Privilege

1.Introduce

The permissions of TuGraph are managed based on role-based access control. The permissions that define access control are assigned to roles, and the roles are then assigned to users.

2.Level of permissions

  • Global layer: indicates global permissions, which have permissions for management and graph operations.

  • Graph layer: control permissions on each graph;

  • Property level (Commercial version only) : control permissions on a property

3.Permission keyword

At present, the control of permissions is relatively simple

  • The Global layer currently has admin permission, and the admin user is preset.

  • The Graph layer has four operation permissions: none, read, write, and full

  • none: No permission, no operation permission for the graph

  • read: Read-only permission, only has read permission for the graph

  • write: Read and write permission, not only has read permission for the graph, but also has write permission

  • full: All permissions, not only have read and write permissions for graphs, but also have permissions to delete graphs, modify graphs, and modify schemas

  • The Property layer (Commercial version only) has the following permissions: none, read, and write

  • none: No permission, no operation permission for the property

  • read: Read-only permission, only has read permission for the property

  • write: Read and write permission, not only has read permission for the property, but also has write permission

4.Common permission operations

4.1.User action

  • Creating a user

CALL dbms.security.createUser(user_name::STRING,password::STRING)
  • Deleting a user

CALL dbms.security.deleteUser(user_name::STRING)
  • Change the password of the current user

CALL dbms.security.changePassword(current_password::STRING,new_password::STRING)
  • Changes the password of a specified user

CALL dbms.security.changeUserPassword(user_name::STRING,new_password::STRING)
  • Disable or enable a user

CALL dbms.security.disableUser(user::STRING,disable::BOOLEAN)
  • List all users

CALL dbms.security.listUsers()
  • Lists the current user information

CALL dbms.security.showCurrentUser()
  • Obtain user details

CALL dbms.security.getUserInfo(user::STRING)

4.2.Role actions

  • Create a role

CALL dbms.security.createRole(role_name::STRING,desc::STRING)
  • Delete a role

CALL dbms.security.deleteRole(role_name::STRING
  • List all characters

CALL dbms.security.listRoles()
  • Disable or enable the role

CALL dbms.security.disableRole(role::STRING,disable::BOOLEAN)

4.3.Assign roles to users

  • Adds the association between the user and the role

CALL dbms.security.addUserRoles(user::STRING,roles::LIST)
  • Deletes the association between the user and the role

CALL dbms.security.deleteUserRoles(user::STRING,roles::LIST)

  • Clears the relationship between user roles and rebuilds them

CALL dbms.security.rebuildUserRoles(user::STRING,roles::LIST)

4.4.Role empowerment

  • Modifies the access permission of a role to a specified graph

CALL dbms.security.modRoleAccessLevel(role::STRING,access_level::MAP)

Example

CALL dbms.security.modRoleAccessLevel("test_role", {test_graph1:"FULL", test_graph2:"NONE"})