chore: add rbac about sequence and nextval (#2551)

Author: TCeason

docs/en/guides/56-security/access-control/01-privileges.md

@@ -112,6 +112,7 @@ Databend offers a range of privileges that allow you to exercise fine-grained co
 | CREATE DATABASE   | Global                        | Creates a database or UDF.                                                                                                                         |
 | CREATE WAREHOUSE  | Global                        | Creates a warehouse.                                                                                                                               |
 | CREATE CONNECTION | Global                        | Creates a connection.                                                                                                                              |
+| CREATE SEQUENCE   | Global                        | Creates a sequence.                                                                                                                                |
 | DELETE            | Table                         | Deletes or truncates rows in a table.                                                                                                              |
 | DROP              | Global, Database, Table, View | Drops a database, table, view or UDF. Undrops a table.                                                                                             |
 | INSERT            | Table                         | Inserts rows into a table.                                                                                                                         |
@@ -128,6 +129,7 @@ Databend offers a range of privileges that allow you to exercise fine-grained co
 | READ              | Stage                         | Read a stage.                                                                                                                                      |
 | USAGE             | UDF                           | Use udf.                                                                                                                                           |
 | ACCESS CONNECTION | CONNECTION                    | Access connection.                                                                                                                                 |
+| ACCESS SEQUENCE   | SEQUENCE                      | Access sequence.                                                                                                                                   |
 
 ### Global Privileges
 
@@ -235,3 +237,11 @@ Please note that you can use the [USE DATABASE](/sql/sql-commands/ddl/database/d
 | Access Connection | Can access Connection.                                                                                             |
 | ALL               | Grants Access Connection privileges for the specified object type.                                                 |
 | OWNERSHIP         | Grants full control over a Connection.  Only a single role can hold this privilege on a specific object at a time. |
+
+### Sequence Privileges
+
+| Privilege       | Description                                                                                                      |
+|:----------------|:-----------------------------------------------------------------------------------------------------------------|
+| Access Sequence | Can access Sequence.(e.g. Drop,Desc)                                                                             |
+| ALL             | Grants Access Sequence privileges for the specified object type.                                                 |
+| OWNERSHIP       | Grants full control over a Sequence.  Only a single role can hold this privilege on a specific object at a time. |

docs/en/sql-reference/10-sql-commands/00-ddl/01-table/10-ddl-create-table.md

@@ -5,7 +5,7 @@ sidebar_position: 1
 
 import FunctionDescription from '@site/src/components/FunctionDescription';
 
-<FunctionDescription description="Introduced or updated: v1.2.714"/>
+<FunctionDescription description="Introduced or updated: v1.2.784"/>
 
 import EEFeature from '@site/src/components/EEFeature';
 
@@ -114,6 +114,7 @@ By default, **all columns are nullable(NULL)** in Databend. If you need a column
 - An expression with no input arguments and returns a scalar value, such as `1 + 1`, `NOW()` or `UUID()`.
 - A dynamically generated value from a sequence, such as `NEXTVAL(staff_id_seq)` for the `staff_id` column in the example below.
   - NEXTVAL must be used as a standalone default value; expressions like `NEXTVAL(seq1) + 1` are not supported.
+  - Users must adhere to their granted permissions for sequence utilization, including operations such as [NEXTVAL](/sql/sql-functions/sequence-functions/nextval#access-control-requirements)
 
 ```sql
 CREATE SEQUENCE staff_id_seq;

docs/en/sql-reference/10-sql-commands/00-ddl/04-sequence/create-sequence.md

@@ -5,7 +5,7 @@ sidebar_position: 1
 
 import FunctionDescription from '@site/src/components/FunctionDescription';
 
-<FunctionDescription description="Introduced or updated: v1.2.426"/>
+<FunctionDescription description="Introduced or updated: v1.2.784"/>
 
 Creates a new sequence in Databend.
 
@@ -25,6 +25,25 @@ CREATE [ OR REPLACE ] SEQUENCE [IF NOT EXISTS] <sequence>
 |--------------|-----------------------------------------|
 | `<sequence>` | The name of the sequence to be created. |
 
+## Access control requirements
+
+| Privilege       | Object Type | Description           |
+|:----------------|:------------|:----------------------|
+| CREATE SEQUENCE | Global      | Creates a sequence. |
+
+
+To create a sequence, the user performing the operation or the [current_role](/guides/security/access-control/roles) must have the CREATE SEQUENCE [privilege](/guides/security/access-control/privileges).
+
+:::note
+
+The enable_experimental_sequence_rbac_check settings governs sequence-level access control. It is disabled by default.
+sequence creation solely requires the user to possess superuser privileges, bypassing detailed RBAC checks.
+When enabled, granular permission verification is enforced during sequence establishment.
+
+This is an experimental feature and may be enabled by default in the future.
+
+:::
+
 ## Examples
 
 This example showcases how sequences and the [NEXTVAL](/sql/sql-functions/sequence-functions/nextval) function are employed to automatically generate and assign unique identifiers to rows in a table.

docs/en/sql-reference/20-sql-functions/18-sequence-functions/nextval.md

@@ -3,7 +3,7 @@ title: NEXTVAL
 ---
 import FunctionDescription from '@site/src/components/FunctionDescription';
 
-<FunctionDescription description="Introduced or updated: v1.2.453"/>
+<FunctionDescription description="Introduced or updated: v1.2.784"/>
 
 Retrieves the next value from a sequence.
 
@@ -17,6 +17,26 @@ NEXTVAL(<sequence_name>)
 
 Integer.
 
+## Access control requirements
+
+| Privilege       | Object Type | Description        |
+|:----------------|:------------|:-------------------|
+| ACCESS SEQUENCE | SEQUENCE    | Access a sequence. |
+
+
+To access a sequence, the user performing the operation or the roles must have the ACCESS SEQUENCE [privilege](/guides/security/access-control/privileges).
+
+:::note
+
+The enable_experimental_sequence_rbac_check settings governs sequence-level access control. It is disabled by default.
+sequence creation solely requires the user to possess superuser privileges, bypassing detailed RBAC checks.
+When enabled, granular permission verification is enforced during sequence establishment.
+
+This is an experimental feature and may be enabled by default in the future.
+
+:::
+
+
 ## Examples
 
 This example demonstrates how the NEXTVAL function works with a sequence: