CREATE ROLE [IF NOT EXISTS]role[,role] ...
CREATE ROLE creates one or more roles, which are named collections of privileges. CREATE ROLE创建一个或多个角色,这些角色被命名为权限集合。To use this statement, you must have the global 要使用此语句,您必须具有全局CREATE ROLE or CREATE USER privilege. CREATE ROLE或CREATE USER权限。When the 启用read_only system variable is enabled, CREATE ROLE additionally requires the CONNECTION_ADMIN privilege (or the deprecated SUPER privilege).read_only系统变量时,CREATE ROLE还需要CONNECTION_ADMIN权限(或不推荐使用的SUPER权限)。
A role when created is locked, has no password, and is assigned the default authentication plugin. 角色创建时会被锁定,没有密码,并被分配默认的身份验证插件。(These role attributes can be changed later with the (具有全局创建用户权限的用户可以稍后使用ALTER USER statement, by users who have the global CREATE USER privilege.)ALTER USER语句更改这些角色属性。)
CREATE ROLE either succeeds for all named roles or rolls back and has no effect if any error occurs. CREATE ROLE对于所有命名的角色都会成功,或者回滚,如果发生任何错误,则不会生效。By default, an error occurs if you try to create a role that already exists. 默认情况下,如果尝试创建已存在的角色,则会发生错误。If the 如果给出IF NOT EXISTS clause is given, the statement produces a warning for each named role that already exists, rather than an error.IF NOT EXISTS子句,则该语句将为已存在的每个命名角色生成警告,而不是错误。
The statement is written to the binary log if it succeeds, but not if it fails; in that case, rollback occurs and no changes are made. 如果语句成功,则将其写入二进制日志,但如果失败,则不会写入;在这种情况下,会发生回滚,并且不会进行任何更改。A statement written to the binary log includes all named roles. 写入二进制日志的语句包含所有命名角色。If the 如果给出了IF NOT EXISTS clause is given, this includes even roles that already exist and were not created.If NOT EXISTS子句,这甚至包括已经存在且未创建的角色。
Each role name uses the format described in Section 6.2.5, “Specifying Role Names”. For example:每个角色名称使用第6.2.5节,“指定角色名称”中描述的格式。例如:
CREATE ROLE 'admin', 'developer'; CREATE ROLE 'webapp'@'localhost';
The host name part of the role name, if omitted, defaults to 角色名的主机名部分(如果省略)默认为'%'.'%'。
For role usage examples, see Section 6.2.10, “Using Roles”.有关角色使用示例,请参阅第6.2.10节,“使用角色”。