A database user can access the database system and perform querying and administrative operations based on their assigned privileges.
Ultipa supports both GQL and UQL to manage users in the database.
All usernames in the database must be unique and adhere to the following rules:
_) only.To list all database users:
GQLSHOW USER
To create a user johndoe with a password:
GQLCREATE USER johndoe WITH PASSWORD 'mHMUUjQWG46z'
The password of the user must be between 6 to 64 characters in length.
You can alter the username and password of a user.
To rename user johndoe to johndoe_1:
GQLALTER USER johndoe RENAME TO johndoe_1
To update the password for user admin:
GQLALTER USER admin SET PASSWORD 'zdcsQ7QFaCCE'
You can grant privileges and roles to a user. Note that the existing privileges and roles assigned to the user remain unchanged.
To grant system privileges SHOW_POLICY and ALTER_GRAPH to the user johndoe:
GQLGRANT ["SHOW_POLICY", "ALTER_GRAPH"] TO johndoe
To grant all system privileges to the user johndoe:
GQLGRANT * TO johndoe
To grant graph privileges READ and UPDATE on the graph amz to the user johndoe:
GQLGRANT ["READ", "UPDATE"] ON amz TO johndoe
To grant all graph privileges on all graphs to the user johndoe:
GQLGRANT * ON * TO johndoe
To grant the privileges READ and WRITE to properties name and age of the Person nodes in the current graph to the user johndoe:
GQLGRANT ['READ','WRITE'] ON NODE Person (name, age) TO johndoe
To grant the privilege DENY to all properties of all edges in the current graph to the user johndoe:
GQLGRANT ["DENY"] ON EDGE * * TO johndoe
To grant the role manager to the user johndoe:
GQLGRANT ROLE manager TO johndoe
You can revoke privileges and roles from a user.
To revoke system privileges SHOW_POLICY and ALTER_GRAPH from the user johndoe:
GQLREVOKE ["SHOW_POLICY", "ALTER_GRAPH"] FROM johndoe
To revoke all system privileges from the user johndoe:
GQLREVOKE * FROM johndoe
To revoke graph privileges READ and UPDATE on the graph amz from the user johndoe:
GQLREVOKE ["READ", "UPDATE"] ON amz FROM johndoe
To revoke all graph privileges on all graphs from the user johndoe:
GQLREVOKE * ON * FROM johndoe
To revoke the privileges READ and WRITE to properties name and age of the Person nodes in the current graph from the user johndoe:
GQLREVOKE ['READ','WRITE'] ON NODE Person (name, age) FROM johndoe
To revoke the privilege DENY to all properties of all edges in the current graph from the user johndoe:
GQLREVOKE ["DENY"] ON EDGE * * FROM johndoe
To revoke the role manager from the user johndoe:
GQLREVOKE ROLE manager FROM johndoe
To drop the user johndoe:
GQLDROP USER johndoe
To list all database users:
UQLshow().user()
Or retrieves a specific user, such as the one named root:
UQLshow().user("root")
Or retrieves the current logged-in user:
UQLshow().self()
You can create a user and assign it privileges and roles at the same time:
Syntaxcreate().user("<username>", "<password>").params({ system_privileges: ["<systemPriv>", "<systemPriv>", ...], // Set <graph> as * to specify all graphs graph_privileges: { "<graph>": ["<graphPriv>", "<graphPriv>", ...], "<graph>": ["<graphPriv>", "<graphPriv>", ...], ... }, // Set <graph>/<schema>/<property> as * to specify all graphs/schemas/properties property_privileges: { "node": { "read": [["<graph>", "<schema>", "<property>"],["<graph>", "<schema>", "<property>"],...], "write": [["<graph>", "<schema>", "<property>"],["<graph>", "<schema>", "<property>"],...], "deny": [["<graph>", "<schema>", "<property>"],["<graph>", "<schema>", "<property>"],...] }, "edge": { "read": [["<graph>", "<schema>", "<property>"],["<graph>", "<schema>", "<property>"],...], "write": [["<graph>", "<schema>", "<property>"],["<graph>", "<schema>", "<property>"],...], "deny": [["<graph>", "<schema>", "<property>"],["<graph>", "<schema>", "<property>"],...] } }, policies: ["<policy>", "<policy>", ...] })
To create a user admin with all graph and system privileges:
UQLcreate().user("admin", "U7MRDBFXd2Ab").params({ graph_privileges: {"*":["READ","INSERT","UPSERT","UPDATE","DELETE","CREATE_SCHEMA","DROP_SCHEMA","ALTER_SCHEMA","SHOW_SCHEMA","RELOAD_SCHEMA","CREATE_PROPERTY","DROP_PROPERTY","ALTER_PROPERTY","SHOW_PROPERTY","CREATE_FULLTEXT","DROP_FULLTEXT","SHOW_FULLTEXT","CREATE_INDEX","DROP_INDEX","SHOW_INDEX","LTE","UFE","CLEAR_JOB","STOP_JOB","SHOW_JOB","ALGO","CREATE_PROJECT","SHOW_PROJECT","DROP_PROJECT","CREATE_HDC_GRAPH","SHOW_HDC_GRAPH","DROP_HDC_GRAPH","COMPACT_HDC_GRAPH","SHOW_VECTOR_INDEX","CREATE_VECTOR_INDEX","DROP_VECTOR_INDEX","SHOW_CONSTRAINT","CREATE_CONSTRAINT","DROP_CONSTRAINT"]}, system_privileges: ["TRUNCATE","COMPACT","CREATE_GRAPH","SHOW_GRAPH","DROP_GRAPH","ALTER_GRAPH","TOP","KILL","STAT","SHOW_POLICY","CREATE_POLICY","DROP_POLICY","ALTER_POLICY","SHOW_USER","CREATE_USER","DROP_USER","ALTER_USER","SHOW_PRIVILEGE","SHOW_META","SHOW_SHARD","ADD_SHARD","DELETE_SHARD","REPLACE_SHARD","SHOW_HDC_SERVER","ADD_HDC_SERVER","DELETE_HDC_SERVER","LICENSE_UPDATE","LICENSE_DUMP","GRANT","REVOKE","SHOW_BACKUP","CREATE_BACKUP","SHOW_VECTOR_SERVER","ADD_VECTOR_SERVER","DELETE_VECTOR_SERVER"] })
To create a user johndoe with:
SHOW_GRAPH, ALTER_GRAPHREAD for all graphs, SHOW_INDEX and SHOW_JOB for graphs amz and trans.read all node propertieswrite properties rank and asset for edgx edges and read property mark for all edges in the graph amzmanagerUQLcreate().user("johndoe", "mHMUUjQWG46z").params({ system_privileges: ["SHOW_GRAPH", "ALTER_GRAPH"], graph_privileges: { "*": ["READ", "SHOW_SCHEMA", "SHOW_PROPERTY"], "amz": ["SHOW_INDEX", "SHOW_JOB"], "trans": ["SHOW_INDEX", "SHOW_JOB"] }, property_privileges: { "node": { "read": [["*", "*", "*"]] }, "edge": { "read": [["amz", "*", "mark"]], "write": [ ["amz", "edgx", "rank"], ["amz", "edgx", "asset"] ] } }, policies: ["manager"] })
You can grant privileges and roles to a user. Note that the existing privileges and roles assigned to the user remain unchanged.
Syntaxgrant().user("<userName>").params({ system_privileges: ["<systemPriv>", "<systemPriv>", ...], // Set <graph> as * to specify all graphs graph_privileges: { "<graph>": ["<graphPriv>", "<graphPriv>", ...], "<graph>": ["<graphPriv>", "<graphPriv>", ...], ... }, // Set <graph>/<schema>/<property> as * to specify all graphs/schemas/properties property_privileges: { "node": { "read": [["<graph>", "<schema>", "<property>"],["<graph>", "<schema>", "<property>"],...], "write": [["<graph>", "<schema>", "<property>"],["<graph>", "<schema>", "<property>"],...], "deny": [["<graph>", "<schema>", "<property>"],["<graph>", "<schema>", "<property>"],...] }, "edge": { "read": [["<graph>", "<schema>", "<property>"],["<graph>", "<schema>", "<property>"],...], "write": [["<graph>", "<schema>", "<property>"],["<graph>", "<schema>", "<property>"],...], "deny": [["<graph>", "<schema>", "<property>"],["<graph>", "<schema>", "<property>"],...] } }, policies: ["<policy>", "<policy>", ...] })
To grant the graph privileges CREATE_SCHEMA and DROP_SCHEMA of the graphset Tax, and system privilege ADD_HDC_SERVER to the user ultipaUsr:
UQLgrant().user("ultipaUsr").params({ graph_privileges: {"Tax": ["CREATE_SCHEMA", "DROP_SCHEMA"]}, system_privileges: ["ADD_HDC_SERVER"] })
You can revoke privileges and roles from a user.
Syntaxrevoke().user("<userName>").params({ system_privileges: ["<systemPriv>", "<systemPriv>", ...], // Set <graph> as * to specify all graphs graph_privileges: { "<graph>": ["<graphPriv>", "<graphPriv>", ...], "<graph>": ["<graphPriv>", "<graphPriv>", ...], ... }, // Set <graph>/<schema>/<property> as * to specify all graphs/schemas/properties property_privileges: { "node": { "read": [["<graph>", "<schema>", "<property>"],["<graph>", "<schema>", "<property>"],...], "write": [["<graph>", "<schema>", "<property>"],["<graph>", "<schema>", "<property>"],...], "deny": [["<graph>", "<schema>", "<property>"],["<graph>", "<schema>", "<property>"],...] }, "edge": { "read": [["<graph>", "<schema>", "<property>"],["<graph>", "<schema>", "<property>"],...], "write": [["<graph>", "<schema>", "<property>"],["<graph>", "<schema>", "<property>"],...], "deny": [["<graph>", "<schema>", "<property>"],["<graph>", "<schema>", "<property>"],...] } }, policies: ["<policy>", "<policy>", ...] })
To revoke the graph privileges CREATE_SCHEMA and DROP_SCHEMA of the graphset Tax, and system privilege ADD_HDC_SERVER from the user ultipaUsr:
UQLrevoke().user("ultipaUsr").params({ graph_privileges: {"Tax": ["CREATE_SCHEMA", "DROP_SCHEMA"]}, system_privileges: ["ADD_HDC_SERVER"] })
You can alter privileges and roles assigned to a user. Note that only the specified items will be updated, others remain unchanged.
Syntaxalter().user("<username>").set({ password: "<password>", graph_privileges: { "<graph>": ["<graphPriv>", "<graphPriv>", ...], ... }, system_privileges: ["<systemPriv>", "<systemPriv>", ...], property_privileges: { "node": { "<propertyPriv>": [ ["<graph>", "<schema>", "<property>"], ... ], ... }, "edge": { "<propertyPriv>": [ ["<graph>", "<schema>", "<property>"], ... ], ... } }, policies: ["<policyName>", "<policyName>", ...] })
To modify user admin's password while keeping all privileges and policies unchanged:
UQLalter().user("admin").set({password: "zdcsQ7QFaCCE"})
To modify user johndoe's graph and property privileges, and policies, while keeping password and system privileges unchanged:
UQLalter().user("johndoe").set({ graph_privileges: {"*": ["UPDATE", "DELETE"]}, property_privileges: { "node": { "write": [["miniCircle","*","*"]] }, "edge": { "write": [["miniCircle","*","*"]] } }, policies: ["sales"] })
To drop the user johndoe:
UQLdrop().user("johndoe")