GQL - Role - Ultipa Graph

Change Password

Submit

Change Email

Submit

Change Nickname

Current Nickname:

Submit

Profile

Account ID:

Full Name:
Phone:
Company:
Company Email:
Country:
Language:

Change Password

Apply

You have no license application record.

Apply

Certificate	Issued at	Valid until	Serial No.	File

Serial No.	Valid until	File

Not having one? Apply now! >>>

Product	Created On	ID	Amount (USD)	Invoice

Product	Created On	ID	Amount (USD)	Invoice

No Invoice

Create Ultipa Account

Already have an Ultipa account? Sign in now!

Forgot Password

Reset Password

Back to sign in

Role

Overview

A role aggregates multiple privileges and other roles. Effective role design and usage enable role-based access control.

A role is also called a policy in Ultipa.

Showing Roles

To list all roles of the database:

SHOW ROLE

It returns a table _policy with the following fields:

Field	Description
`name`	Role name.
`graphPrivileges`	Graph privileges included in the role.
`systemPrivileges`	System privileges included in the role.
`propertyPrivileges`	Property privileges included in the role.
`policies`	Other roles included in the role.

Creating a Role

The CREATE ROLE statement creates a role for the database.

To create a role named sales:

CREATE ROLE sales

Renaming a Role

You can rename a role using the ALTER ROLE statement.

To rename the role sales to manager:

ALTER ROLE sales RENAME TO manager

Granting to a Role

You can grant privileges and roles to a role using the GRANT statement.

System Privileges

To grant system privileges SHOW_POLICY and ALTER_GRAPH to the role Tester:

GRANT ["SHOW_POLICY", "ALTER_GRAPH"] TO ROLE Tester

To grant all system privileges to the role sales:

GRANT * TO ROLE sales

Graph Privileges

To grant graph privileges READ and UPDATE on the graph amz to the role Tester:

GRANT ["READ", "UPDATE"] ON amz TO ROLE Tester

To grant all graph privileges on all graphs to the role sales:

GRANT * ON * TO ROLE sales

Property Privileges

To grant the privileges READ and WRITE to properties name and age of the Person nodes in the current graph to the role Tester:

GRANT ['READ','WRITE'] ON NODE Person (name, age) TO ROLE Tester

To grant the privilege DENY to all properties of all edges in the current graph to the role sales:

GRANT ["DENY"] ON EDGE * * TO ROLE sales

Roles

To grant the role manager to the role Tester:

GRANT ROLE manager TO ROLE Tester

Revoking from a Role

You can revoke privileges and roles from a role using the REVOKE statement.

System Privileges

To revoke system privileges SHOW_POLICY and ALTER_GRAPH from the role Tester:

REVOKE ["SHOW_POLICY", "ALTER_GRAPH"] FROM ROLE Tester

To revoke all system privileges from the role sales:

REVOKE * FROM ROLE sales

Graph Privileges

To revoke graph privileges READ and UPDATE on the graph amz from the role Tester:

REVOKE ["READ", "UPDATE"] ON amz FROM ROLE Tester

To revoke all graph privileges on all graphs from the role sales:

REVOKE * ON * FROM ROLE sales

Property Privileges

To revoke the privileges READ and WRITE to properties name and age of the Person nodes in the current graph from the role Tester:

REVOKE ['READ','WRITE'] ON NODE Person (name, age) FROM ROLE Tester

To revoke the privilege DENY to all properties of all edges in the current graph from the role sales:

REVOKE ["DENY"] ON EDGE * * FROM ROLE sales

Roles

To revoke the role manager from the role Tester:

REVOKE ROLE manager FROM ROLE Tester

Dropping a Role

You can drop a role using the DROP ROLE statement.

To drop the role manager:

DROP ROLE manager

ID
Product
Status
Cores
Applied Validity Period(days)
Effective Date
Excpired Date
Mac Address
Apply Comment
Review Comment