diff --git a/src/UserGuide/Master/Tree/User-Manual/Data-Sync_apache.md b/src/UserGuide/Master/Tree/User-Manual/Data-Sync_apache.md
index 212c3be0a..59de59159 100644
--- a/src/UserGuide/Master/Tree/User-Manual/Data-Sync_apache.md
+++ b/src/UserGuide/Master/Tree/User-Manual/Data-Sync_apache.md
@@ -79,7 +79,7 @@ By declaratively configuring the specific content of the three parts through SQL
### 1.2 Functional limitations and instructions
-The schema and auth synchronization functions have the following limitations:
+1. The schema and auth synchronization functions have the following limitations:
- When using schema synchronization, it is required that the consensus protocol for `Schema region` and `ConfigNode` must be the default ratis protocol. This means that the `iotdb-system.properties` configuration file should contain the settings `config_node_consensus_protocol_class=org.apache.iotdb.consensus.ratis.RatisConsensus` and `schema_region_consensus_protocol_class=org.apache.iotdb.consensus.ratis.RatisConsensus`. If these are not specified, the default ratis protocol is used.
@@ -89,6 +89,22 @@ The schema and auth synchronization functions have the following limitations:
- During data synchronization tasks, please avoid performing any deletion operations to prevent inconsistent states between the two ends.
+2. Pipe Permission Control Specifications
+
+- When creating a pipe, a username and password can be specified for the extraction/write‑back plugins. If the password is incorrect, creation is prohibited. If not specified, the current user is used for synchronization by default.
+
+- During data/metadata synchronization, filtering is first performed according to the path pattern (pattern/path) configured in the Pipe, followed by authentication based on the user’s read permissions:
+ - If the permission scope is greater than or equal to the write path: full synchronization.
+ - If the permission scope has no intersection with the write path: no synchronization.
+ - If the permission scope is smaller than the write path or overlaps partially: synchronize only the intersecting part.
+
+- When encountering data for which the user lacks permission:
+ - If the sender’s skipIf=no‑privileges, the unauthorized data is skipped.
+ - If skipIf is left empty (unconfigured), the task reports an error (Error 803).
+ - Note: This skipIf configuration is independent of the receiver’s skipIf setting (which defaults to empty).
+
+- Data under root.__system and root.__audit will not be synchronized.
+
## 2. Usage Instructions
Data synchronization tasks have three states: RUNNING, STOPPED, and DROPPED. The task state transitions are shown in the following diagram:
@@ -514,7 +530,7 @@ pipe_all_sinks_rate_limit_bytes_per_second=-1
| password | Password for the username. | String | No | root |
| batch.enable | Enables batch mode for log transmission to improve throughput and reduce IOPS. | Boolean: true, false | No | true |
| batch.max-delay-seconds | Maximum delay (in seconds) for batch transmission. | Integer | No | 1 |
-| batch.max-delay-ms | Maximum delay (in ms) for batch transmission. (Available since v2.0.5) | Integer | No | 1 |
+| batch.max-delay-ms | Maximum delay (in ms) for batch transmission. (Available since v2.0.5) | Integer | No | 1 |
| batch.size-bytes | Maximum batch size (in bytes) for batch transmission. | Long | No | 16*1024*1024 |
| compressor | The selected RPC compression algorithm. Multiple algorithms can be configured and will be adopted in sequence for each request. | String: snappy / gzip / lz4 / zstd / lzma2 | No | "" |
| compressor.zstd.level | When the selected RPC compression algorithm is zstd, this parameter can be used to additionally configure the compression level of the zstd algorithm. | Int: [-131072, 22] | No | 3 |
@@ -524,7 +540,6 @@ pipe_all_sinks_rate_limit_bytes_per_second=-1
#### iotdb-thrift-ssl-sink
-
| **Parameter** | **Description** | Value Range | Required | Default Value |
|:----------------------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------------------------------------------------------|:---------| :------------ |
| sink | iotdb-thrift-ssl-sink | String: iotdb-thrift-ssl-sink | Yes | - |
@@ -533,7 +548,7 @@ pipe_all_sinks_rate_limit_bytes_per_second=-1
| password | Password for the username. | String | No | root |
| batch.enable | Enables batch mode for log transmission to improve throughput and reduce IOPS. | Boolean: true, false | No | true |
| batch.max-delay-seconds | Maximum delay (in seconds) for batch transmission. | Integer | No | 1 |
-| batch.max-delay-ms | Maximum delay (in ms) for batch transmission. (Available since v2.0.5) | Integer | No | 1 |
+| batch.max-delay-ms | Maximum delay (in ms) for batch transmission. (Available since v2.0.5) | Integer | No | 1 |
| batch.size-bytes | Maximum batch size (in bytes) for batch transmission. | Long | No | 16*1024*1024 |
| compressor | The selected RPC compression algorithm. Multiple algorithms can be configured and will be adopted in sequence for each request. | String: snappy / gzip / lz4 / zstd / lzma2 | No | "" |
| compressor.zstd.level | When the selected RPC compression algorithm is zstd, this parameter can be used to additionally configure the compression level of the zstd algorithm. | Int: [-131072, 22] | No | 3 |
diff --git a/src/UserGuide/Master/Tree/User-Manual/Data-Sync_timecho.md b/src/UserGuide/Master/Tree/User-Manual/Data-Sync_timecho.md
index ae0813daa..b17d26d7c 100644
--- a/src/UserGuide/Master/Tree/User-Manual/Data-Sync_timecho.md
+++ b/src/UserGuide/Master/Tree/User-Manual/Data-Sync_timecho.md
@@ -79,7 +79,7 @@ By declaratively configuring the specific content of the three parts through SQL
### 1.2 Functional limitations and instructions
-The schema and auth synchronization functions have the following limitations:
+1. The schema and auth synchronization functions have the following limitations:
- When using schema synchronization, it is required that the consensus protocol for `Schema region` and `ConfigNode` must be the default ratis protocol. This means that the `iotdb-system.properties` configuration file should contain the settings `config_node_consensus_protocol_class=org.apache.iotdb.consensus.ratis.RatisConsensus` and `schema_region_consensus_protocol_class=org.apache.iotdb.consensus.ratis.RatisConsensus`. If these are not specified, the default ratis protocol is used.
@@ -91,6 +91,22 @@ The schema and auth synchronization functions have the following limitations:
- During data synchronization tasks, please avoid performing any deletion operations to prevent inconsistent states between the two ends.
+2. Pipe Permission Control Specifications
+
+- When creating a pipe, a username and password can be specified for the extraction/write‑back plugins. If the password is incorrect, creation is prohibited. If not specified, the current user is used for synchronization by default.
+
+- During data/metadata synchronization, filtering is first performed according to the path pattern (pattern/path) configured in the Pipe, followed by authentication based on the user’s read permissions:
+ - If the permission scope is greater than or equal to the write path: full synchronization.
+ - If the permission scope has no intersection with the write path: no synchronization.
+ - If the permission scope is smaller than the write path or overlaps partially: synchronize only the intersecting part.
+
+- When encountering data for which the user lacks permission:
+ - If the sender’s skipIf=no‑privileges, the unauthorized data is skipped.
+ - If skipIf is left empty (unconfigured), the task reports an error (Error 803).
+ - Note: This skipIf configuration is independent of the receiver’s skipIf setting (which defaults to empty).
+
+- Data under root.__system and root.__audit will not be synchronized.
+
## 2. Usage Instructions
Data synchronization tasks have three states: RUNNING, STOPPED, and DROPPED. The task state transitions are shown in the following diagram:
@@ -607,7 +623,6 @@ pipe_all_sinks_rate_limit_bytes_per_second=-1
| load-tsfile-strategy | When synchronizing file data, whether the receiver waits for the local load tsfile operation to complete before responding to the sender:
sync: Wait for the local load tsfile operation to complete before returning the response.
async: Do not wait for the local load tsfile operation to complete; return the response immediately. | String: sync / async | No | sync |
| format | The payload formats for data transmission include the following options:
- hybrid: The format depends on what is passed from the processor (either tsfile or tablet), and the sink performs no conversion.
- tsfile: Data is forcibly converted to tsfile format before transmission. This is suitable for scenarios like data file backup.
- tablet: Data is forcibly converted to tsfile format before transmission. This is useful for data synchronization when the sender and receiver have incompatible data types (to minimize errors). | String: hybrid / tsfile / tablet | No | hybrid |
-
#### iotdb-air-gap-sink
| key | value | value Range | required or not | Default Value |
diff --git a/src/UserGuide/latest/User-Manual/Data-Sync_apache.md b/src/UserGuide/latest/User-Manual/Data-Sync_apache.md
index 66f196575..59de59159 100644
--- a/src/UserGuide/latest/User-Manual/Data-Sync_apache.md
+++ b/src/UserGuide/latest/User-Manual/Data-Sync_apache.md
@@ -79,7 +79,7 @@ By declaratively configuring the specific content of the three parts through SQL
### 1.2 Functional limitations and instructions
-The schema and auth synchronization functions have the following limitations:
+1. The schema and auth synchronization functions have the following limitations:
- When using schema synchronization, it is required that the consensus protocol for `Schema region` and `ConfigNode` must be the default ratis protocol. This means that the `iotdb-system.properties` configuration file should contain the settings `config_node_consensus_protocol_class=org.apache.iotdb.consensus.ratis.RatisConsensus` and `schema_region_consensus_protocol_class=org.apache.iotdb.consensus.ratis.RatisConsensus`. If these are not specified, the default ratis protocol is used.
@@ -89,6 +89,22 @@ The schema and auth synchronization functions have the following limitations:
- During data synchronization tasks, please avoid performing any deletion operations to prevent inconsistent states between the two ends.
+2. Pipe Permission Control Specifications
+
+- When creating a pipe, a username and password can be specified for the extraction/write‑back plugins. If the password is incorrect, creation is prohibited. If not specified, the current user is used for synchronization by default.
+
+- During data/metadata synchronization, filtering is first performed according to the path pattern (pattern/path) configured in the Pipe, followed by authentication based on the user’s read permissions:
+ - If the permission scope is greater than or equal to the write path: full synchronization.
+ - If the permission scope has no intersection with the write path: no synchronization.
+ - If the permission scope is smaller than the write path or overlaps partially: synchronize only the intersecting part.
+
+- When encountering data for which the user lacks permission:
+ - If the sender’s skipIf=no‑privileges, the unauthorized data is skipped.
+ - If skipIf is left empty (unconfigured), the task reports an error (Error 803).
+ - Note: This skipIf configuration is independent of the receiver’s skipIf setting (which defaults to empty).
+
+- Data under root.__system and root.__audit will not be synchronized.
+
## 2. Usage Instructions
Data synchronization tasks have three states: RUNNING, STOPPED, and DROPPED. The task state transitions are shown in the following diagram:
diff --git a/src/UserGuide/latest/User-Manual/Data-Sync_timecho.md b/src/UserGuide/latest/User-Manual/Data-Sync_timecho.md
index 83282a7e1..b17d26d7c 100644
--- a/src/UserGuide/latest/User-Manual/Data-Sync_timecho.md
+++ b/src/UserGuide/latest/User-Manual/Data-Sync_timecho.md
@@ -79,7 +79,7 @@ By declaratively configuring the specific content of the three parts through SQL
### 1.2 Functional limitations and instructions
-The schema and auth synchronization functions have the following limitations:
+1. The schema and auth synchronization functions have the following limitations:
- When using schema synchronization, it is required that the consensus protocol for `Schema region` and `ConfigNode` must be the default ratis protocol. This means that the `iotdb-system.properties` configuration file should contain the settings `config_node_consensus_protocol_class=org.apache.iotdb.consensus.ratis.RatisConsensus` and `schema_region_consensus_protocol_class=org.apache.iotdb.consensus.ratis.RatisConsensus`. If these are not specified, the default ratis protocol is used.
@@ -91,6 +91,22 @@ The schema and auth synchronization functions have the following limitations:
- During data synchronization tasks, please avoid performing any deletion operations to prevent inconsistent states between the two ends.
+2. Pipe Permission Control Specifications
+
+- When creating a pipe, a username and password can be specified for the extraction/write‑back plugins. If the password is incorrect, creation is prohibited. If not specified, the current user is used for synchronization by default.
+
+- During data/metadata synchronization, filtering is first performed according to the path pattern (pattern/path) configured in the Pipe, followed by authentication based on the user’s read permissions:
+ - If the permission scope is greater than or equal to the write path: full synchronization.
+ - If the permission scope has no intersection with the write path: no synchronization.
+ - If the permission scope is smaller than the write path or overlaps partially: synchronize only the intersecting part.
+
+- When encountering data for which the user lacks permission:
+ - If the sender’s skipIf=no‑privileges, the unauthorized data is skipped.
+ - If skipIf is left empty (unconfigured), the task reports an error (Error 803).
+ - Note: This skipIf configuration is independent of the receiver’s skipIf setting (which defaults to empty).
+
+- Data under root.__system and root.__audit will not be synchronized.
+
## 2. Usage Instructions
Data synchronization tasks have three states: RUNNING, STOPPED, and DROPPED. The task state transitions are shown in the following diagram:
diff --git a/src/zh/UserGuide/Master/Tree/User-Manual/Data-Sync_apache.md b/src/zh/UserGuide/Master/Tree/User-Manual/Data-Sync_apache.md
index 97100bb68..8ebaccab0 100644
--- a/src/zh/UserGuide/Master/Tree/User-Manual/Data-Sync_apache.md
+++ b/src/zh/UserGuide/Master/Tree/User-Manual/Data-Sync_apache.md
@@ -78,7 +78,7 @@
### 1.2 功能限制及说明
-元数据(schema)、权限(auth)同步功能存在如下限制:
+1. 元数据(schema)、权限(auth)同步功能存在如下限制:
- 使用元数据同步时,要求`Schema region`、`ConfigNode` 的共识协议必须为默认的 ratis 协议,即`iotdb-system.properties`配置文件中是否包含`config_node_consensus_protocol_class=org.apache.iotdb.consensus.ratis.RatisConsensus`、`schema_region_consensus_protocol_class=org.apache.iotdb.consensus.ratis.RatisConsensus`,不包含即为默认值ratis 协议。
@@ -88,6 +88,24 @@
- 在进行数据同步任务时,请避免执行任何删除操作,防止两端状态不一致。
+2. Pipe 权限控制规范如下:
+
+- 创建 pipe 时,可以对抽取/写回插件指定用户名和密码。密码错误则禁止创建,未指定时默认使用当前用户进行同步。
+
+- 数据/元数据同步时,先根据 Pipe 配置的路径模式(pattern/path)筛选,再基于用户读取权限进行鉴权
+
+ - 权限范围≥写入路径:完整同步
+
+ - 权限范围与写入路径无交集:不同步
+
+ - 权限范围<写入路径或存在交集:同步交集部分
+
+- 遇到无权限数据时,若发送端 skipIf=no-privileges,则跳过无权限数据;若 skipIf 配置为空,任务报错(803错误)
+
+ - 注意:此 skipIf 配置与接收端的 skipIf(默认为空)相互独立
+
+- 对于 root.__system, root.__audit 均不会同步
+
## 2. 使用说明
数据同步任务有三种状态:RUNNING、STOPPED 和 DROPPED。任务状态转换如下图所示:
@@ -509,7 +527,7 @@ pipe_all_sinks_rate_limit_bytes_per_second=-1
| password | 连接接收端使用的用户名对应的密码,同步要求该用户具备相应的操作权限 | String | 选填 | root |
| batch.enable | 是否开启日志攒批发送模式,用于提高传输吞吐,降低 IOPS | Boolean: true, false | 选填 | true |
| batch.max-delay-seconds | 在开启日志攒批发送模式时生效,表示一批数据在发送前的最长等待时间(单位:s) | Integer | 选填 | 1 |
-| batch.max-delay-ms | 在开启日志攒批发送模式时生效,表示一批数据在发送前的最长等待时间(单位:ms)(V2.0.5及以后版本支持) | Integer | 选填 | 1 |
+| batch.max-delay-ms | 在开启日志攒批发送模式时生效,表示一批数据在发送前的最长等待时间(单位:ms)(V2.0.5及以后版本支持) | Integer | 选填 | 1 |
| batch.size-bytes | 在开启日志攒批发送模式时生效,表示一批数据最大的攒批大小(单位:byte) | Long | 选填 | 16*1024*1024 |
| compressor | 所选取的 rpc 压缩算法,可配置多个,对每个请求顺序采用 | String: snappy / gzip / lz4 / zstd / lzma2 | 选填 | "" |
| compressor.zstd.level | 所选取的 rpc 压缩算法为 zstd 时,可使用该参数额外配置 zstd 算法的压缩等级 | Int: [-131072, 22] | 选填 | 3 |
@@ -527,7 +545,7 @@ pipe_all_sinks_rate_limit_bytes_per_second=-1
| password | 连接接收端使用的用户名对应的密码,同步要求该用户具备相应的操作权限 | String | 选填 | root |
| batch.enable | 是否开启日志攒批发送模式,用于提高传输吞吐,降低 IOPS | Boolean: true, false | 选填 | true |
| batch.max-delay-seconds | 在开启日志攒批发送模式时生效,表示一批数据在发送前的最长等待时间(单位:s) | Integer | 选填 | 1 |
-| batch.max-delay-ms | 在开启日志攒批发送模式时生效,表示一批数据在发送前的最长等待时间(单位:ms)(V2.0.5及以后版本支持) | Integer | 选填 | 1 |
+| batch.max-delay-ms | 在开启日志攒批发送模式时生效,表示一批数据在发送前的最长等待时间(单位:ms)(V2.0.5及以后版本支持) | Integer | 选填 | 1 |
| batch.size-bytes | 在开启日志攒批发送模式时生效,表示一批数据最大的攒批大小(单位:byte) | Long | 选填 | 16*1024*1024 |
| compressor | 所选取的 rpc 压缩算法,可配置多个,对每个请求顺序采用 | String: snappy / gzip / lz4 / zstd / lzma2 | 选填 | "" |
| compressor.zstd.level | 所选取的 rpc 压缩算法为 zstd 时,可使用该参数额外配置 zstd 算法的压缩等级 | Int: [-131072, 22] | 选填 | 3 |
diff --git a/src/zh/UserGuide/Master/Tree/User-Manual/Data-Sync_timecho.md b/src/zh/UserGuide/Master/Tree/User-Manual/Data-Sync_timecho.md
index cf6547635..edc35641b 100644
--- a/src/zh/UserGuide/Master/Tree/User-Manual/Data-Sync_timecho.md
+++ b/src/zh/UserGuide/Master/Tree/User-Manual/Data-Sync_timecho.md
@@ -78,7 +78,7 @@
### 1.2 功能限制及说明
-元数据(schema)、权限(auth)同步功能存在如下限制:
+1. 元数据(schema)、权限(auth)同步功能存在如下限制:
- 使用元数据同步时,要求`Schema region`、`ConfigNode` 的共识协议必须为默认的 ratis 协议,即`iotdb-system.properties`配置文件中是否包含`config_node_consensus_protocol_class=org.apache.iotdb.consensus.ratis.RatisConsensus`、`schema_region_consensus_protocol_class=org.apache.iotdb.consensus.ratis.RatisConsensus`,不包含即为默认值ratis 协议。
@@ -90,6 +90,24 @@
- 在进行数据同步任务时,请避免执行任何删除操作,防止两端状态不一致。
+2. Pipe 权限控制规范如下:
+
+- 创建 pipe 时,可以对抽取/写回插件指定用户名和密码。密码错误则禁止创建,未指定时默认使用当前用户进行同步。
+
+- 数据/元数据同步时,先根据 Pipe 配置的路径模式(pattern/path)筛选,再基于用户读取权限进行鉴权
+
+ - 权限范围≥写入路径:完整同步
+
+ - 权限范围与写入路径无交集:不同步
+
+ - 权限范围<写入路径或存在交集:同步交集部分
+
+- 遇到无权限数据时,若发送端 skipIf=no-privileges,则跳过无权限数据;若 skipIf 配置为空,任务报错(803错误)
+
+ - 注意:此 skipIf 配置与接收端的 skipIf(默认为空)相互独立
+
+- 对于 root.__system, root.__audit 均不会同步
+
## 2. 使用说明
数据同步任务有三种状态:RUNNING、STOPPED 和 DROPPED。任务状态转换如下图所示:
@@ -594,7 +612,7 @@ pipe_all_sinks_rate_limit_bytes_per_second=-1
| password | 连接接收端使用的用户名对应的密码,同步要求该用户具备相应的操作权限 | String | 选填 | TimechoDB@2021, V2.0.6.x 之前为root |
| batch.enable | 是否开启日志攒批发送模式,用于提高传输吞吐,降低 IOPS | Boolean: true, false | 选填 | true |
| batch.max-delay-seconds | 在开启日志攒批发送模式时生效,表示一批数据在发送前的最长等待时间(单位:s) | Integer | 选填 | 1 |
-| batch.max-delay-ms | 在开启日志攒批发送模式时生效,表示一批数据在发送前的最长等待时间(单位:ms)(V2.0.5及以后版本支持) | Integer | 选填 | 1 |
+| batch.max-delay-ms | 在开启日志攒批发送模式时生效,表示一批数据在发送前的最长等待时间(单位:ms)(V2.0.5及以后版本支持) | Integer | 选填 | 1 |
| batch.size-bytes | 在开启日志攒批发送模式时生效,表示一批数据最大的攒批大小(单位:byte) | Long | 选填 | 16*1024*1024 |
| compressor | 所选取的 rpc 压缩算法,可配置多个,对每个请求顺序采用 | String: snappy / gzip / lz4 / zstd / lzma2 | 选填 | "" |
| compressor.zstd.level | 所选取的 rpc 压缩算法为 zstd 时,可使用该参数额外配置 zstd 算法的压缩等级 | Int: [-131072, 22] | 选填 | 3 |
@@ -602,7 +620,6 @@ pipe_all_sinks_rate_limit_bytes_per_second=-1
| load-tsfile-strategy | 文件同步数据时,接收端请求返回发送端前,是否等待接收端本地的 load tsfile 执行结果返回。
sync:等待本地的 load tsfile 执行结果返回;
async:不等待本地的 load tsfile 执行结果返回。 | String: sync / async | 选填 | sync |
| format | 数据传输的payload格式, 可选项包括:
- hybrid: 取决于 processor 传递过来的格式(tsfile或tablet),sink不做任何转换。
- tsfile:强制转换成tsfile发送,可用于数据文件备份等场景。
- tablet:强制转换成tsfile发送,可用于发送端/接收端数据类型不完全兼容时的数据同步(以减少报错)。 | String: hybrid / tsfile / tablet | 选填 | hybrid |
-
#### iotdb-air-gap-sink
| key | value | value 取值范围 | 是否必填 | 默认取值 |
@@ -627,7 +644,7 @@ pipe_all_sinks_rate_limit_bytes_per_second=-1
| password | 连接接收端使用的用户名对应的密码,同步要求该用户具备相应的操作权限 | String | 选填 | TimechoDB@2021, V2.0.6.x 之前为root |
| batch.enable | 是否开启日志攒批发送模式,用于提高传输吞吐,降低 IOPS | Boolean: true, false | 选填 | true |
| batch.max-delay-seconds | 在开启日志攒批发送模式时生效,表示一批数据在发送前的最长等待时间(单位:s) | Integer | 选填 | 1 |
-| batch.max-delay-ms | 在开启日志攒批发送模式时生效,表示一批数据在发送前的最长等待时间(单位:ms)(V2.0.5及以后版本支持) | Integer | 选填 | 1 |
+| batch.max-delay-ms | 在开启日志攒批发送模式时生效,表示一批数据在发送前的最长等待时间(单位:ms)(V2.0.5及以后版本支持) | Integer | 选填 | 1 |
| batch.size-bytes | 在开启日志攒批发送模式时生效,表示一批数据最大的攒批大小(单位:byte) | Long | 选填 | 16*1024*1024 |
| compressor | 所选取的 rpc 压缩算法,可配置多个,对每个请求顺序采用 | String: snappy / gzip / lz4 / zstd / lzma2 | 选填 | "" |
| compressor.zstd.level | 所选取的 rpc 压缩算法为 zstd 时,可使用该参数额外配置 zstd 算法的压缩等级 | Int: [-131072, 22] | 选填 | 3 |
diff --git a/src/zh/UserGuide/latest/User-Manual/Data-Sync_apache.md b/src/zh/UserGuide/latest/User-Manual/Data-Sync_apache.md
index e029b66b7..8ebaccab0 100644
--- a/src/zh/UserGuide/latest/User-Manual/Data-Sync_apache.md
+++ b/src/zh/UserGuide/latest/User-Manual/Data-Sync_apache.md
@@ -78,7 +78,7 @@
### 1.2 功能限制及说明
-元数据(schema)、权限(auth)同步功能存在如下限制:
+1. 元数据(schema)、权限(auth)同步功能存在如下限制:
- 使用元数据同步时,要求`Schema region`、`ConfigNode` 的共识协议必须为默认的 ratis 协议,即`iotdb-system.properties`配置文件中是否包含`config_node_consensus_protocol_class=org.apache.iotdb.consensus.ratis.RatisConsensus`、`schema_region_consensus_protocol_class=org.apache.iotdb.consensus.ratis.RatisConsensus`,不包含即为默认值ratis 协议。
@@ -88,6 +88,24 @@
- 在进行数据同步任务时,请避免执行任何删除操作,防止两端状态不一致。
+2. Pipe 权限控制规范如下:
+
+- 创建 pipe 时,可以对抽取/写回插件指定用户名和密码。密码错误则禁止创建,未指定时默认使用当前用户进行同步。
+
+- 数据/元数据同步时,先根据 Pipe 配置的路径模式(pattern/path)筛选,再基于用户读取权限进行鉴权
+
+ - 权限范围≥写入路径:完整同步
+
+ - 权限范围与写入路径无交集:不同步
+
+ - 权限范围<写入路径或存在交集:同步交集部分
+
+- 遇到无权限数据时,若发送端 skipIf=no-privileges,则跳过无权限数据;若 skipIf 配置为空,任务报错(803错误)
+
+ - 注意:此 skipIf 配置与接收端的 skipIf(默认为空)相互独立
+
+- 对于 root.__system, root.__audit 均不会同步
+
## 2. 使用说明
数据同步任务有三种状态:RUNNING、STOPPED 和 DROPPED。任务状态转换如下图所示:
diff --git a/src/zh/UserGuide/latest/User-Manual/Data-Sync_timecho.md b/src/zh/UserGuide/latest/User-Manual/Data-Sync_timecho.md
index c0a869aa5..edc35641b 100644
--- a/src/zh/UserGuide/latest/User-Manual/Data-Sync_timecho.md
+++ b/src/zh/UserGuide/latest/User-Manual/Data-Sync_timecho.md
@@ -78,7 +78,7 @@
### 1.2 功能限制及说明
-元数据(schema)、权限(auth)同步功能存在如下限制:
+1. 元数据(schema)、权限(auth)同步功能存在如下限制:
- 使用元数据同步时,要求`Schema region`、`ConfigNode` 的共识协议必须为默认的 ratis 协议,即`iotdb-system.properties`配置文件中是否包含`config_node_consensus_protocol_class=org.apache.iotdb.consensus.ratis.RatisConsensus`、`schema_region_consensus_protocol_class=org.apache.iotdb.consensus.ratis.RatisConsensus`,不包含即为默认值ratis 协议。
@@ -90,6 +90,24 @@
- 在进行数据同步任务时,请避免执行任何删除操作,防止两端状态不一致。
+2. Pipe 权限控制规范如下:
+
+- 创建 pipe 时,可以对抽取/写回插件指定用户名和密码。密码错误则禁止创建,未指定时默认使用当前用户进行同步。
+
+- 数据/元数据同步时,先根据 Pipe 配置的路径模式(pattern/path)筛选,再基于用户读取权限进行鉴权
+
+ - 权限范围≥写入路径:完整同步
+
+ - 权限范围与写入路径无交集:不同步
+
+ - 权限范围<写入路径或存在交集:同步交集部分
+
+- 遇到无权限数据时,若发送端 skipIf=no-privileges,则跳过无权限数据;若 skipIf 配置为空,任务报错(803错误)
+
+ - 注意:此 skipIf 配置与接收端的 skipIf(默认为空)相互独立
+
+- 对于 root.__system, root.__audit 均不会同步
+
## 2. 使用说明
数据同步任务有三种状态:RUNNING、STOPPED 和 DROPPED。任务状态转换如下图所示: