A policy is a combination of multiple privileges packed for a specific user role, it often comprises multiple privileges and sub policies. User privileges can be more conveniently and better managed with a proper design and usage of policy.
Naming Conventions
Policies are named by developers. A same name cannot be shared between policies in an Ultipa instance.
- 2 ~ 64 characters
- Must start with letters
- Allow to use letters, underscore and numbers ( _ , A-Z, a-z, 0-9)
Show Policy
Returned table name: _policy
Returned table header: name
| graphPrivileges
| systemPrivileges
| policies
(the name, graph privileges, system privileges and sub policies of the policy)
Syntax:
// To show all policies in the current Ultipa instance
show().policy()
// To show a certain policy in the current Ultipa instance
show().policy("<name>")
Create Policy
Syntax:
// To create a policy in the current Ultipa instance
create().policy("<name>", <{}graph_privileges?>, <[]system_privileges?>, <[]policies?>)
where the format of <{}graph_privileges>
is:
{
"<graphSet1>":["<graph_privilege>", "<graph_privilege>", ...],
"<graphSet2>":["<graph_privilege>", "<graph_privilege>", ...],
...
}
Note: When using asterisk *
to replace the GraphSet name <graphSet>
, it represents all GraphSets in the current Ultipa instance. When graph privilege or system privilege are not declared in parameter policy()
but the items after it are to be declared, use empty braces to represent the omitted item.
Example: Create policy named "sales" that has privilege UPDATE against GraphSet "default" and "client", and system privilege STAT
create().policy(
"sales",
{"default": ["UPDATE"], "client":["UPDATE"]},
["STAT"]
)
Example: Create policy named "manager" that has UPDATE against all graphsets, and policy "sales"
create().policy(
"manager",
{"*": ["UPDATE"]},
[],
["sales"]
)
Analysis: System privilege is omitted and uses empty braces []
as a placeholder.
Alter Policy
Syntax:
// To modify a certain policy in the current Ultipa instance
alter().policy("<name>")
.set({graph_privileges:<{}new?>, system_privileges:<[]new?>, policies:<[]new?>})
Example: Modify policy "sales", make it only has UPDATE against graphset "default"
alter().policy("sales")
.set({graph_privileges: {"default": ["UPDATE"]}})
Example: Modify policy "manager", make it has UPDATE and DELETE against all graphsets, and sub policy "sales"
alter().policy("manager").set({
graph_privileges: {"*": ["UPDATE", "DELETE"]},
policies: ["sales"]
})
Drop Policy
Syntax:
// To delete a certain policy from the current Ultipa instance
drop().policy("<name>")