Change Password

Input error
Input error
Input error
Submit

Change Nickname

Current Nickname:
Submit
Search
v2.x
    v2.x

    User & Privilege

    To enhance the system and service security, Ultipa creates a feature-rich authority system that grants privileges to users in a flexible way.

    Privilege

    Privilege Categories

    Privileges can be classified into 4 categories:

    • account related privileges
    • database related privileges
    • data related privileges
    • advanced privileges

    Each uQL command, except getSelfInfo() that needs no privilege to access, is accessible only when the particular privilege is granted to the user.

    Account Related Privileges

    Privileges Scope Legal Commands
    POLICY system listPrivilege(), createPolicy(), updatePolicy(), deletePolicy(), listPolicy(), getPolicy()
    USER system listUser(), getUser(), createUser(), updateUser(), deleteUser(), grant(), revoke()

    Database Related Privileges

    Privileges Scope Legal Commands
    STAT system stat()
    CREATE_GRAPH system createGraph()
    UPDATE_GRAPH system updateGraph()
    DROP_GRAPH system dropGraph()
    LIST_GRAPH system listGraph()
    GET_GRAPH system getGraph()
    SHOW_PROPERTY graph show()
    CREATE_PROPERTY graph create()
    ALTER_PROPERTY graph alter()
    DROP_PROPERTY graph drop()
    LTE graph LTE()
    UFE graph UFE()
    SHOW_INDEX graph showIndex()
    CREATE_INDEX graph createIndex()
    DROP_INDEX graph dropIndex()
    TRUNCATE system truncate()
    COMPACT system compact()

    Data Related Privileges

    Privileges Scope Legal Commands
    INSERT graph insert()
    UPDATE graph update()
    DELETE graph delete()
    QUERY graph find(), ab(), khop(), autoNet(), spread(), t()

    Advanced Privileges

    Privileges Scope Legal Commands
    ALGO graph listAlgo(), algo(), showTask(), clearTask(), stopTask()
    TOP system top()
    KILL system kill()

    listPrivilege()

    There are two levels of privileges regarding their scope:

    • graph level: INSERT, DELETE, UPDATE, etc.
    • system level: CREATE_GRAPH, DROP_GRAPH, USER, etc.

    Note that the graphset name must be specified when the graph level privileges are being granted.

    To list all privileges supported by Ultipa system:

    listPrivilege()
    

    Policy

    Policy organizes privileges into tree-structure that can be granted to users, to better classify and manage users with different roles.

    A policy is a combination of graph privileges, system privileges and sub-policies. A user can own privileges and policies at the same time.

    listPolicy()

    To list all policies on the current Ultipa server:

    listPolicy()
    

    Execution result of listPolicy() in Ultipa-Manager:

    Figure: listPolicy() Execution Result

    getPolicy()

    To check a policy's information:

    getPolicy().name(<name>)
    

    Example: Show information of policy 'sales'

    getPolicy().name("sales")
    

    createPolicy()

    The components of uQL to create a policy:

    Type Components
    Command createPolicy()
    Parameter name(<>),
    graph_privileges(<>), system_privileges(<>), policies(<>)
    Return (operational status))

    Values of parameter:

    Name Data Type Specification Description
    name string (follows the naming convention of property) The name of policy
    graph_privileges obj graph level privilege, graphset-oriented (Optional) Lists of graph privileges configured for particular graphsets
    system_privileges []string system level privilege (Optional) A list of system privileges
    policies []string policy name (Optional) A list of policies to be used as sub-policies

    Where the data format of graph_privileges(<>) is:

    { 
      <graphSet1>:[<policy>, <policy>, ...],
      <graphSet2>:[<policy>, <policy>, ...],
      ...
    }
    
    // or use asterisk (*) replacing the graphset name to represent all graphsets in the database:
    
    { 
      *:[<policy>, <policy>, ...]
    }
    

    Example 1: Create policy 'sales', having privilege UPDATE against graphset 'default', and privileges INSERT and QUERY against graphset 'client':

    createPolicy()
      .name("sales")
      .graph_privileges( {default: "UPDATE", client: ["INSERT", "QUERY"]} )
    

    Example 2: Create policy 'manager', having DELETE against all the graphsets, having STAT, and owning the policy 'sales':

    createPolicy()
      .name("manager")
      .graph_privileges( {*: "DELETE"} )
      .system_privileges("STAT")
      .policies("sales")
    

    updatePolicy()

    When updating a policy using updatePolicy(), the whole set of graph privileges, system privileges or sub-policies of the policy is replaced or removed, NOT just adding or removing particular content for each set.

    The components of uQL to update a policy:

    Type Components
    Command updatePolicy()
    Parameter name(<>),
    graph_privileges(<>), system_privileges(<>), policies(<>)
    Return (operational status))

    Values of parameter:

    Name Data Type Specification Description
    name string policy name The name of policy to be updated
    graph_privileges obj; {} graph level privilege, graphset-oriented (Optional) Lists of graph privileges configured for particular graphsets; {}: to remove all graph privileges from current policy
    system_privileges []string; [] system level privilege (Optional) A list of system privileges; []: to remove all system privileges from current policy
    policies []string; [] policy name (Optional) A list of policies to be used as sub-policies; []: to remove all sub-policies from current policy

    Where:

    • parameters that are not included in the uQL will keep their corresponding privileges or sub-policies in the same way;
    • data format of graph_privileges(<>) is same as that in command createPolicy().

    Example 1: Update policy 'sales', having INSERT and QUERY against graphset 'client':

    createPolicy()
      .name("sales")
      .graph_privileges( {client: ["INSERT", "QUERY"]} )
    

    Example 2: Update policy 'manager', removing all graph privileges:

    updatePolicy()
      .name("manager")
      .graph_privileges({})
    

    deletePolicy()

    To delete an existing policy:

    deletePolicy().name(<name>)
    

    User Management

    A user can own privileges and policies at the same time.

    listUser()

    To list all users on the current Ultipa server:

    listUser()
    

    Execution result of listUser() in Ultipa-Manager:

    Figure: listUser() Execution Result

    getUser()

    To check a user's information:

    getUser().username(<name>)
    

    Example: Show information of user 'yang'

    getUser().username("yang")
    

    getSelfInfo()

    To check current user's information:

    getSelfInfo()
    

    getSelfInfo() is the only uQL command that does not require privilege.

    createUser()

    The components of uQL to create a user with password and privileges:

    Type Components
    Command createUser()
    Parameter username(<>), password(<>),
    graph_privileges(<>), system_privileges(<>), policies(<>)
    Return (operational status))

    Values of parameter:

    Name Data Type Specification Description
    username string (follows the naming convention of property) The user name for login
    password string ≥ 6 characters The password for login
    graph_privileges obj graph level privilege, graphset-oriented (Optional) Lists of graph privileges configured for particular graphsets
    system_privileges []string system level privilege (Optional) A list of system privileges
    policies []string policy name (Optional) A list of policies

    Where:

    • data format of graph_privileges(<>) is same as that in command createPolicy().

    Example 1: Create user 'ultipa', with password 'ultipaABC123'.

    createUser()
      .username("ultipa").password("ultipaABC123")
    

    Example 2: Create user 'salesMgr', with password 'pswd2020' and system privilege 'STAT'.

    createUser()
      .username("salesMgr").password("pswd2020")
      .system_privileges("STAT")
    

    updateUser()

    updateUser() updates the password and privileges of a user. When updating privileges, the whole set of graph privileges, system privileges or policies of the user is granted or revoked, NOT just granting or revoking particular content for each set.

    The components of uQL to update a user:

    Type Components
    Command updateUser()
    Parameter username(<>), password(<>),
    graph_privileges(<>), system_privileges(<>), policies(<>)
    Return (operational status))

    Values of parameter:

    Name Data Type Specification Description
    username string user name The user name for login
    password string ≥ 6 characters (Optional) The new password for login
    graph_privileges obj; {} graph level privilege, graphset-oriented (Optional) Lists of graph privileges configured for particular graphsets; {}: to revoke all graph privileges from current user
    system_privileges []string; [] system level privilege (Optional) A list of system privileges; []: to revoke all system privileges from current user
    policies []string; [] policy name (Optional) A list of policies; []: to revoke all policies from current user

    Where:

    • parameters that are not included in the uQL will keep their corresponding privileges or policies in the same way;
    • data format of graph_privileges(<>) is same as that in command createPolicy().

    Example 1:Modify password for user 'ultipa' to be 'ultipaFast'

    updateUser()
      .username("ultipa")
      .password("ultipaFast")
    

    Example 2:Modify user 'salesMgr', set policy 'sales' and revoke all system privileges

    updateUser()
      .username("salesMgr")
      .system_privileges([])
      .policies("sales")
    

    grant()

    grant() grants particular privileges or policies to the existing ones of a user, which makes it distinguished from updateUser().

    The components of uQL to grant privileges to a user:

    Type Components
    Command grant()
    Parameter username(<>),
    graph_privileges(<>), system_privileges(<>), policies(<>)
    Return (operational status))

    Values of parameter:

    Name Data Type Specification Description
    username string user name The user to be granted to
    graph_privileges obj graph level privilege, graphset-oriented (Optional) Lists of graph privileges configured for particular graphsets
    system_privileges []string system level privilege (Optional) A list of system privileges
    policies []string policy name (Optional) A list of policies

    Where:

    • data format of graph_privileges(<>) is same as that in command createPolicy().

    Example: Allocate DELETE against graphset 'default' to user 'ultipa', and allocate policy 'manager':

    grant()
      .username("ultipa")
      .graph_privileges( {default: "DELETE"} )
      .policies("manager")
    

    revoke()

    revoke() revokes particular privileges or policies from the existing ones of a user, which makes it distinguished from updateUser().

    The components of uQL to revoke privileges from a user:

    Type Components
    Command revoke()
    Parameter username(<>),
    graph_privileges(<>), system_privileges(<>), policies(<>)
    Return (operational status))

    Values of parameter:

    Name Data Type Specification Description
    username string user name The user to be revoked from
    graph_privileges obj graph level privilege, graphset-oriented (Optional) Lists of graph privileges configured for particular graphsets
    system_privileges []string system level privilege (Optional) A list of system privileges
    policies []string policy name (Optional) A list of policies

    Where:

    • data format of graph_privileges(<>) is same as that in command createPolicy().

    Example: Revoke DELETE against graphset 'default' from user 'ultipa':

    revoke()
      .username("ultipa")
      .graph_privileges( {default: "DELETE"} )
    

    deleteUser()

    To delete a user:

    deleteUser().username(<name>)
    

    Reset Admin

    Resetting Administrator's account can be done using ultipa-reset-user tool, which is ONLY available on the Ultipa Server for security reasons.

    Please complete the following information to download this book
    *
    公司名称不能为空
    *
    公司邮箱必须填写
    *
    你的名字必须填写
    *
    你的电话必须填写
    *
    你的电话必须填写