Overview
A database user has access to the database system and can perform various querying or administering operations based on their assigned privileges.
Showing Users
To list all database users:
show().user()
Or retrieves a specific user, such as the one named root
:
show().user("root")
Or retrieves the current logged-in user:
show().self()
It returns a table _user
with the following fields:
Field |
Description |
---|---|
username |
Name of the user. |
create |
The date and time when the user was created. |
graphPrivileges |
Graph privileges granted to the user. |
systemPrivileges |
System privileges granted to the user. |
propertyPrivileges |
Property privileges granted to the user. |
policies |
Policies granted to the user. |
Creating a User
The create().user()
statement creates a database user.
Syntax
create().user(
"<username>",
"<password>",
{
"<graph>": ["<graphPriv>", "<graphPriv>", ...],
...
},
["<systemPriv>", "<systemPriv>", ...],
["<policyName>", "<policyName>", ...],
{
"node": {
"<propertyPriv>": [
["<graph>", "<schema>", "<property>"],
...
],
...
},
"edge": {
"<propertyPriv>": [
["<graph>", "<schema>", "<property>"],
...
],
...
}
}
)
Method | Param | Description | Optional |
---|---|---|---|
user() |
<name> |
The unique name of the user. Naming conventions are:
|
No |
<password> |
The password of the user, which must be between 6 to 64 characters in length. | No | |
{<graph_privileges>} |
Specifies graph privileges for each graphset granted to the user; uses "*" to specify all graphsets. |
No | |
[<system_privileges>] |
Specifies system privileges granted to the user. | No | |
[<policies>] |
Specifies policies granted to the user. | No | |
{<property_privileges>} |
Specifies node and edge property privileges granted to the user; uses ["*", "*", "*"] to specify all graphsets, all schemas, or all properties. |
No |
Details
- If a specific type of privilege or policy is not required, the corresponding parameter must still be declared. However, you can simply use an empty object
{}
or an empty array[]
.
Examples
To create a user called admin
that has all graph and system privileges, along with write
privilege for all properties, without having any other policies:
create().user(
"admin",
"U7MRDBFXd2Ab",
{"*":["COMPACT_HDC_GRAPH","SHOW_HDC_GRAPH","CREATE_HDC_GRAPH","SHOW_PROJECT","DROP_HDC_GRAPH","SHOW_INDEX","CLEAR_JOB","DROP_INDEX","CREATE_INDEX","SHOW_FULLTEXT","CREATE_SCHEMA","READ","SHOW_JOB","INSERT","CREATE_PROJECT","DELETE","CREATE_PROPERTY","UPSERT","ALGO","ALTER_PROPERTY","DROP_SCHEMA","STOP_JOB","ALTER_SCHEMA","DROP_PROJECT","UPDATE","RELOAD_SCHEMA","SHOW_SCHEMA","DROP_PROPERTY","CREATE_FULLTEXT","SHOW_PROPERTY","DROP_FULLTEXT"]},
["LICENSE_DUMP","LICENSE_UPDATE","DELETE_HDC_SERVER","ADD_HDC_SERVER","SHOW_META","ADD_SHARD","SHOW_PRIVILEGE","ALTER_USER","SHOW_GRAPH","ALTER_GRAPH","DELETE_SHARD","DROP_GRAPH","DROP_USER","SHOW_HDC_SERVER","COMPACT","TOP","CREATE_USER","SHOW_SHARD","CREATE_GRAPH","STAT","SHOW_POLICY","TRUNCATE","KILL","ALTER_POLICY","CREATE_POLICY","DROP_POLICY","SHOW_USER"],
[],
{
"node": {"write": [["*", "*", "*"]]},
"edge": {"write": [["*", "*", "*"]]}
}
)
To create a user called johndoe
that has:
- Graph privileges:
UPDATE
for all graphsets - System privileges:
SHOW_POLICY
,ALTER_GRAPH
- Policies:
manager
- Property privileges:
read
all node properties for all schemas in all graphsetswrite
edge propertiesvalue
andtime
for all schemas in the graphsetTax
deny
(Do not allowread
andwrite
) edge propertyscore
for the schemarate
in the graphsetminiCircle
create().user(
"johndoe",
"mHMUUjQWG46z",
{"*": ["UPDATE"]},
["SHOW_POLICY", "ALTER_GRAPH"],
["manager"],
{
"node": {
"read": [
["*", "*", "*"]
]
},
"edge": {
"write": [
["Tax", "*", "value"],
["Tax", "*", "time"]
],
"deny": [
["miniCircle", "rates", "score"]
]
}
}
)
Altering an User
You can alter the password, and the privileges and policies a user has using the alter().user().set()
statement.
Syntax
alter().user("<username>").params({
password: "<password>",
graph_privileges: {
"<graph>": ["<graphPriv>", "<graphPriv>", ...],
...
},
system_privileges: ["<systemPriv>", "<systemPriv>", ...],
policies: ["<policyName>", "<policyName>", ...],
property_privileges: {
"node": {
"<propertyPriv>": [
["<graph>", "<schema>", "<property>"],
...
],
...
},
"edge": {
"<propertyPriv>": [
["<graph>", "<schema>", "<property>"],
...
],
...
}
}
})
Method | Param | Description | Optional |
---|---|---|---|
user() |
<username> |
Name of the user. | No |
set() |
<password> |
The new password of the user, which must be between 6 to 64 characters in length. | No |
graph_privileges |
Specifies new graph privileges for each graphset granted to the user; uses "*" to specify all graphsets. |
No | |
system_privileges |
Specifies new system privileges granted to the user. | No | |
policies |
Specifies new policies granted to the user. | No | |
property_privileges |
Specifies new node and edge property privileges granted to the user; uses ["*", "*", "*"] to specify all graphsets, all schemas, or all properties. |
No |
Examples
To modify user admin
's password while keeping his privileges and policies unchanged:
alter().user("admin").set({password: "zdcsQ7QFaCCE"})
To modify user johndoe
's graph and property privileges, and policies, while keeping his password and system privileges unchanged:
alter().user("johndoe").set({
graph_privileges: {"*": ["UPDATE", "DELETE"]},
property_privileges: {
"node": {
"write": [["miniCircle","*","*"]]
},
"edge": {
"write": [["miniCircle","*","*"]]
}
},
policies: ["sales"]
})
Dropping a User
You can drop a user using the drop().user()
statement.
To drop the user johndoe
:
drop().user("johndoe")