本节介绍用于控制数据库、图和数据权限的方法。
权限
showPrivilege()
获取全部系统权限和图集权限。
参数
config?: RequestConfig
:请求配置。
返回值
Privilege[]
:获取的权限列表。
// Retrieves all system privileges and graph privileges
const privileges = await driver.showPrivilege();
const graphPriviledgeNames = privileges
.filter((p) => p.level === PrivilegeLevel.GraphLevel)
.map((p) => p.name)
.join(", ");
console.log("Graph privileges:" + graphPriviledgeNames);
const systemPriviledgeNames = privileges
.filter((p) => p.level === PrivilegeLevel.SystemLevel)
.map((p) => p.name)
.join(", ");
console.log("System privileges:" + systemPriviledgeNames);
Graph privileges: READ, INSERT, UPSERT, UPDATE, DELETE, CREATE_SCHEMA, DROP_SCHEMA, ALTER_SCHEMA, SHOW_SCHEMA, RELOAD_SCHEMA, CREATE_PROPERTY, DROP_PROPERTY, ALTER_PROPERTY, SHOW_PROPERTY, CREATE_FULLTEXT, DROP_FULLTEXT, SHOW_FULLTEXT, CREATE_INDEX, DROP_INDEX, SHOW_INDEX, LTE, UFE, CLEAR_JOB, STOP_JOB, SHOW_JOB, ALGO, CREATE_PROJECT, SHOW_PROJECT, DROP_PROJECT, CREATE_HDC_GRAPH, SHOW_HDC_GRAPH, DROP_HDC_GRAPH, COMPACT_HDC_GRAPH, SHOW_VECTOR_INDEX, CREATE_VECTOR_INDEX, DROP_VECTOR_INDEX, SHOW_CONSTRAINT, CREATE_CONSTRAINT, DROP_CONSTRAINT
System privileges: TRUNCATE, COMPACT, CREATE_GRAPH, SHOW_GRAPH, DROP_GRAPH, ALTER_GRAPH, CREATE_GRAPH_TYPE, SHOW_GRAPH_TYPE, DROP_GRAPH_TYPE, TOP, KILL, STAT, SHOW_POLICY, CREATE_POLICY, DROP_POLICY, ALTER_POLICY, SHOW_USER, CREATE_USER, DROP_USER, ALTER_USER, SHOW_PRIVILEGE, SHOW_META, SHOW_SHARD, ADD_SHARD, DELETE_SHARD, REPLACE_SHARD, SHOW_HDC_SERVER, ADD_HDC_SERVER, DELETE_HDC_SERVER, LICENSE_UPDATE, LICENSE_DUMP, GRANT, REVOKE, SHOW_BACKUP, CREATE_BACKUP, SHOW_VECTOR_SERVER, ADD_VECTOR_SERVER, DELETE_VECTOR_SERVER
策略(角色)
showPolicy()
获取数据库中的全部策略。
参数
config?: RequestConfig
:请求配置。
返回值
Policy[]
:获取的策略列表。
// Retrieves all policies
const policies = await driver.showPolicy();
for (const policy of policies) {
console.log(policy.name);
}
manager
Tester
sales
superADM
getPolicy()
获取数据库中一个指定的策略。
参数
policyName: string
:策略名称。config?: RequestConfig
:请求配置。
返回值
Policy
:获取的策略。
// Retrieves the policy 'Tester'
const policy = await driver.getPolicy("Tester");
console.log("Graph privileges:", policy.graphPrivileges);
console.log("System privileges:", policy.systemPrivileges);
console.log("Property privileges:");
console.log("- Node (Read):", policy.propertyPrivileges?.node?.read);
console.log("- Node (Write):", policy.propertyPrivileges?.node?.write);
console.log("- Node (Deny):", policy.propertyPrivileges?.node?.deny);
console.log("- Edge (Read):", policy.propertyPrivileges?.edge?.read);
console.log("- Edge (Write):", policy.propertyPrivileges?.edge?.write);
console.log("- Edge (Deny):", policy.propertyPrivileges?.edge?.deny);
console.log("Policies:", policy.policies);
Graph privileges: Map(3) {
'*' => [ 'SHOW_PROPERTY', 'READ', 'SHOW_SCHEMA' ],
'miniCircle' => [ 'SHOW_JOB', 'SHOW_INDEX' ],
'social' => [ 'SHOW_JOB', 'SHOW_INDEX' ]
}
System privileges: [ 'ALTER_GRAPH', 'SHOW_GRAPH' ]
Property privileges:
- Node (Read): [ [ '*', '*', '*' ] ]
- Node (Write): []
- Node (Deny): []
- Edge (Read): [ [ 'miniCircle', '*', 'notes' ] ]
- Edge (Write): [
[ 'miniCircle', 'agree', 'timestamp' ],
[ 'miniCircle', 'response', 'value' ]
]
- Edge (Deny): []
Policies: [ 'manager' ]
createPolicy()
在数据库中创建一个策略。
参数
policy: Policy
:待创建的策略;name
字段必填,systemPrivileges
、graphPrivileges
、propertyPrivilege
和policies
选填。config?: RequestConfig
:请求配置。
返回值
Response
:请求结果。
// Creates a new policy 'operator'
const graphPrivileges = new Map<string, string[]>();
graphPrivileges.set("social", ["UPDATE", "INSERT", "DELETE", "UPSERT"]);
const propertyPrivilege = {
node: {
read: [
["miniCircle", "account", "*"],
["miniCircle", "movie", "name"]
],
write: [["social", "*", "*"]]
},
edge: {
read: [["*", "*", "*"]],
deny: [["miniCircle", "*", "*"]]
}
};
const policy: Policy = {
name: "operator",
systemPrivileges: ["SHOW_GRAPH", "TRUNCATE"],
graphPrivileges: graphPrivileges,
propertyPrivileges: propertyPrivilege,
policies: ["manager", "Tester"]
};
const response = await driver.createPolicy(policy);
console.log(response.status?.message);
SUCCESS
alterPolicy()
修改一个策略中包含的权限和策略。请留意,只有指定的字段会被修改,其余保持不变。
参数
policy: Policy
:用于设置新的systemPrivileges
、graphPrivileges
、propertyPrivilege
和policies
的Policy
对象,通过name
字段指定策略。config?: RequestConfig
:请求配置。
返回值
Response
:请求结果。
// Alters the policy 'operator'
const policy: Policy = {
name: "operator",
systemPrivileges: ["CREATE_GRAPH","SHOW_GRAPH","SHOW_GRAPH","TRUNCATE"],
policies: ["manager"]
};
const response = await driver.alterPolicy(policy);
console.log(response.status?.message);
SUCCESS
dropPolicy()
删除数据库中一个指定的策略。
参数
policyName: string
:策略名称。config?: RequestConfig
:请求配置。
返回值
Response
:请求结果。
// Drops the policy 'operator'
const response = await driver.dropPolicy("operator");
console.log(response.status?.message);
SUCCESS
用户
showUser()
获取全部数据库用户。
参数
config?: RequestConfig
:请求配置。
返回值
User[]
:获取的用户列表。
// Retrieves all database users
const users = await driver.showUser();
for(const user of users){
console.log(user.username);
}
johndoe
root
admin
getUser()
获取一个指定的数据库用户。
参数
username: string
:用户名。config?: RequestConfig
:请求配置。
返回值
User
:用户名。
// Retrieves the database user 'johndoe'
const user = await driver.getUser("johndoe");
console.log("CreatedTime:", user.createdTime);
console.log("Graph privileges:", user.graphPrivileges);
console.log("System privileges:", user.systemPrivileges);
console.log("Property privileges:");
console.log("- Node (Read):", user.propertyPrivileges?.node?.read);
console.log("- Node (Write):", user.propertyPrivileges?.node?.write);
console.log("- Node (Deny):", user.propertyPrivileges?.node?.deny);
console.log("- Edge (Read):", user.propertyPrivileges?.edge?.read);
console.log("- Edge (Write):", user.propertyPrivileges?.edge?.write);
console.log("- Edge (Deny):", user.propertyPrivileges?.edge?.deny);
console.log("Policies:", user.policies);
CreatedTime: 1759052987
Graph privileges: Map(3) {
'*' => [ 'SHOW_PROPERTY', 'READ', 'SHOW_SCHEMA' ],
'miniCircle' => [ 'SHOW_JOB', 'SHOW_INDEX' ],
'social' => [ 'SHOW_JOB', 'SHOW_INDEX' ]
}
System privileges: [ 'ALTER_GRAPH', 'SHOW_GRAPH' ]
Property privileges:
- Node (Read): [ [ '*', '*', '*' ] ]
- Node (Write): []
- Node (Deny): []
- Edge (Read): [ [ 'miniCircle', '*', 'notes' ] ]
- Edge (Write): [
[ 'miniCircle', 'agree', 'timestamp' ],
[ 'miniCircle', 'response', 'value' ]
]
- Edge (Deny): []
Policies: [ 'manager' ]
createUser()
创建一个数据库用户。
参数
user: User
:待创建的用户;username
和password
字段必填,systemPrivileges
、graphPrivileges
、propertyPrivilege
和policies
选填。config?: RequestConfig
:请求配置。
返回值
Response
:请求结果。
// Creates a new user 'user01'
const graphPrivileges = new Map<string, string[]>();
graphPrivileges.set("social", ["UPDATE", "INSERT", "DELETE", "UPSERT"]);
const propertyPrivilege = {
node: {
read: [
["miniCircle", "account", "*"],
["miniCircle", "movie", "name"]
],
write: [["social", "*", "*"]]
},
edge: {
read: [["*", "*", "*"]],
deny: [["miniCircle", "*", "*"]]
},
};
const user: User = {
username: "user01",
password: "U7MRDBFXd2Ab",
systemPrivileges:["CREATE_GRAPH","SHOW_GRAPH","SHOW_GRAPH","TRUNCATE"],
graphPrivileges:graphPrivileges,
propertyPrivileges: propertyPrivilege,
policies:["manager", "Tester"]
}
const response = await driver.createUser(user);
console.log(response.status?.message);
SUCCESS
alterUser()
修改一个用户的密码、权限和策略。请留意,只有指定的属性会被修改,其余保持不变。
参数
user: User
:用于设置新的password
、systemPrivileges
、graphPrivileges
、propertyPrivilege
和policies
的User
对象,通过username
字段指定用户。config?: RequestConfig
:请求配置。
返回值
Response
:请求结果。
// Alters the user 'user01'
const user: User = {
username: "user01",
systemPrivileges: ["CREATE_GRAPH", "SHOW_GRAPH", "SHOW_GRAPH", "TRUNCATE"],
policies: ["manager"]
};
const response = await driver.alterUser(user);
console.log(response.status?.message);
SUCCESS
dropUser()
删除一个指定的数据库用户。
参数
username: string
:用户名。config?: RequestConfig
:请求配置。
返回值
Response
:请求结果。
// Drops the user 'user01'
const response = await driver.dropUser("user01");
console.log(response.status?.message);
SUCCESS
完整示例
import { UltipaDriver } from "@ultipa-graph/ultipa-driver";
import { ULTIPA } from "@ultipa-graph/ultipa-driver/dist/types/index.js";
import { Policy } from "@ultipa-graph/ultipa-driver/dist/types/types.js";
let sdkUsage = async () => {
const ultipaConfig: ULTIPA.UltipaConfig = {
// URI example: hosts: ["xxxx.us-east-1.cloud.ultipa.com:60010"]
hosts: ["10.xx.xx.xx:60010"],
username: "<username>",
password: "<password>"
};
const driver = new UltipaDriver(ultipaConfig);
// Creates a new policy 'operator'
const graphPrivileges = new Map<string, string[]>();
graphPrivileges.set("social", ["UPDATE", "INSERT", "DELETE", "UPSERT"]);
const propertyPrivilege = {
node: {
read: [
["miniCircle", "account", "*"],
["miniCircle", "movie", "name"]
],
write: [["social", "*", "*"]]
},
edge: {
read: [["*", "*", "*"]],
deny: [["miniCircle", "*", "*"]]
}
};
const policy: Policy = {
name: "operator",
systemPrivileges: ["SHOW_GRAPH", "TRUNCATE"],
graphPrivileges: graphPrivileges,
propertyPrivileges: propertyPrivilege,
policies: ["manager", "Tester"]
};
const response = await driver.createPolicy(policy);
console.log(response.status?.message);
};
sdkUsage().catch(console.error);