From b08ca9fe5f421a284d73fae9e5d62be7c3ef9387 Mon Sep 17 00:00:00 2001 From: joccau Date: Mon, 24 Feb 2025 17:32:47 +0800 Subject: [PATCH 01/11] update doc for max_user_connections. Signed-off-by: joccau --- mysql-schema/mysql-schema-user.md | 3 ++- security-compatibility-with-mysql.md | 2 +- sql-statements/sql-statement-alter-user.md | 3 +++ sql-statements/sql-statement-create-user.md | 20 ++++++++++++++++---- system-variables.md | 11 +++++++++++ 5 files changed, 33 insertions(+), 6 deletions(-) diff --git a/mysql-schema/mysql-schema-user.md b/mysql-schema/mysql-schema-user.md index 01a563bba33b..d9b4063693a6 100644 --- a/mysql-schema/mysql-schema-user.md +++ b/mysql-schema/mysql-schema-user.md @@ -63,8 +63,9 @@ DESC mysql.user; | Password_expired | enum('N','Y') | NO | | N | | | Password_last_changed | timestamp | YES | | CURRENT_TIMESTAMP | | | Password_lifetime | smallint unsigned | YES | | NULL | | +| Max_user_connections | int unsigned | NO | | 0 | | +------------------------+-------------------+------+------+-------------------+-------+ -44 rows in set (0.00 sec) +45 rows in set (0.00 sec) ``` `mysql.user` 表包含多个字段,可分为三组: diff --git a/security-compatibility-with-mysql.md b/security-compatibility-with-mysql.md index 05f4387c2530..bd9c3b3fea33 100644 --- a/security-compatibility-with-mysql.md +++ b/security-compatibility-with-mysql.md @@ -11,7 +11,7 @@ TiDB 支持与 MySQL 5.7 类似的安全特性,同时 TiDB 还支持 MySQL 8.0 ## 不支持的安全功能特性 - 不支持列级别权限设置。 -- 不支持权限属性 `max_questions`,`max_updated` 以及 `max_user_connections`。 +- 不支持权限属性 `max_questions`,`max_updated`。 - 不支持密码修改验证策略,修改密码时需要验证当前密码。 - 不支持双密码策略。 - 不支持随机密码生成策略。 diff --git a/sql-statements/sql-statement-alter-user.md b/sql-statements/sql-statement-alter-user.md index 3cf04fc34692..8f3acff8a358 100644 --- a/sql-statements/sql-statement-alter-user.md +++ b/sql-statements/sql-statement-alter-user.md @@ -32,6 +32,9 @@ Username ::= AuthOption ::= ( 'IDENTIFIED' ( 'BY' ( AuthString | 'PASSWORD' HashString ) | 'WITH' StringName ( 'BY' AuthString | 'AS' HashString )? ) )? +ConnectionOptions ::= + ( 'WITH' 'MAX_USER_CONNECTIONS' N )? + PasswordOption ::= ( 'PASSWORD' 'EXPIRE' ( 'DEFAULT' | 'NEVER' | 'INTERVAL' N 'DAY' )? | 'PASSWORD' 'HISTORY' ( 'DEFAULT' | N ) | 'PASSWORD' 'REUSE' 'INTERVAL' ( 'DEFAULT' | N 'DAY' ) | 'FAILED_LOGIN_ATTEMPTS' N | 'PASSWORD_LOCK_TIME' ( N | 'UNBOUNDED' ) )* LockOption ::= ( 'ACCOUNT' 'LOCK' | 'ACCOUNT' 'UNLOCK' )? diff --git a/sql-statements/sql-statement-create-user.md b/sql-statements/sql-statement-create-user.md index 899393accd39..9eb25d017cfe 100644 --- a/sql-statements/sql-statement-create-user.md +++ b/sql-statements/sql-statement-create-user.md @@ -36,6 +36,9 @@ StringName ::= stringLit | Identifier +ConnectionOptions ::= + ( 'WITH' 'MAX_USER_CONNECTIONS' N )? + PasswordOption ::= ( 'PASSWORD' 'EXPIRE' ( 'DEFAULT' | 'NEVER' | 'INTERVAL' N 'DAY' )? | 'PASSWORD' 'HISTORY' ( 'DEFAULT' | N ) | 'PASSWORD' 'REUSE' 'INTERVAL' ( 'DEFAULT' | N 'DAY' ) @@ -168,18 +171,28 @@ CREATE USER 'newuser9'@'%' PASSWORD EXPIRE; Query OK, 1 row affected (0.02 sec) ``` +创建一个限制最大连接数为 3 的用户。 + +```sql +CREATE USER 'newuser10'@'%' WITH MAX_USER_CONNECTIONS 3; +``` + +``` +Query OK, 1 row affected (0.02 sec) +``` + 创建一个使用资源组 `rg1` 的用户: ```sql -CREATE USER 'newuser7'@'%' RESOURCE GROUP rg1; -SELECT USER, HOST, USER_ATTRIBUTES FROM MYSQL.USER WHERE USER='newuser7'; +CREATE USER 'newuser11'@'%' RESOURCE GROUP rg1; +SELECT USER, HOST, USER_ATTRIBUTES FROM MYSQL.USER WHERE USER='newuser11'; ``` ```sql +-----------+------+---------------------------------------------------+ | USER | HOST | USER_ATTRIBUTES | +-----------+------+---------------------------------------------------+ -| newuser7 | % | {"resource_group": "rg1"} | +| newuser11 | % | {"resource_group": "rg1"} | +-----------+------+---------------------------------------------------+ 1 rows in set (0.00 sec) ``` @@ -191,7 +204,6 @@ TiDB 不支持以下 `CREATE USER` 选项。这些选项可被解析,但会被 * `PASSWORD REQUIRE CURRENT DEFAULT` * `WITH MAX_QUERIES_PER_HOUR` * `WITH MAX_UPDATES_PER_HOUR` -* `WITH MAX_USER_CONNECTIONS` TiDB 也不支持以下 `CREATE USER` 选项。这些选项无法被语法解析器解析。 diff --git a/system-variables.md b/system-variables.md index 58e3186b804d..3c8c21e7bf53 100644 --- a/system-variables.md +++ b/system-variables.md @@ -668,6 +668,17 @@ mysql> SHOW GLOBAL VARIABLES LIKE 'max_prepared_stmt_count'; - 在 `SESSION` 作用域下,该变量为只读变量。 - 该变量的行为与 MySQL 兼容。 +### `max_user_connections` 从 v9.0.0 版本开始引入 + +- 作用域:GLOBAL +- 是否持久化到集群:是 +- 是否受 Hint [SET_VAR](/optimizer-hints.md#set_varvar_namevar_value) 控制:否 +- 类型:整数型 +- 默认值:`0` +- 取值范围:`[0, 100000]` +- 该变量表示 TiDB 中一个用户允许登陆一个 tidb-server instance 的最大连接数目,用于资源控制。 +- 默认情况下,该变量值为 0 表示不限制用户的登录连接数。当本变量的值大于 0 且用户连接数到达此值时,TiDB 服务端将会拒绝此用户的连接。 + ### `mpp_exchange_compression_mode` 从 v6.6.0 版本开始引入 - 作用域:SESSION | GLOBAL From 61e2041cb56eaf215cbf5e6047e6a9fcb131fcd0 Mon Sep 17 00:00:00 2001 From: Zack Zhao <57036248+joccau@users.noreply.github.com> Date: Wed, 26 Feb 2025 10:38:45 +0800 Subject: [PATCH 02/11] Update system-variables.md Co-authored-by: xixirangrang --- system-variables.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/system-variables.md b/system-variables.md index 3c8c21e7bf53..f144b9c7f188 100644 --- a/system-variables.md +++ b/system-variables.md @@ -676,8 +676,8 @@ mysql> SHOW GLOBAL VARIABLES LIKE 'max_prepared_stmt_count'; - 类型:整数型 - 默认值:`0` - 取值范围:`[0, 100000]` -- 该变量表示 TiDB 中一个用户允许登陆一个 tidb-server instance 的最大连接数目,用于资源控制。 -- 默认情况下,该变量值为 0 表示不限制用户的登录连接数。当本变量的值大于 0 且用户连接数到达此值时,TiDB 服务端将会拒绝此用户的连接。 +- 该变量表示 TiDB 中单个用户允许连接至一个 tidb-server 实例的最大连接数,用于资源控制。 +- 默认值为 `0`,表示不限制用户的连接数。当值大于 `0` 且用户连接数达到此值时,TiDB 服务端将拒绝该用户的连接。 ### `mpp_exchange_compression_mode` 从 v6.6.0 版本开始引入 From 4d52737be39d7c41cca61c2c17f0520c9a815876 Mon Sep 17 00:00:00 2001 From: joccau Date: Wed, 26 Feb 2025 13:53:37 +0800 Subject: [PATCH 03/11] update doc Signed-off-by: joccau --- sql-statements/sql-statement-alter-user.md | 17 +++++++++++++++++ sql-statements/sql-statement-create-user.md | 8 +++++++- 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/sql-statements/sql-statement-alter-user.md b/sql-statements/sql-statement-alter-user.md index 8f3acff8a358..7fd4468fd9fe 100644 --- a/sql-statements/sql-statement-alter-user.md +++ b/sql-statements/sql-statement-alter-user.md @@ -180,6 +180,23 @@ ALTER USER 'newuser' PASSWORD REUSE INTERVAL 90 DAY; Query OK, 0 rows affected (0.02 sec) ``` + +通过 `ALTER USER ... WITH MAX_USER_CONNECTIONS N` 修改用户 `newuser` 允许登陆的最大连接数: + +```sql +ALTER USER 'newuser' WITH MAX_USER_CONNECTIONS 3; +SELECT USER, HOST, MAX_USER_CONNECTIONS FROM MYSQL.USER WHERE USER='newuser'; +``` + +``` ++---------+------+----------------------+ +| USER | HOST | MAX_USER_CONNECTIONS | ++---------+------+----------------------+ +| newuser | % | 3 | ++---------+------+----------------------+ +1 row in set (0.01 sec) +``` + ### 修改用户绑定的资源组 通过 `ALTER USER ... RESOURCE GROUP` 修改用户 `newuser` 的资源组到 `rg1`: diff --git a/sql-statements/sql-statement-create-user.md b/sql-statements/sql-statement-create-user.md index 9eb25d017cfe..187267a8264a 100644 --- a/sql-statements/sql-statement-create-user.md +++ b/sql-statements/sql-statement-create-user.md @@ -175,10 +175,16 @@ Query OK, 1 row affected (0.02 sec) ```sql CREATE USER 'newuser10'@'%' WITH MAX_USER_CONNECTIONS 3; +SELECT USER, HOST, MAX_USER_CONNECTIONS FROM MYSQL.USER WHERE USER='newuser10'; ``` ``` -Query OK, 1 row affected (0.02 sec) ++-----------+------+----------------------+ +| user | host | max_user_connections | ++-----------+------+----------------------+ +| newuser10 | % | 3 | ++-----------+------+----------------------+ +1 row in set (0.01 sec) ``` 创建一个使用资源组 `rg1` 的用户: From d1896c1e0fe5cf916a4c24148e525760156befaf Mon Sep 17 00:00:00 2001 From: joccau Date: Fri, 28 Feb 2025 11:20:02 +0800 Subject: [PATCH 04/11] update doc about max_user_connections Signed-off-by: joccau --- mysql-schema/mysql-schema-user.md | 2 +- sql-statements/sql-statement-alter-user.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/mysql-schema/mysql-schema-user.md b/mysql-schema/mysql-schema-user.md index d9b4063693a6..3432074e6aca 100644 --- a/mysql-schema/mysql-schema-user.md +++ b/mysql-schema/mysql-schema-user.md @@ -63,7 +63,7 @@ DESC mysql.user; | Password_expired | enum('N','Y') | NO | | N | | | Password_last_changed | timestamp | YES | | CURRENT_TIMESTAMP | | | Password_lifetime | smallint unsigned | YES | | NULL | | -| Max_user_connections | int unsigned | NO | | 0 | | +| max_user_connections | int unsigned | NO | | 0 | | +------------------------+-------------------+------+------+-------------------+-------+ 45 rows in set (0.00 sec) ``` diff --git a/sql-statements/sql-statement-alter-user.md b/sql-statements/sql-statement-alter-user.md index 7fd4468fd9fe..66f913ee6805 100644 --- a/sql-statements/sql-statement-alter-user.md +++ b/sql-statements/sql-statement-alter-user.md @@ -185,12 +185,12 @@ Query OK, 0 rows affected (0.02 sec) ```sql ALTER USER 'newuser' WITH MAX_USER_CONNECTIONS 3; -SELECT USER, HOST, MAX_USER_CONNECTIONS FROM MYSQL.USER WHERE USER='newuser'; +SELECT User, Host, max_user_connections FROM mysql.user WHERE User='newuser'; ``` ``` +---------+------+----------------------+ -| USER | HOST | MAX_USER_CONNECTIONS | +| User | Host | max_user_connections | +---------+------+----------------------+ | newuser | % | 3 | +---------+------+----------------------+ From cde3be22fb09fb009480e2c82d16387da4f86cd6 Mon Sep 17 00:00:00 2001 From: Zack Zhao <57036248+joccau@users.noreply.github.com> Date: Fri, 28 Feb 2025 11:22:12 +0800 Subject: [PATCH 05/11] Update system-variables.md Co-authored-by: Frank945946 <108602632+Frank945946@users.noreply.github.com> --- system-variables.md | 1 + 1 file changed, 1 insertion(+) diff --git a/system-variables.md b/system-variables.md index f144b9c7f188..0c799b8f9170 100644 --- a/system-variables.md +++ b/system-variables.md @@ -678,6 +678,7 @@ mysql> SHOW GLOBAL VARIABLES LIKE 'max_prepared_stmt_count'; - 取值范围:`[0, 100000]` - 该变量表示 TiDB 中单个用户允许连接至一个 tidb-server 实例的最大连接数,用于资源控制。 - 默认值为 `0`,表示不限制用户的连接数。当值大于 `0` 且用户连接数达到此值时,TiDB 服务端将拒绝该用户的连接。 +- 该参数的取值不能超过 [`max_connections`](/tidb-configuration-file#max_connections)。若超过,则 TiDB 会采用 `max_connections` 的值。例如,若某用户的 `max_user_connections` 设置为 `2000`,而 `max_connections` 为 `1000`,则该用户实际可建立的最大连接数为 `1000`。 ### `mpp_exchange_compression_mode` 从 v6.6.0 版本开始引入 From c05e962c838473eabfff8d9bea5302de7e3cb08b Mon Sep 17 00:00:00 2001 From: Zack Zhao <57036248+joccau@users.noreply.github.com> Date: Mon, 3 Mar 2025 10:11:05 +0800 Subject: [PATCH 06/11] Update sql-statements/sql-statement-create-user.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Daniël van Eeden --- sql-statements/sql-statement-create-user.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sql-statements/sql-statement-create-user.md b/sql-statements/sql-statement-create-user.md index 187267a8264a..1b1732a52b23 100644 --- a/sql-statements/sql-statement-create-user.md +++ b/sql-statements/sql-statement-create-user.md @@ -175,7 +175,7 @@ Query OK, 1 row affected (0.02 sec) ```sql CREATE USER 'newuser10'@'%' WITH MAX_USER_CONNECTIONS 3; -SELECT USER, HOST, MAX_USER_CONNECTIONS FROM MYSQL.USER WHERE USER='newuser10'; +SELECT User, Host, max_user_connections FROM mysql.user WHERE User='newuser10'; ``` ``` From 2873a104d78f8f10dbc23d8387031a34fedfa93d Mon Sep 17 00:00:00 2001 From: Zack Zhao <57036248+joccau@users.noreply.github.com> Date: Mon, 3 Mar 2025 10:12:50 +0800 Subject: [PATCH 07/11] Update sql-statement-create-user.md --- sql-statements/sql-statement-create-user.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sql-statements/sql-statement-create-user.md b/sql-statements/sql-statement-create-user.md index 1b1732a52b23..92c0210af70a 100644 --- a/sql-statements/sql-statement-create-user.md +++ b/sql-statements/sql-statement-create-user.md @@ -198,7 +198,7 @@ SELECT USER, HOST, USER_ATTRIBUTES FROM MYSQL.USER WHERE USER='newuser11'; +-----------+------+---------------------------------------------------+ | USER | HOST | USER_ATTRIBUTES | +-----------+------+---------------------------------------------------+ -| newuser11 | % | {"resource_group": "rg1"} | +| newuser11 | % | {"resource_group": "rg1"} | +-----------+------+---------------------------------------------------+ 1 rows in set (0.00 sec) ``` From b9cdd1b2bd9de23219b2979e742282e0b458b47b Mon Sep 17 00:00:00 2001 From: Zack Zhao <57036248+joccau@users.noreply.github.com> Date: Mon, 3 Mar 2025 10:13:40 +0800 Subject: [PATCH 08/11] Update sql-statement-create-user.md --- sql-statements/sql-statement-create-user.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sql-statements/sql-statement-create-user.md b/sql-statements/sql-statement-create-user.md index 92c0210af70a..79e7ddac9310 100644 --- a/sql-statements/sql-statement-create-user.md +++ b/sql-statements/sql-statement-create-user.md @@ -198,7 +198,7 @@ SELECT USER, HOST, USER_ATTRIBUTES FROM MYSQL.USER WHERE USER='newuser11'; +-----------+------+---------------------------------------------------+ | USER | HOST | USER_ATTRIBUTES | +-----------+------+---------------------------------------------------+ -| newuser11 | % | {"resource_group": "rg1"} | +| newuser11 | % | {"resource_group": "rg1"} | +-----------+------+---------------------------------------------------+ 1 rows in set (0.00 sec) ``` From ab9a79aeb5d73d0c1a0a5b16ba13b6d0f784c96a Mon Sep 17 00:00:00 2001 From: Zack Zhao <57036248+joccau@users.noreply.github.com> Date: Wed, 5 Mar 2025 20:36:31 +0800 Subject: [PATCH 09/11] Update sql-statements/sql-statement-alter-user.md Co-authored-by: xixirangrang --- sql-statements/sql-statement-alter-user.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/sql-statements/sql-statement-alter-user.md b/sql-statements/sql-statement-alter-user.md index 66f913ee6805..068d665d697b 100644 --- a/sql-statements/sql-statement-alter-user.md +++ b/sql-statements/sql-statement-alter-user.md @@ -180,8 +180,7 @@ ALTER USER 'newuser' PASSWORD REUSE INTERVAL 90 DAY; Query OK, 0 rows affected (0.02 sec) ``` - -通过 `ALTER USER ... WITH MAX_USER_CONNECTIONS N` 修改用户 `newuser` 允许登陆的最大连接数: +通过 `ALTER USER ... WITH MAX_USER_CONNECTIONS N` 修改用户 `newuser` 允许登录的最大连接数: ```sql ALTER USER 'newuser' WITH MAX_USER_CONNECTIONS 3; From 0b26ab17468c3e48a34a3215deee9a62f9ec5ac2 Mon Sep 17 00:00:00 2001 From: xixirangrang Date: Fri, 7 Mar 2025 09:08:07 +0800 Subject: [PATCH 10/11] Update system-variables.md --- system-variables.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system-variables.md b/system-variables.md index 0c799b8f9170..da80034eaaf6 100644 --- a/system-variables.md +++ b/system-variables.md @@ -678,7 +678,7 @@ mysql> SHOW GLOBAL VARIABLES LIKE 'max_prepared_stmt_count'; - 取值范围:`[0, 100000]` - 该变量表示 TiDB 中单个用户允许连接至一个 tidb-server 实例的最大连接数,用于资源控制。 - 默认值为 `0`,表示不限制用户的连接数。当值大于 `0` 且用户连接数达到此值时,TiDB 服务端将拒绝该用户的连接。 -- 该参数的取值不能超过 [`max_connections`](/tidb-configuration-file#max_connections)。若超过,则 TiDB 会采用 `max_connections` 的值。例如,若某用户的 `max_user_connections` 设置为 `2000`,而 `max_connections` 为 `1000`,则该用户实际可建立的最大连接数为 `1000`。 +- 该参数的取值不能超过 [`max_connections`](/tidb-configuration-file.md#max_connections)。若超过,则 TiDB 会采用 `max_connections` 的值。例如,若某用户的 `max_user_connections` 设置为 `2000`,而 `max_connections` 为 `1000`,则该用户实际可建立的最大连接数为 `1000`。 ### `mpp_exchange_compression_mode` 从 v6.6.0 版本开始引入 From 226acf66c71cafef4e77c762352b324973c4e067 Mon Sep 17 00:00:00 2001 From: houfaxin Date: Fri, 7 Mar 2025 09:17:49 +0800 Subject: [PATCH 11/11] fix links --- system-variables.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/system-variables.md b/system-variables.md index 7bd8aab30a13..ca732faec864 100644 --- a/system-variables.md +++ b/system-variables.md @@ -1558,7 +1558,7 @@ mysql> SELECT job_info FROM mysql.analyze_jobs ORDER BY end_time DESC LIMIT 1; - 默认值:`ON`。在 v8.5.0 之前,默认值为 `OFF`。 - 这个变量用于控制是否开启 [TiDB 加速建表](/accelerated-table-creation.md)。 - 从 TiDB v8.0.0 开始,支持使用 `tidb_enable_fast_create_table` 加速建表 [`CREATE TABLE`](/sql-statements/sql-statement-create-table.md)。 -- 该变量是由 v7.6.0 中引入的 [`tidb_ddl_version`](https://docs.pingcap.com/zh/tidb/v7.6/system-variables#tidb_ddl_version-从-v760-版本开始引入) 更名而来。从 v8.0.0 开始,`tidb_ddl_version` 不再生效。 +- 该变量是由 v7.6.0 中引入的 [`tidb_ddl_version`](https://docs-archive.pingcap.com/zh/tidb/v7.6/system-variables#tidb_ddl_version-从-v760-版本开始引入) 更名而来。从 v8.0.0 开始,`tidb_ddl_version` 不再生效。 - 从 TiDB v8.5.0 开始,新创建的集群默认开启 TiDB 加速建表功能,即 `tidb_enable_fast_create_table` 默认值为 `ON`。如果从 v8.4.0 及之前版本的集群升级至 v8.5.0 及之后的版本,`tidb_enable_fast_create_table` 的默认值不发生变化。 ### `tidb_default_string_match_selectivity` 从 v6.2.0 版本开始引入 @@ -4237,7 +4237,7 @@ SHOW WARNINGS; > > - 视具体业务场景的不同,启用该选项可能对存在频繁锁冲突的事务造成一定程度的吞吐下降(平均延迟上升)。 > - 该选项目前仅对需要上锁单个 key 的语句有效。如果一个语句需要对多行同时上锁,则该选项不会对此类语句生效。 -> - 该功能从 v6.6.0 版本引入。在 v6.6.0 版本中,该功能由变量 [`tidb_pessimistic_txn_aggressive_locking`](https://docs.pingcap.com/zh/tidb/v6.6/system-variables#tidb_pessimistic_txn_aggressive_locking-%E4%BB%8E-v660-%E7%89%88%E6%9C%AC%E5%BC%80%E5%A7%8B%E5%BC%95%E5%85%A5) 控制,默认关闭。 +> - 该功能从 v6.6.0 版本引入。在 v6.6.0 版本中,该功能由变量 [`tidb_pessimistic_txn_aggressive_locking`](https://docs-archive.pingcap.com/zh/tidb/v6.6/system-variables/#tidb_pessimistic_txn_aggressive_locking-从-v660-版本开始引入) 控制,默认关闭。 ### `tidb_placement_mode` 从 v6.0.0 版本开始引入