;
```
-- 创建一个基本角色(Role)
CREATE ROLE analyst;

-- 仅在角色(Role)不存在时创建(推荐)
CREATE ROLE IF NOT EXISTS data_viewer;
```

## 常用模式

### 只读分析师角色(Role)

为需要读取销售数据权限的数据分析师创建一个角色(Role):

```sql
-- 创建分析师角色(Role)
CREATE ROLE sales_analyst;

-- 授予读取权限
GRANT SELECT ON sales_db.* TO ROLE sales_analyst;

-- 分配给用户
GRANT ROLE sales_analyst TO 'alice';
GRANT ROLE sales_analyst TO 'bob';
```

### 数据库管理员角色(Role)

为需要完全控制权限的管理员创建一个角色(Role):

```sql
-- 创建管理员角色(Role)
CREATE ROLE sales_admin;

-- 授予数据库的完全权限
GRANT ALL ON sales_db.* TO ROLE sales_admin;

-- 授予用户管理权限
GRANT CREATE USER, CREATE ROLE ON *.* TO ROLE sales_admin;

-- 分配给管理员用户
GRANT ROLE sales_admin TO 'admin_user';
```

### 验证

```sql
-- 检查每个角色(Role)可以执行的操作
SHOW GRANTS FOR ROLE sales_analyst;
SHOW GRANTS FOR ROLE sales_admin;

-- 检查用户权限
SHOW GRANTS FOR 'alice';
SHOW GRANTS FOR 'admin_user';
```

## 另请参阅

- [GRANT](10-grant.md) - 授予权限和角色(Role)
- [SHOW GRANTS](22-show-grants.md) - 查看已授予的权限
- [DROP ROLE](05-user-drop-role.md) - 删除角色(Role)
Loading