Privilege
1.Introduce
The permissions of TuGraph are managed based on role-based access control. The permissions that define access control are assigned to roles, and the roles are then assigned to users.
2.Level of permissions
Global layer: indicates global permissions, which have permissions for management and graph operations.
Graph layer: control permissions on each graph;
Property level (Commercial version only) : control permissions on a property
3.Permission keyword
At present, the control of permissions is relatively simple
The Global layer currently has admin permission, and the admin user is preset.
The Graph layer has four operation permissions: none, read, write, and full
none: No permission, no operation permission for the graph
read: Read-only permission, only has read permission for the graph
write: Read and write permission, not only has read permission for the graph, but also has write permission
full: All permissions, not only have read and write permissions for graphs, but also have permissions to delete graphs, modify graphs, and modify schemas
The Property layer (Commercial version only) has the following permissions: none, read, and write
none: No permission, no operation permission for the property
read: Read-only permission, only has read permission for the property
write: Read and write permission, not only has read permission for the property, but also has write permission
4.Common permission operations
4.1.User action
Creating a user
CALL dbms.security.createUser(user_name::STRING,password::STRING)
Deleting a user
CALL dbms.security.deleteUser(user_name::STRING)
Change the password of the current user
CALL dbms.security.changePassword(current_password::STRING,new_password::STRING)
Changes the password of a specified user
CALL dbms.security.changeUserPassword(user_name::STRING,new_password::STRING)
Disable or enable a user
CALL dbms.security.disableUser(user::STRING,disable::BOOLEAN)
List all users
CALL dbms.security.listUsers()
Lists the current user information
CALL dbms.security.showCurrentUser()
Obtain user details
CALL dbms.security.getUserInfo(user::STRING)
4.2.Role actions
Create a role
CALL dbms.security.createRole(role_name::STRING,desc::STRING)
Delete a role
CALL dbms.security.deleteRole(role_name::STRING
List all characters
CALL dbms.security.listRoles()
Disable or enable the role
CALL dbms.security.disableRole(role::STRING,disable::BOOLEAN)
4.3.Assign roles to users
Adds the association between the user and the role
CALL dbms.security.addUserRoles(user::STRING,roles::LIST)
Deletes the association between the user and the role
CALL dbms.security.deleteUserRoles(user::STRING,roles::LIST)
Clears the relationship between user roles and rebuilds them
CALL dbms.security.rebuildUserRoles(user::STRING,roles::LIST)
4.4.Role empowerment
Modifies the access permission of a role to a specified graph
CALL dbms.security.modRoleAccessLevel(role::STRING,access_level::MAP)
Example
CALL dbms.security.modRoleAccessLevel("test_role", {test_graph1:"FULL", test_graph2:"NONE"})