docs: statement execution

Author: tianzhou

content/docs/_layout.md

@@ -225,7 +225,7 @@ expand_section_list: ['Self-host']
 
 ### [Database Instance](/administration/instance)
 
-### [Environment Tier](/administration/environment-policy/tier)
+### [Environment Policy](/administration/environment-policy/overview)
 
 ### [Customize Logo](/administration/customize-logo)
 

content/docs/administration/environment-policy/overview.md

@@ -0,0 +1,33 @@
+---
+title: Environment Policy
+---
+
+## Execution Mode
+
+Even if you have `databases.queryDML` and `databases.queryDDL` permissions, you can only run SELECT in [SQL Editor](/docs/sql-editor/overview/) by default. If you attempt to run mutation DML or DDL, it will prompt you to submit an issue.
+
+![change-prompt](/content/docs/administration/environment-policy/sql-editor-change-prompt.webp)
+
+If you want to run those statements directly in SQL Editor, you need to turn on the statement execution setting.
+
+![statement-execution](/content/docs/administration/environment-policy/sql-editor-statement-execution.webp)
+
+## Environment Tier
+
+<PricingPlanBlock feature_name='ENVIRONMENT_TIER' />
+
+For production environments, extra care should be taken. Bytebase allows marking such an environment as a production environment. Workspace admin or DBA can configure this under the Environment Tier section from the environment detail page.
+
+When an environment is marked as a production environment, a shield indicator will appear before the environment label. It lets users know that it is a production environment.
+
+See the following example, the environment “Prod” is marked as a production environment. You can find the shield indicator on different pages.
+
+![tier-envs](/content/docs/administration/environment-policy/tier/env-tier-envs.webp)
+
+![tier-issue-details](/content/docs/administration/environment-policy/tier/env-tier-issue-details.webp)
+
+A caution notice will also appear at the top of the SQL Editor when you connect to an instance in a production environment.
+
+![tier-editor](/content/docs/administration/environment-policy/tier/env-tier-editor.webp)
+
+By default, instances and databases in a production environment will be inaccessible to developers. Workspace admins and DBAs can configure some databases as accessible to developers via [Database Permission](/docs/security/database-permission/overview).

content/docs/administration/environment-policy/tier.md

@@ -2,19 +2,3 @@
 title: Environment Tier
 feature_name: ENVIRONMENT_TIER
 ---
-
-For production environments, extra care should be taken. Bytebase allows marking such an environment as a production environment. Workspace admin or DBA can configure this under the Environment Tier section from the environment detail page.
-
-When an environment is marked as a production environment, a shield indicator will appear before the environment label. It lets users know that it is a production environment.
-
-See the following example, the environment “Prod” is marked as a production environment. You can find the shield indicator on different pages.
-
-![tier-envs](/content/docs/administration/tier/env-tier-envs.webp)
-
-![tier-issue-details](/content/docs/administration/tier/env-tier-issue-details.webp)
-
-A caution notice will also appear at the top of the SQL Editor when you connect to an instance in a production environment.
-
-![tier-editor](/content/docs/administration/tier/env-tier-editor.webp)
-
-By default, instances and databases in a production environment will be inaccessible to developers. Workspace admins and DBAs can configure some databases as accessible to developers via [Database Permission](/docs/security/database-permission/overview).

content/docs/security/database-permission/overview.md

@@ -7,16 +7,16 @@ feature_name: DATABASE_PERMISSION
 
 Database permission controls individual users' or groups' actions within the database. Below shows the built-in roles' database permissions.
 
-| Role              | EXPLAIN | Query | Export | Data-modifying DML | DDL | Admin |
-| ----------------- | ------- | ----- | ------ | ------------------ | --- | ----- |
-| Workspace Admin   | ✅      | ✅    | ✅     | ✅                 | ✅  | ✅    |
-| Workspace DBA     | ✅      | ✅    | ✅     | ✅                 | ✅  | ✅    |
-| Project Owner     | ✅      | ✅    | ✅     | ✅                 | ✅  | ✅    |
-| Project Developer |         |       |        | ✅                 | ✅  | ✅    |
-| Project Querier   |         | ✅    |        |                    |     |       |
-| Project Exporter  |         |       | ✅     |                    |     |       |
-| Project Releaser  |         |       |        |                    |     |       |
-| Project Viewer    |         |       |        |                    |     |       |
+| Role              | EXPLAIN | Query | Export | Mutation DML | DDL | Admin |
+| ----------------- | ------- | ----- | ------ | ------------ | --- | ----- |
+| Workspace Admin   | ✅      | ✅    | ✅     | ✅           | ✅  | ✅    |
+| Workspace DBA     | ✅      | ✅    | ✅     | ✅           | ✅  | ✅    |
+| Project Owner     | ✅      | ✅    | ✅     | ✅           | ✅  | ✅    |
+| Project Developer |         |       |        | ✅           | ✅  |       |
+| Project Querier   |         | ✅    |        |              |     |       |
+| Project Exporter  |         |       | ✅     |              |     |       |
+| Project Releaser  |         |       |        |              |     |       |
+| Project Viewer    |         |       |        |              |     |       |
 
 You can also pick out specific permissions to build [custom roles](/docs/administration/custom-roles/). e.g. create a custom role that grants only the [EXPLAIN](/docs/security/database-permission/explain/) permission.
 

content/docs/share/database-permission-table.md

@@ -1,8 +1,8 @@
-| Access Level                          | Operation          | Permission               |
-| ------------------------------------- | ------------------ | ------------------------ |
-| [Read](/docs/sql-editor/run-queries/) | EXPLAIN            | `databases.queryExplain` |
-|                                       | Query              | `databases.query`        |
-|                                       | Export             | `databases.export`       |
-| Write                                 | Data-modifying DML | `databases.queryDML`     |
-|                                       | DDL                | `databases.queryDDL`     |
-| [Admin](/docs/sql-editor/admin-mode/) | Admin              | `instances.adminExecute` |
+| Access Level                                                                                          | Operation    | Permission               |
+| ----------------------------------------------------------------------------------------------------- | ------------ | ------------------------ |
+| [Read](/docs/sql-editor/run-queries/)                                                                 | EXPLAIN      | `databases.queryExplain` |
+|                                                                                                       | Query        | `databases.query`        |
+|                                                                                                       | Export       | `databases.export`       |
+| Write (subject to [execution mode](/docs/administration/environment-policy/overview/#execution-mode)) | Mutation DML | `databases.queryDML`     |
+|                                                                                                       | DDL          | `databases.queryDDL`     |
+| [Admin](/docs/sql-editor/admin-mode/)                                                                 | Admin        | `instances.adminExecute` |