chore: add doc about procedure rbac (#2764)

TCeason · web-flow · commit 9b47590323e1 · 2025-09-25T23:09:59.000+08:00
diff --git a/docs/en/guides/56-security/access-control/01-privileges.md b/docs/en/guides/56-security/access-control/01-privileges.md
@@ -99,6 +99,9 @@ Databend offers a range of privileges that allow you to exercise fine-grained co
   - [Session Policy Privileges](#session-policy-privileges)
   - [Stage Privileges](#stage-privileges)
   - [UDF Privileges](#udf-privileges)
+  - [Sequence Privileges](#sequence-privileges)
+  - [Connection Privileges](#connection-privileges)
+  - [Procedure Privileges](#procedure-privileges)
   - [Catalog Privileges](#catalog-privileges)
   - [Share Privileges](#share-privileges)
 
@@ -113,6 +116,7 @@ Databend offers a range of privileges that allow you to exercise fine-grained co
 | CREATE WAREHOUSE  | Global                        | Creates a warehouse.                                                                                                                               |
 | CREATE CONNECTION | Global                        | Creates a connection.                                                                                                                              |
 | CREATE SEQUENCE   | Global                        | Creates a sequence.                                                                                                                                |
+| CREATE PROCEDURE  | PROCEDURE                     | Creates a procedure.                                                                                                                               |
 | DELETE            | Table                         | Deletes or truncates rows in a table.                                                                                                              |
 | DROP              | Global, Database, Table, View | Drops a database, table, view or UDF. Undrops a table.                                                                                             |
 | INSERT            | Table                         | Inserts rows into a table.                                                                                                                         |
@@ -130,6 +134,7 @@ Databend offers a range of privileges that allow you to exercise fine-grained co
 | USAGE             | UDF                           | Use udf.                                                                                                                                           |
 | ACCESS CONNECTION | CONNECTION                    | Access connection.                                                                                                                                 |
 | ACCESS SEQUENCE   | SEQUENCE                      | Access sequence.                                                                                                                                   |
+| ACCESS PROCEDURE  | PROCEDURE                     | Access procedure.                                                                                                                                  |
 
 ### Global Privileges
 
@@ -245,3 +250,12 @@ Please note that you can use the [USE DATABASE](/sql/sql-commands/ddl/database/d
 | Access Sequence | Can access Sequence.(e.g. Drop,Desc)                                                                             |
 | ALL             | Grants Access Sequence privileges for the specified object type.                                                 |
 | OWNERSHIP       | Grants full control over a Sequence.  Only a single role can hold this privilege on a specific object at a time. |
+
+### Procedure Privileges
+
+| Privilege        | Description                                                                                                       |
+|:-----------------|:------------------------------------------------------------------------------------------------------------------|
+| Access Procedure | Can access Procedure.(e.g. Drop,Call,Desc)                                                                        |
+| ALL              | Grants Access Procedure privileges for the specified object type.                                                 |
+| OWNERSHIP        | Grants full control over a Procedure.  Only a single role can hold this privilege on a specific object at a time. |
+
diff --git a/docs/en/sql-reference/10-sql-commands/00-ddl/18-procedure/create-procedure.md b/docs/en/sql-reference/10-sql-commands/00-ddl/18-procedure/create-procedure.md
@@ -3,7 +3,7 @@ title: CREATE PROCEDURE
 ---
 import FunctionDescription from '@site/src/components/FunctionDescription';
 
-<FunctionDescription description="Introduced or updated: v1.2.637"/>
+<FunctionDescription description="Introduced or updated: v1.2.816"/>
 
 Defines a stored procedure that executes SQL operations and returns a result.
 
@@ -33,6 +33,16 @@ $$;
 | `COMMENT`                               | Optional text describing the procedure.                                                                                   |
 | `AS ...`                                | Encloses the procedure body, which contains SQL statements, variable declarations, loops, and a  RETURN statement.        |
 
+## Access control requirements
+
+| Privilege        | Object Type | Description          |
+|:-----------------|:------------|:---------------------|
+| CREATE PROCEDURE | Global      | Creates a procedure. |
+
+
+To create a procedure, the user performing the operation or the [current_role](/guides/security/access-control/roles) must have the CREATE PROCEDURE [privilege](/guides/security/access-control/privileges).
+
+
 ## Examples
 
 This example defines a stored procedure that converts weight from kilograms (kg) to pounds (lb):
@@ -73,6 +83,10 @@ BEGIN
     RETURN sum;
 END;
 $$;
+
+-- Grant ACCESS PROCEDURE Privilege TO role test
+GRANT ACCESS PROCEDURE ON PROCEDURE loop_test() to role test;
+
 ```
 
 ```sql
