访问控制

本节介绍用于控制数据库、图和数据权限的方法。

权限

showPrivilege()

获取全部系统权限和图集权限。

参数

• config?: RequestConfig：请求配置。

返回值

• Privilege[]：获取的权限列表。

// Retrieves all system privileges and graph privileges

const privileges = await driver.showPrivilege();

const graphPriviledgeNames = privileges
  .filter((p) => p.level === PrivilegeLevel.GraphLevel)
  .map((p) => p.name)
  .join(", ");
console.log("Graph privileges:" + graphPriviledgeNames);

const systemPriviledgeNames = privileges
  .filter((p) => p.level === PrivilegeLevel.SystemLevel)
  .map((p) => p.name)
  .join(", ");
console.log("System privileges:" + systemPriviledgeNames);

Graph privileges: READ, INSERT, UPSERT, UPDATE, DELETE, CREATE_SCHEMA, DROP_SCHEMA, ALTER_SCHEMA, SHOW_SCHEMA, RELOAD_SCHEMA, CREATE_PROPERTY, DROP_PROPERTY, ALTER_PROPERTY, SHOW_PROPERTY, CREATE_FULLTEXT, DROP_FULLTEXT, SHOW_FULLTEXT, CREATE_INDEX, DROP_INDEX, SHOW_INDEX, LTE, UFE, CLEAR_JOB, STOP_JOB, SHOW_JOB, ALGO, CREATE_PROJECT, SHOW_PROJECT, DROP_PROJECT, CREATE_HDC_GRAPH, SHOW_HDC_GRAPH, DROP_HDC_GRAPH, COMPACT_HDC_GRAPH, SHOW_VECTOR_INDEX, CREATE_VECTOR_INDEX, DROP_VECTOR_INDEX, SHOW_CONSTRAINT, CREATE_CONSTRAINT, DROP_CONSTRAINT
System privileges: TRUNCATE, COMPACT, CREATE_GRAPH, SHOW_GRAPH, DROP_GRAPH, ALTER_GRAPH, CREATE_GRAPH_TYPE, SHOW_GRAPH_TYPE, DROP_GRAPH_TYPE, TOP, KILL, STAT, SHOW_POLICY, CREATE_POLICY, DROP_POLICY, ALTER_POLICY, SHOW_USER, CREATE_USER, DROP_USER, ALTER_USER, SHOW_PRIVILEGE, SHOW_META, SHOW_SHARD, ADD_SHARD, DELETE_SHARD, REPLACE_SHARD, SHOW_HDC_SERVER, ADD_HDC_SERVER, DELETE_HDC_SERVER, LICENSE_UPDATE, LICENSE_DUMP, GRANT, REVOKE, SHOW_BACKUP, CREATE_BACKUP, SHOW_VECTOR_SERVER, ADD_VECTOR_SERVER, DELETE_VECTOR_SERVER

策略（角色）

showPolicy()

获取数据库中的全部策略。

参数

• config?: RequestConfig：请求配置。

返回值

• Policy[]：获取的策略列表。

// Retrieves all policies
const policies = await driver.showPolicy();
for (const policy of policies) {
  console.log(policy.name);
}

manager
Tester
sales
superADM

getPolicy()

获取数据库中一个指定的策略。

参数

• policyName: string：策略名称。
• config?: RequestConfig：请求配置。

返回值

• Policy：获取的策略。

// Retrieves the policy 'Tester'
const policy = await driver.getPolicy("Tester");
console.log("Graph privileges:", policy.graphPrivileges);
console.log("System privileges:", policy.systemPrivileges);
console.log("Property privileges:");
console.log("- Node (Read):", policy.propertyPrivileges?.node?.read);
console.log("- Node (Write):", policy.propertyPrivileges?.node?.write);
console.log("- Node (Deny):", policy.propertyPrivileges?.node?.deny);
console.log("- Edge (Read):", policy.propertyPrivileges?.edge?.read);
console.log("- Edge (Write):", policy.propertyPrivileges?.edge?.write);
console.log("- Edge (Deny):", policy.propertyPrivileges?.edge?.deny);
console.log("Policies:", policy.policies);

Graph privileges:  Map(3) {
  '*' => [ 'SHOW_PROPERTY', 'READ', 'SHOW_SCHEMA' ],
  'miniCircle' => [ 'SHOW_JOB', 'SHOW_INDEX' ],
  'social' => [ 'SHOW_JOB', 'SHOW_INDEX' ]
}
System privileges:  [ 'ALTER_GRAPH', 'SHOW_GRAPH' ]
Property privileges:
- Node (Read):  [ [ '*', '*', '*' ] ]
- Node (Write):  []
- Node (Deny):  []
- Edge (Read):  [ [ 'miniCircle', '*', 'notes' ] ]
- Edge (Write):  [
  [ 'miniCircle', 'agree', 'timestamp' ],
  [ 'miniCircle', 'response', 'value' ]
]
- Edge (Deny):  []
Policies:  [ 'manager' ]

createPolicy()

在数据库中创建一个策略。

参数

• policy: Policy：待创建的策略；name字段必填，systemPrivileges、graphPrivileges、propertyPrivilege和policies选填。
• config?: RequestConfig：请求配置。

返回值

• Response：请求结果。

// Creates a new policy 'operator'

const graphPrivileges = new Map<string, string[]>();
graphPrivileges.set("social", ["UPDATE", "INSERT", "DELETE", "UPSERT"]);

const propertyPrivilege = {
  node: {
    read: [
      ["miniCircle", "account", "*"],
      ["miniCircle", "movie", "name"]
    ],
    write: [["social", "*", "*"]]
  },
  edge: { 
    read: [["*", "*", "*"]], 
    deny: [["miniCircle", "*", "*"]] 
  }
};

const policy: Policy = {
  name: "operator",
  systemPrivileges: ["SHOW_GRAPH", "TRUNCATE"],
  graphPrivileges: graphPrivileges,
  propertyPrivileges: propertyPrivilege,
  policies: ["manager", "Tester"]
};

const response = await driver.createPolicy(policy);
console.log(response.status?.message);

SUCCESS

alterPolicy()

修改一个策略中包含的权限和策略。请留意，只有指定的字段会被修改，其余保持不变。

参数

• policy: Policy：用于设置新的systemPrivileges、graphPrivileges、propertyPrivilege和policies的Policy对象，通过name字段指定策略。
• config?: RequestConfig：请求配置。

返回值

• Response：请求结果。

// Alters the policy 'operator'
const policy: Policy = {
  name: "operator",
  systemPrivileges: ["CREATE_GRAPH","SHOW_GRAPH","SHOW_GRAPH","TRUNCATE"],
  policies: ["manager"]
};

const response = await driver.alterPolicy(policy);
console.log(response.status?.message);

SUCCESS

dropPolicy()

删除数据库中一个指定的策略。

参数

• policyName: string：策略名称。
• config?: RequestConfig：请求配置。

返回值

• Response：请求结果。

// Drops the policy 'operator'
const response = await driver.dropPolicy("operator");
console.log(response.status?.message);

SUCCESS

用户

showUser()

获取全部数据库用户。

参数

• config?: RequestConfig：请求配置。

返回值

• User[]：获取的用户列表。

// Retrieves all database users
const users = await driver.showUser();
for(const user of users){
  console.log(user.username);
}

johndoe
root
admin

getUser()

获取一个指定的数据库用户。

参数

• username: string：用户名。
• config?: RequestConfig：请求配置。

返回值

• User：用户名。

// Retrieves the database user 'johndoe'
const user = await driver.getUser("johndoe");
console.log("CreatedTime:", user.createdTime);
console.log("Graph privileges:", user.graphPrivileges);
console.log("System privileges:", user.systemPrivileges);
console.log("Property privileges:");
console.log("- Node (Read):", user.propertyPrivileges?.node?.read);
console.log("- Node (Write):", user.propertyPrivileges?.node?.write);
console.log("- Node (Deny):", user.propertyPrivileges?.node?.deny);
console.log("- Edge (Read):", user.propertyPrivileges?.edge?.read);
console.log("- Edge (Write):", user.propertyPrivileges?.edge?.write);
console.log("- Edge (Deny):", user.propertyPrivileges?.edge?.deny);
console.log("Policies:", user.policies);

CreatedTime:  1759052987
Graph privileges:  Map(3) {
  '*' => [ 'SHOW_PROPERTY', 'READ', 'SHOW_SCHEMA' ],
  'miniCircle' => [ 'SHOW_JOB', 'SHOW_INDEX' ],
  'social' => [ 'SHOW_JOB', 'SHOW_INDEX' ]
}
System privileges:  [ 'ALTER_GRAPH', 'SHOW_GRAPH' ]
Property privileges:
- Node (Read):  [ [ '*', '*', '*' ] ]
- Node (Write):  []
- Node (Deny):  []
- Edge (Read):  [ [ 'miniCircle', '*', 'notes' ] ]
- Edge (Write):  [
  [ 'miniCircle', 'agree', 'timestamp' ],
  [ 'miniCircle', 'response', 'value' ]
]
- Edge (Deny):  []
Policies:  [ 'manager' ]

createUser()

创建一个数据库用户。

参数

• user: User：待创建的用户；username和password字段必填，systemPrivileges、graphPrivileges、propertyPrivilege和policies选填。
• config?: RequestConfig：请求配置。

返回值

• Response：请求结果。

// Creates a new user 'user01'

const graphPrivileges = new Map<string, string[]>();
graphPrivileges.set("social", ["UPDATE", "INSERT", "DELETE", "UPSERT"]);
const propertyPrivilege = {
  node: {
    read: [
      ["miniCircle", "account", "*"],
      ["miniCircle", "movie", "name"]
    ],
    write: [["social", "*", "*"]]
  },
  edge: { 
    read: [["*", "*", "*"]], 
    deny: [["miniCircle", "*", "*"]]
  },
};
const user: User = {
  username: "user01",
  password: "U7MRDBFXd2Ab",
  systemPrivileges:["CREATE_GRAPH","SHOW_GRAPH","SHOW_GRAPH","TRUNCATE"],
  graphPrivileges:graphPrivileges,
  propertyPrivileges: propertyPrivilege,
  policies:["manager", "Tester"]
}

const response = await driver.createUser(user);
console.log(response.status?.message);

SUCCESS

alterUser()

修改一个用户的密码、权限和策略。请留意，只有指定的属性会被修改，其余保持不变。

参数

• user: User：用于设置新的password、systemPrivileges、graphPrivileges、propertyPrivilege和policies的User对象，通过username字段指定用户。
• config?: RequestConfig：请求配置。

返回值

• Response：请求结果。

// Alters the user 'user01'
const user: User = {
  username: "user01",
  systemPrivileges: ["CREATE_GRAPH", "SHOW_GRAPH", "SHOW_GRAPH", "TRUNCATE"],
  policies: ["manager"]
};
const response = await driver.alterUser(user);
console.log(response.status?.message);

SUCCESS

dropUser()

删除一个指定的数据库用户。

参数

• username: string：用户名。
• config?: RequestConfig：请求配置。

返回值

• Response：请求结果。

// Drops the user 'user01'
const response = await driver.dropUser("user01");
console.log(response.status?.message);

SUCCESS

完整示例

import { UltipaDriver } from "@ultipa-graph/ultipa-driver";
import { ULTIPA } from "@ultipa-graph/ultipa-driver/dist/types/index.js";
import { Policy } from "@ultipa-graph/ultipa-driver/dist/types/types.js";

let sdkUsage = async () => {
  const ultipaConfig: ULTIPA.UltipaConfig = {
    // URI example: hosts: ["xxxx.us-east-1.cloud.ultipa.com:60010"]
    hosts: ["10.xx.xx.xx:60010"],
    username: "<username>",
    password: "<password>"
  };

  const driver = new UltipaDriver(ultipaConfig);

  // Creates a new policy 'operator'

  const graphPrivileges = new Map<string, string[]>();
  graphPrivileges.set("social", ["UPDATE", "INSERT", "DELETE", "UPSERT"]);

  const propertyPrivilege = {
    node: {
      read: [
        ["miniCircle", "account", "*"],
        ["miniCircle", "movie", "name"]
      ],
      write: [["social", "*", "*"]]
    },
    edge: {
      read: [["*", "*", "*"]],
      deny: [["miniCircle", "*", "*"]]
    }
  };

  const policy: Policy = {
    name: "operator",
    systemPrivileges: ["SHOW_GRAPH", "TRUNCATE"],
    graphPrivileges: graphPrivileges,
    propertyPrivileges: propertyPrivilege,
    policies: ["manager", "Tester"]
  };

  const response = await driver.createPolicy(policy);
  console.log(response.status?.message);

};

sdkUsage().catch(console.error);