Privileges are the basic content of user permission management. Each privilege allows user to execute one or multiple corresponding UQL commands. With Ultipa graph system, privileges can be classified into 4 categories:
- User-related privilege
- Database-related privilege
- Data-related privilege
- Advanced privilege
Or into 2 levels regarding the scope:
- Graph privilege
- System privilege
With graph privileges, user may operate on the schema, property, index, metadata, path, algorithm and background task inside a certain GraphSet, and specific GraphSets have to be appointed when granting these privileges. Commands of graph privilege can only be executed after switching to the target GraphSet.
With system privileges, user is authorized to operate on the privilege, policy, user, GraphSet and UQL process of the current Ultipa Graph database, and no specific GraphSet has to be appointed when granting these privileges.
For the legal command(s) and classification that correspond to each privilege, please read the Table of Privileges at the end of this chapter.
Show Privilege
Returned table name: _privilege
Returned table header: graphPrivileges
| systemPrivileges
(graph privileges, system privileges)
Syntax:
// To list all privileges supported by Ultipa system
show().privilege()
Grant Additional Privileges/Polices
Syntax:
// To grant additional privileges and policies to a certain user in the current Ultipa instance
grant().user("<username>")
.params({graph_privileges:<{}new?>, system_privileges:<[]new?>, policies:<[]new?>})
Example: Add privilege UPDATE against all GraphSets and system privileges TOP and KILL to user "Ultipa", leave the existing privileges and policies unchanged
grant().user("Ultipa")
.params({graph_privileges: {"*": ["UPDATE"]}, system_privileges: ["TOP", "KILL"]})
Revoke Privileges/Polices
Syntax:
// To revoke privileges and policies from a certain user in the current Ultipa instance
revoke().user("<username>")
.params({graph_privileges:<{}old?>, system_privileges:<[]old?>, policies:<[]old?>})
Example: Remove privilege DELETE against GraphSet "default" from user "Ultipa"
revoke().user("Ultipa")
.params({graph_privileges: {"default": ["DELETE"]}})
Table of Privileges
User-related Privileges
Privilege | Scope | Legal Command |
---|---|---|
SHOW_PRIVILEGE | system | show().privilege() |
SHOW_POLICY | system | show().policy() |
CREATE_POLICY | system | create().policy() |
ALTER_POLICY | system | alter().policy() |
DROP_POLICY | system | drop().policy() |
SHOW_USER | system | show().user() |
CREATE_USER | system | create().user() |
ALTER_USER | system | alter().user() |
GRANT_USER | system | grant().user() |
REVOKE_USER | system | revoke().user() |
DROP_USER | system | drop().user() |
Note: Command show().self()
can be legally used by any user without authorization.
Database-related Privileges
Privilege | Scope | Legal Command |
---|---|---|
STAT | system | stats() |
SHOW_GRAPH | system | show().graph() |
CREATE_GRAPH | system | create().graph() |
ALTER_GRAPH | system | alter().graph() |
DROP_GRAPH | system | drop().graph() |
MOUNT_GRAPH | system | mount.graph() |
UNMOUNT_GRAPH | system | unmount.graph() |
SHOW_SCHEMA | graph | show().schema() , show().node_schema() , show().edge_schema() |
CREATE_SCHEMA | graph | create().node_schema() , create().edge_schema() |
ALTER_SCHEMA | graph | alter().node_schema() , alter().edge_schema() |
DROP_SCHEMA | graph | drop().node_schema() , drop().edge_schema() |
SHOW_PROPERTY | graph | show().property() , show().node_property() , show().edge_property() |
CREATE_PROPERTY | graph | create().node_property() , create().edge_property() |
ALTER_PROPERTY | graph | alter().node_property() , alter().edge_property() |
DROP_PROPERTY | graph | drop().node_property() , drop().edge_property() |
SHOW_FULLTEXT | graph | show().fulltext() , show().node_fulltext() , show().edge_fulltext() |
CREATE_FULLTEXT | graph | create().node_fulltext() , create().edge_fulltext() |
DROP_FULLTEXT | graph | drop().node_fulltext() , drop().edge_fulltext() |
SHOW_INDEX | graph | show().index() , show().node_index() , show().edge_index() |
CREATE_INDEX | graph | create().node_index() , create().edge_index() |
DROP_INDEX | graph | drop().node_index() , drop().edge_index() |
LTE | graph | LTE().node_property() , LTE().edge_property() |
UFE | graph | UFE().node_property() , UFE().edge_property() |
TRUNCATE | system | truncate().graph() |
COMPACT | system | compact().graph() |
Data-related Privileges
Privilege | Scope | Legal Command |
---|---|---|
INSERT | graph | insert() , insert().overwrite() |
UPSERT | graph | upsert() |
UPDATE | graph | update() |
DELETE | graph | delete() |
TEMPLATE | graph | n() , e() , re() , le() , nf() , graph() |
KHOP | graph | khop() |
AB | graph | ab() |
SPREAD | graph | spread() |
AUTONET | graph | autonet() |
FIND | graph | find() |
Advanced Privileges
Privilege | Scope | Legal Command |
---|---|---|
ALGO | graph | algo() |
ALGO_DV | graph | algo_dv() |
SHOW_ALGO | graph | show().algo() |
SHOW_TASK | graph | show().task() |
CLEAR_TASK | graph | clear() |
STOP_TASK | graph | stop() |
TOP | system | top() |
KILL | system | kill() |