Change Password

Input error
Input error
Input error
Submit
v2.x

User & Privilege

To enhance the system and service security, Ultipa creates a feature-rich authority system that grants privileges to users in a flexible way.

Privilege

Privilege Categories

Privileges can be classified into 4 categories:

  • account related privileges
  • database related privileges
  • data related privileges
  • advanced privileges

Each uQL command, except getSelfInfo() that needs no privilege to access, is accessible only when the particular privilege is granted to the user.

Account Related Privileges

Privileges Scope Legal Commands
POLICY system listPrivilege(), createPolicy(), updatePolicy(), deletePolicy(), listPolicy(), getPolicy()
USER system listUser(), getUser(), createUser(), updateUser(), deleteUser(), grant(), revoke()

Database Related Privileges

Privileges Scope Legal Commands
STAT system stat()
CREATE_GRAPH system createGraph()
UPDATE_GRAPH system updateGraph()
DROP_GRAPH system dropGraph()
LIST_GRAPH system listGraph()
GET_GRAPH system getGraph()
SHOW_PROPERTY graph show()
CREATE_PROPERTY graph create()
ALTER_PROPERTY graph alter()
DROP_PROPERTY graph drop()
LTE graph LTE()
UFE graph UFE()
SHOW_INDEX graph showIndex()
CREATE_INDEX graph createIndex()
DROP_INDEX graph dropIndex()
TRUNCATE system truncate()
COMPACT system compact()

Data Related Privileges

Privileges Scope Legal Commands
INSERT graph insert()
UPDATE graph update()
DELETE graph delete()
QUERY graph find(), ab(), khop(), autoNet(), spread(), t()

Advanced Privileges

Privileges Scope Legal Commands
ALGO graph listAlgo(), algo(), showTask(), clearTask(), stopTask()
TOP system top()
KILL system kill()

listPrivilege()

There are two levels of privileges regarding their scope:

  • graph level: INSERT, DELETE, UPDATE, etc.
  • system level: CREATE_GRAPH, DROP_GRAPH, USER, etc.

Note that the graphset name must be specified when the graph level privileges are being granted.

To list all privileges supported by Ultipa system:

listPrivilege()

Policy

Policy organizes privileges into tree-structure that can be granted to users, to better classify and manage users with different roles.

A policy is a combination of graph privileges, system privileges and sub-policies. A user can own privileges and policies at the same time.

listPolicy()

To list all policies on the current Ultipa server:

listPolicy()

Execution result of listPolicy() in Ultipa-Manager:

Figure: listPolicy() Execution Result

getPolicy()

To check a policy's information:

getPolicy().name(<name>)

Example: Show information of policy 'sales'

getPolicy().name("sales")

createPolicy()

The components of uQL to create a policy:

Type Components
Command createPolicy()
Parameter name(<>),
graph_privileges(<>), system_privileges(<>), policies(<>)
Return (operational status))

Values of parameter:

Name Data Type Specification Description
name string (follows the naming convention of property) The name of policy
graph_privileges obj graph level privilege, graphset-oriented (Optional) Lists of graph privileges configured for particular graphsets
system_privileges []string system level privilege (Optional) A list of system privileges
policies []string policy name (Optional) A list of policies to be used as sub-policies

Where the data format of graph_privileges(<>) is:

{ 
  <graphSet1>:[<policy>, <policy>, ...],
  <graphSet2>:[<policy>, <policy>, ...],
  ...
}

// or use asterisk (*) replacing the graphset name to represent all graphsets in the database:

{ 
  *:[<policy>, <policy>, ...]
}

Example 1: Create policy 'sales', having privilege UPDATE against graphset 'default', and privileges INSERT and QUERY against graphset 'client':

createPolicy()
  .name("sales")
  .graph_privileges( {default: "UPDATE", client: ["INSERT", "QUERY"]} )

Example 2: Create policy 'manager', having DELETE against all the graphsets, having STAT, and owning the policy 'sales':

createPolicy()
  .name("manager")
  .graph_privileges( {*: "DELETE"} )
  .system_privileges("STAT")
  .policies("sales")

updatePolicy()

When updating a policy using updatePolicy(), the whole set of graph privileges, system privileges or sub-policies of the policy is replaced or removed, NOT just adding or removing particular content for each set.

The components of uQL to update a policy:

Type Components
Command updatePolicy()
Parameter name(<>),
graph_privileges(<>), system_privileges(<>), policies(<>)
Return (operational status))

Values of parameter:

Name Data Type Specification Description
name string policy name The name of policy to be updated
graph_privileges obj; {} graph level privilege, graphset-oriented (Optional) Lists of graph privileges configured for particular graphsets; {}: to remove all graph privileges from current policy
system_privileges []string; [] system level privilege (Optional) A list of system privileges; []: to remove all system privileges from current policy
policies []string; [] policy name (Optional) A list of policies to be used as sub-policies; []: to remove all sub-policies from current policy

Where:

  • parameters that are not included in the uQL will keep their corresponding privileges or sub-policies in the same way;
  • data format of graph_privileges(<>) is same as that in command createPolicy().

Example 1: Update policy 'sales', having INSERT and QUERY against graphset 'client':

createPolicy()
  .name("sales")
  .graph_privileges( {client: ["INSERT", "QUERY"]} )

Example 2: Update policy 'manager', removing all graph privileges:

updatePolicy()
  .name("manager")
  .graph_privileges({})

deletePolicy()

To delete an existing policy:

deletePolicy().name(<name>)

User Management

A user can own privileges and policies at the same time.

listUser()

To list all users on the current Ultipa server:

listUser()

Execution result of listUser() in Ultipa-Manager:

Figure: listUser() Execution Result

getUser()

To check a user's information:

getUser().username(<name>)

Example: Show information of user 'yang'

getUser().username("yang")

getSelfInfo()

To check current user's information:

getSelfInfo()

getSelfInfo() is the only uQL command that does not require privilege.

createUser()

The components of uQL to create a user with password and privileges:

Type Components
Command createUser()
Parameter username(<>), password(<>),
graph_privileges(<>), system_privileges(<>), policies(<>)
Return (operational status))

Values of parameter:

Name Data Type Specification Description
username string (follows the naming convention of property) The user name for login
password string ≥ 6 characters The password for login
graph_privileges obj graph level privilege, graphset-oriented (Optional) Lists of graph privileges configured for particular graphsets
system_privileges []string system level privilege (Optional) A list of system privileges
policies []string policy name (Optional) A list of policies

Where:

  • data format of graph_privileges(<>) is same as that in command createPolicy().

Example 1: Create user 'ultipa', with password 'ultipaABC123'.

createUser()
  .username("ultipa").password("ultipaABC123")

Example 2: Create user 'salesMgr', with password 'pswd2020' and system privilege 'STAT'.

createUser()
  .username("salesMgr").password("pswd2020")
  .system_privileges("STAT")

updateUser()

updateUser() updates the password and privileges of a user. When updating privileges, the whole set of graph privileges, system privileges or policies of the user is granted or revoked, NOT just granting or revoking particular content for each set.

The components of uQL to update a user:

Type Components
Command updateUser()
Parameter username(<>), password(<>),
graph_privileges(<>), system_privileges(<>), policies(<>)
Return (operational status))

Values of parameter:

Name Data Type Specification Description
username string user name The user name for login
password string ≥ 6 characters (Optional) The new password for login
graph_privileges obj; {} graph level privilege, graphset-oriented (Optional) Lists of graph privileges configured for particular graphsets; {}: to revoke all graph privileges from current user
system_privileges []string; [] system level privilege (Optional) A list of system privileges; []: to revoke all system privileges from current user
policies []string; [] policy name (Optional) A list of policies; []: to revoke all policies from current user

Where:

  • parameters that are not included in the uQL will keep their corresponding privileges or policies in the same way;
  • data format of graph_privileges(<>) is same as that in command createPolicy().

Example 1:Modify password for user 'ultipa' to be 'ultipaFast'

updateUser()
  .username("ultipa")
  .password("ultipaFast")

Example 2:Modify user 'salesMgr', set policy 'sales' and revoke all system privileges

updateUser()
  .username("salesMgr")
  .system_privileges([])
  .policies("sales")

grant()

grant() grants particular privileges or policies to the existing ones of a user, which makes it distinguished from updateUser().

The components of uQL to grant privileges to a user:

Type Components
Command grant()
Parameter username(<>),
graph_privileges(<>), system_privileges(<>), policies(<>)
Return (operational status))

Values of parameter:

Name Data Type Specification Description
username string user name The user to be granted to
graph_privileges obj graph level privilege, graphset-oriented (Optional) Lists of graph privileges configured for particular graphsets
system_privileges []string system level privilege (Optional) A list of system privileges
policies []string policy name (Optional) A list of policies

Where:

  • data format of graph_privileges(<>) is same as that in command createPolicy().

Example: Allocate DELETE against graphset 'default' to user 'ultipa', and allocate policy 'manager':

grant()
  .username("ultipa")
  .graph_privileges( {default: "DELETE"} )
  .policies("manager")

revoke()

revoke() revokes particular privileges or policies from the existing ones of a user, which makes it distinguished from updateUser().

The components of uQL to revoke privileges from a user:

Type Components
Command revoke()
Parameter username(<>),
graph_privileges(<>), system_privileges(<>), policies(<>)
Return (operational status))

Values of parameter:

Name Data Type Specification Description
username string user name The user to be revoked from
graph_privileges obj graph level privilege, graphset-oriented (Optional) Lists of graph privileges configured for particular graphsets
system_privileges []string system level privilege (Optional) A list of system privileges
policies []string policy name (Optional) A list of policies

Where:

  • data format of graph_privileges(<>) is same as that in command createPolicy().

Example: Revoke DELETE against graphset 'default' from user 'ultipa':

revoke()
  .username("ultipa")
  .graph_privileges( {default: "DELETE"} )

deleteUser()

To delete a user:

deleteUser().username(<name>)

Reset Admin

Resetting Administrator's account can be done using ultipa-reset-user tool, which is ONLY available on the Ultipa Server for security reasons.