Update dashboard-statement-details.md (#12575) (#12598)

* Update dashboard-statement-details.md * Update dashboard-user.md * Apply suggestions from code review Co-authored-by: Ran <huangran.alex@gmail.com> * Update dashboard/dashboard-user.md * Apply suggestions from code review * Apply suggestions from code review * Apply suggestions from code review Co-authored-by: TomShawn <41534398+TomShawn@users.noreply.github.com> * Apply suggestions from code review --------- Co-authored-by: Lux <fenhuilihe@gmail.com> Co-authored-by: Ran <huangran.alex@gmail.com> Co-authored-by: TomShawn <41534398+TomShawn@users.noreply.github.com>
pingcap · Feb 20, 2023 · 092c9ec · 092c9ec
1 parent 3192c8a
commit 092c9ec
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 2 deletions.
diff --git a/dashboard/dashboard-statement-details.md b/dashboard/dashboard-statement-details.md
@@ -56,6 +56,8 @@ Currently, the fast plan binding feature does not support the following types of
 - Queries that access TiFlash
 - Queries that join three or more tables
 
+To use this feature, you must have the SUPER privilege. If you encounter permission issues while using it, refer to [TiDB Dashboard User Management](/dashboard/dashboard-user.md) to add the necessary privileges.
+
 ## Execution details of plans
 
 The execution detail of plans includes the following information:

diff --git a/dashboard/dashboard-user.md b/dashboard/dashboard-user.md
@@ -32,6 +32,11 @@ For details about how to control and manage TiDB SQL users, see [TiDB User Accou
 
     - SYSTEM_VARIABLES_ADMIN
 
+- To use the [Fast Bind Executions Plan](/dashboard/dashboard-statement-details.md#fast-plan-binding) feature on the interface after signing in to TiDB Dashboard, the SQL user must also have the following privileges:
+
+    - SYSTEM_VARIABLES_ADMIN
+    - SUPER
+
 > **Note:**
 >
 > Users with high privileges such as `ALL PRIVILEGES` or `SUPER` can sign in to TiDB Dashboard as well. Therefore, to comply with the least privilege principle, it is highly recommended that you create users with the required privileges only to prevent unintended operations. See [Privilege Management](/privilege-management.md) for more information on these privileges.
@@ -52,6 +57,10 @@ If an SQL user does not meet the preceding privilege requirements, the user fail
 
     -- To modify the configuration items on the interface after signing in to TiDB Dashboard, the user-defined SQL user must be granted with the following privilege.
     GRANT SYSTEM_VARIABLES_ADMIN ON *.* TO 'dashboardAdmin'@'%';
+
+    -- To use the Fast Bind Executions Plan feature (https://docs.pingcap.com/tidb/v6.6/dashboard-statement-details#fast-plan-binding) on the interface after signing in to TiDB Dashboard, the user-defined SQL user must be granted with the following privileges.
+    GRANT SYSTEM_VARIABLES_ADMIN ON *.* TO 'dashboardAdmin'@'%';
+    GRANT SUPER ON *.* TO 'dashboardAdmin'@'%';
     ```
 
 - When [Security Enhanced Mode (SEM)](/system-variables.md#tidb_enable_enhanced_security) is enabled on the connected TiDB server, disable SEM first and execute the following SQL statements to create an SQL user `dashboardAdmin` that can sign in to TiDB Dashboard. After creating the user, enable SEM again:
@@ -67,20 +76,25 @@ If an SQL user does not meet the preceding privilege requirements, the user fail
 
     -- To modify the configuration items on the interface after signing in to TiDB Dashboard, the user-defined SQL user must be granted with the following privilege.
     GRANT SYSTEM_VARIABLES_ADMIN ON *.* TO 'dashboardAdmin'@'%';
+    
+    -- To use the Fast Bind Executions Plan feature (https://docs.pingcap.com/tidb/v6.6/dashboard-statement-details#fast-plan-binding) on the interface after signing in to TiDB Dashboard, the user-defined SQL user must be granted with the following privileges.
+    GRANT SYSTEM_VARIABLES_ADMIN ON *.* TO 'dashboardAdmin'@'%';
+    GRANT SUPER ON *.* TO 'dashboardAdmin'@'%';
     ```
 
 ## Example: Authorize SQL user to access TiDB Dashboard via RBAC
 
 The following example demonstrates how to create a role and a user to access TiDB Dashboard through the [role-based access control (RBAC)](/role-based-access-control.md) mechanism.
 
-1. Create a `dashboard_access` role that meets the privilege requirements of TiDB Dashboard:
+1. Create a `dashboard_access` role that meets all privilege requirements of TiDB Dashboard:
 
     ```sql
     CREATE ROLE 'dashboard_access';
     GRANT PROCESS, CONFIG ON *.* TO 'dashboard_access'@'%';
     GRANT SHOW DATABASES ON *.* TO 'dashboard_access'@'%';
     GRANT DASHBOARD_CLIENT ON *.* TO 'dashboard_access'@'%';
     GRANT SYSTEM_VARIABLES_ADMIN ON *.* TO 'dashboard_access'@'%';
+    GRANT SUPER ON *.* TO 'dashboardAdmin'@'%';    
     ```
 
 2. Grant the `dashboard_access` role to other users and set `dashboard_access` as the default role:
@@ -96,4 +110,4 @@ After the above steps, you can use the `dashboardAdmin` user to sign in to TiDB
 
 ## Sign in to TiDB Dashboard
 
-After creating an SQL user that meets the privilege requirements of TiDB Dashboard, you can use this user to [Sign in](/dashboard/dashboard-access.md#sign-in) to TiDB Dashboard.
+After creating an SQL user that meets the privilege requirements of TiDB Dashboard, you can use this user to [Sign in](/dashboard/dashboard-access.md#sign-in) to TiDB Dashboard.