Change Password

Input error
Input error
Input error
Submit

Change Nickname

Current Nickname:
Submit
v4.0

Privilege | Policy | User

Privilege

Privileges are the basic content of user permission management. Each privilege allows user to execute one or multiple corresponding UQL commands. With Ultipa graph system, privileges can be classified into 4 categories:

  • User-related privilege
  • Database-related privilege
  • Data-related privilege
  • Advanced privilege

Or into 2 levels regarding the scope:

  • Graph privilege
  • System privilege

With graph privileges, user may operate on the schema, property, index, metadata, path, algorithm and background task inside a certain GraphSet, and specific GraphSets have to be appointed when granting these privileges. Commands of graph privilege can only be executed after switching to the target GraphSet.

With system privileges, user is authorized to operate on the privilege, policy, user, GraphSet and UQL process of the current Ultipa Graph database, and no specific GraphSet has to be appointed when granting these privileges.

For the legal command(s) and classification that correspond to each privilege, please read the Table of Privileges at the end of this chapter.

Show Privilege

Returned table name: _privilege
Returned table header: graphPrivileges | systemPrivileges (graph privileges, system privileges)

Syntax:

// To list all privileges supported by Ultipa system
show().privilege()

Policy

A policy is a combination of multiple privileges packed for a specific user role. User privileges can be better and conveniently managed with a proper design and usage of policy.

Policy has the following features:

  • Please refer to chapter Basic Concepts for the naming conventions of policy;
  • A policy comprises multiple privileges and sub policies.

Show Policy

Returned table name: _policy
Returned table header: name | graphPrivileges | systemPrivileges | policies (the name, graph privileges, system privileges and sub policies of the policy)

Syntax:

// To show all policies in the current Ultipa instance
show().policy()

// To show a certain policy in the current Ultipa instance
show().policy("<name>")

Create Policy

Syntax:

// To create a policy in the current Ultipa instance
create().policy("<name>", <{}graph_privileges?>, <[]system_privileges?>, <[]policies?>)

where the format of <{}graph_privileges> is:

{ 
  "<graphSet1>":["<graph_privilege>", "<graph_privilege>", ...],
  "<graphSet2>":["<graph_privilege>", "<graph_privilege>", ...],
  ...
}

Note: When using asterisk * to replace the GraphSet name <graphSet>, it represents all GraphSets in the current Ultipa instance.

Example: Create policy named "sales" that has privilege UPDATE against GraphSet "default" and "client", and system privilege STAT

create().policy(
  "sales", 
  {"default": ["UPDATE"], "client":["UPDATE"]}, 
  ["STAT"]
)

Example: Create policy named "manager" that has UPDATE against all graphsets, and policy "sales"

create().policy(
  "manager",
  {"*": ["UPDATE"]},
  [],
  ["sales"]
)

Alter Policy

Syntax:

// To modify a certain policy in the current Ultipa instance
alter().policy("<name>")
  .set({graph_privileges:<{}new?>, system_privileges:<[]new?>, policies:<[]new?>})

Example: Modify policy "sales", make it only has UPDATE against graphset "default"

alter().policy("sales")
  .set({graph_privileges: {"default": ["UPDATE"]}})

Example: Modify policy "manager", make it has UPDATE and DELETE against all graphsets, and sub policy "sales"

alter().policy("manager").set({
  graph_privileges: {"*": ["UPDATE", "DELETE"]},
  policies: ["sales"]
})

Drop Policy

Syntax:

// To delete a certain policy from the current Ultipa instance
drop().policy("<name>")

User

User of Ultipa Graph system has the following features:

  • Please refer to chapter Basic Concepts for the naming conventions of user;
  • Length of password is 6~64;
  • A user can own multiple privileges and policies.

Show User

Returned table name: _user
Returned table header: username | create | lastLogin | graphPrivileges | systemPrivileges | policies (username, creation time, last login time, graph privileges, system privileges, sub policies)

Syntax:

// To show all users in the current Ultipa instance
show().user()

// To show a certain user in the current Ultipa instance
show().user("<name>")

// To show the current logged-on user
show().self()

Create User

Syntax:

// To create a user in the current Ultipa instance
create().user("<username>", "<password>", <{}graph_privileges?>, <[]system_privileges?>, <[]policies?>)

Example: Create user "Ultipa" with password "ultipaABC123", grant graph privileges UPDATE, ALGO, SHOW, LTE and UFE for all GraphSets, system privileges STAT, TOP and KILL, and policy "sales"

create().user(
  "Ultipa",   
  "ultipaABC123",
  {"*":["UPDATE","ALGO","SHOW","LTE","UFE"]},  
  ["STAT","TOP","KILL"], 
  ["sales"]
)

Alter User

Syntax:

// To modify the a certain user in the current Ultipa instance
alter().user("<username>")
  .set({password:"<new?>", graph_privileges:<{}new?>, system_privileges:<[]new?>, policies:<[]new?>})

Example:Modify user Ultipa's password to "ultipaFast"

alter().user("Ultipa")
  .set({password: "ultipaFast"})

Example:Modify user Ultipa's privilege and policy, make it only has graph privilege UPDATE against GraphSet "default"

alter().user("Ultipa")
  .set({graph_privileges: {"default": ["UPDATE"]}})

Grant Additional Privileges/Polices

Syntax:

// To grant additional privileges and policies to a certain user in the current Ultipa instance
grant().user("<username>")
  .params({graph_privileges:<{}new?>, system_privileges:<[]new?>, policies:<[]new?>})

Example: Add privilege UPDATE against all GraphSets and system privileges TOP and KILL to user "Ultipa", leave the existing privileges and policies unchanged

grant().user("Ultipa")
  .params({graph_privileges: {"*": ["UPDATE"]}, system_privileges: ["TOP", "KILL"]})

Revoke Privileges/Polices

Syntax:

// To revoke privileges and policies from a certain user in the current Ultipa instance
revoke().user("<username>")
  .params({graph_privileges:<{}old?>, system_privileges:<[]old?>, policies:<[]old?>})

Example: Remove privilege DELETE against GraphSet "default" from user "Ultipa"

revoke().user("Ultipa")
  .params({graph_privileges: {"default": ["DELETE"]}})

Drop User

Syntax:

// To delete a certain user from the current Ultipa instance
drop().user("<name>")

Reset Admin User

Resetting admin user needs to be done on Ultipa Server with ultipa-reset-user tool.

Table of Privileges

User-related Privileges

Privilege Scope Legal Command
SHOW_PRIVILEGE system show().privilege()
SHOW_POLICY system show().policy()
CREATE_POLICY system create().policy()
ALTER_POLICY system alter().policy()
DROP_POLICY system drop().policy()
SHOW_USER system show().user()
CREATE_USER system create().user()
ALTER_USER system alter().user()
GRANT_USER system grant().user()
REVOKE_USER system revoke().user()
DROP_USER system drop().user()

Note: Command show().self() can be legally used by any user without authorization.

Database-related Privileges

Privilege Scope Legal Command
STAT system stats()
SHOW_GRAPH system show().graph()
CREATE_GRAPH system create().graph()
ALTER_GRAPH system alter().graph()
DROP_GRAPH system drop().graph()
MOUNT_GRAPH system mount.graph()
UNMOUNT_GRAPH system unmount.graph()
SHOW_SCHEMA graph show().schema(), show().node_schema(), show().edge_schema()
CREATE_SCHEMA graph create().node_schema(), create().edge_schema()
ALTER_SCHEMA graph alter().node_schema(), alter().edge_schema()
DROP_SCHEMA graph drop().node_schema(), drop().edge_schema()
SHOW_PROPERTY graph show().property(), show().node_property(), show().edge_property()
CREATE_PROPERTY graph create().node_property(), create().edge_property()
ALTER_PROPERTY graph alter().node_property(), alter().edge_property()
DROP_PROPERTY graph drop().node_property(), drop().edge_property()
SHOW_FULLTEXT graph show().fulltext(), show().node_fulltext(), show().edge_fulltext()
CREATE_FULLTEXT graph create().node_fulltext(), create().edge_fulltext()
DROP_FULLTEXT graph drop().node_fulltext(), drop().edge_fulltext()
SHOW_INDEX graph show().index(), show().node_index(), show().edge_index()
CREATE_INDEX graph create().node_index(), create().edge_index()
DROP_INDEX graph drop().node_index(), drop().edge_index()
LTE graph LTE().node_property(), LTE().edge_property()
UFE graph UFE().node_property(), UFE().edge_property()
TRUNCATE system truncate()
COMPACT system compact()

Data-related Privileges

Privilege Scope Legal Command
INSERT graph insert(), insert().overwrite()
UPSERT graph upsert()
UPDATE graph update()
DELETE graph delete()
TEMPLATE graph n(), e(), re(), le(), nf(), graph()
KHOP graph khop()
AB graph ab()
SPREAD graph spread()
AUTONET graph autonet()
FIND graph find()

Advanced Privileges

Privilege Scope Legal Command
ALGO graph algo()
ALGO_DV graph algo_dv()
SHOW_ALGO graph show().algo()
SHOW_TASK graph show().task()
CLEAR_TASK graph clear()
STOP_TASK graph stop()
TOP system top()
KILL system kill()
Please complete the following information to download this book
*
公司名称不能为空
*
公司邮箱必须填写
*
你的名字必须填写
*
你的电话必须填写
*
你的电话必须填写