pingcap · ti-chi-bot · Apr 26, 2022 · Feb 22, 2022 · Mar 4, 2022 · Apr 14, 2022
diff --git a/privilege-management.md b/privilege-management.md
@@ -195,6 +195,7 @@ Dynamic privileges include:
 * `ROLE_ADMIN`
 * `CONNECTION_ADMIN`
 * `SYSTEM_VARIABLES_ADMIN`
+* `RESTRICTED_REPLICA_WRITER_ADMIN` allows privilege owners to perform write or update operations without being affected when the TiDB cluster is enabled the read-only mode. For details, see [`tidb_restricted_read_only`](/system-variables.md#tidb_restricted_read_only-new-in-v520).
 
 To see the full set of dynamic privileges, execute the `SHOW PRIVILEGES` statement. Because plugins are permitted to add new privileges, the list of privileges that are assignable might differ based on your TiDB installation.
 

diff --git a/system-variables.md b/system-variables.md
@@ -754,6 +754,21 @@ Constraint checking is always performed in place for pessimistic transactions (d
     - `RESTRICTED_VARIABLES_ADMIN`: The ability to see and set sensitive variables in `SHOW [GLOBAL] VARIABLES` and `SET`.
     - `RESTRICTED_USER_ADMIN`: The ability to prevent other users from making changes or dropping a user account.
 
+### tidb_restricted_read_only <span class="version-mark">New in v5.2.0</span>
+
+- Scope: GLOBAL
+- Default value: `0`
+- Optional values: `0`, `1`
+- This variable controls the read-only status of the entire cluster. If the variable is enabled (which means the value is `1`), all TiDB servers in the entire cluster turn on the read-only mode. In this case, TiDB only executes the statements that do not modify data, such as `SELECT`, `USE`, `SHOW`. For others, such as `INSERT` and `UPDATE`, TiDB rejects to execute those statements in the read-only mode.
+- If you enabled the read-only mode by this variable, this only ensures that the entire cluster finally goes into the read-only status. Suppose that you have changed the value of this variable, but the changed status is not updated to other TiDB servers. In this situation, the un-updated TiDB is still **not** in the read-only mode.
+- While enabling this variable, the executing SQL statements are not affected. TiDB only checks the read-only status for the SQL statements **to be** executed.
+- While enabling this variable, the uncommitted transactions have the following results:
+    - For uncommitted read-only transactions, the transactions can be committed normally.
+    - For uncommitted transactions that are not read-only transactions, SQL statements executing write operations in these transactions are rejected.
+    - For uncommitted read-only transactions with modified data, commitments of these transactions are rejected.
+- After the read-only mode is enabled, all users (including the users with the `SUPER` privilege) cannot execute the SQL statements that might write data unless the user is explicitly granted the `RESTRICTED_REPLICA_WRITER_ADMIN` privileges.
+- The users with `RESTRICTED_VARIABLES_ADMIN` or `SUPER` privileges can modify this variable. However, if the [Security Enhanced Mode](#tidb_enable_enhanced_security) is enabled, only the users with the `RESTRICTED_VARIABLES_ADMIN` privilege can modify this variable.
+
 ### tidb_enable_fast_analyze
 
 > **Warning:**