概述
数据库用户可以访问数据库系统,在给定的权限范围内执行各种查询和管理操作。
嬴图支持使用GQL和UQL管理数据库中的用户。
命名规范
数据库中的用户名必须唯一,并符合以下规则:
- 2~64个字符
- 以字母开头(A–Z或a–z)
- 可以包含字母,数字(0–9),下划线(
_)
使用GQL
显示用户
列出所有数据库用户:
SHOW USER
创建用户
创建用户johndoe并设置密码:
CREATE USER johndoe WITH PASSWORD 'mHMUUjQWG46z'
密码长度为6到64个字符。
修改用户
您可修改用户名及其密码。
将用户johndoe重命名为johndoe_1:
ALTER USER johndoe RENAME TO johndoe_1
为用户admin更新密码:
ALTER USER admin SET PASSWORD 'zdcsQ7QFaCCE'
授予用户
您可为用户授予权限和角色,且不会覆盖该用户已有权限和角色。
系统权限
授予用户johndoe系统权限SHOW_POLICY和ALTER_GRAPH:
GRANT ["SHOW_POLICY", "ALTER_GRAPH"] TO johndoe
授予用户johndoe所有系统权限:
GRANT * TO johndoe
图权限
授予用户johndoe对图amz的图权限READ和UPDATE:
GRANT ["READ", "UPDATE"] ON amz TO johndoe
授予用户johndoe对所有图的图权限:
GRANT * ON * TO johndoe
属性权限
授予用户johndoe对当前图中点Person的属性name和age的READ和WRITE权限:
GRANT ['READ','WRITE'] ON NODE Person (name, age) TO johndoe
授予用户johndoe对当前图中所有边属性的DENY权限:
GRANT ["DENY"] ON EDGE * * TO johndoe
角色
授予用户johndoe一个角色manager:
GRANT ROLE manager TO johndoe
从用户中撤销
您可撤销用户的权限和角色。
系统权限
撤销用户johndoe的系统权限SHOW_POLICY和ALTER_GRAPH:
REVOKE ["SHOW_POLICY", "ALTER_GRAPH"] FROM johndoe
撤销用户johndoe的所有系统权限:
REVOKE * FROM johndoe
图权限
撤销用户johndoe对图amz的图权限READ和UPDATE:
REVOKE ["READ", "UPDATE"] ON amz FROM johndoe
撤销用户johndoe对所有图的图权限:
REVOKE * ON * FROM johndoe
属性权限
撤销用户johndoe在当前图中,对点Person的属性name和age的READ和WRITE权限:
REVOKE ['READ','WRITE'] ON NODE Person (name, age) FROM johndoe
撤销用户johndoe在当前图中对所有边属性的DENY权限:
REVOKE ["DENY"] ON EDGE * * FROM johndoe
角色
撤销用户johndoe中的角色manager:
REVOKE ROLE manager FROM johndoe
删除用户
删除用户johndoe:
DROP USER johndoe
使用UQL
显示用户
列出所有数据库用户:
show().user()
获取指定用户,如用户root:
show().user("root")
获取当前登录用户:
show().self()
创建用户
您可在创建用户的同时,为其分配权限和角色:
create().user("<username>", "<password>").params({
system_privileges: ["<systemPriv>", "<systemPriv>", ...],
// Set <graph> as * to specify all graphs
graph_privileges: {
"<graph>": ["<graphPriv>", "<graphPriv>", ...],
"<graph>": ["<graphPriv>", "<graphPriv>", ...],
...
},
// Set <graph>/<schema>/<property> as * to specify all graphs/schemas/properties
property_privileges: {
"node": {
"read": [["<graph>", "<schema>", "<property>"],["<graph>", "<schema>", "<property>"],...],
"write": [["<graph>", "<schema>", "<property>"],["<graph>", "<schema>", "<property>"],...],
"deny": [["<graph>", "<schema>", "<property>"],["<graph>", "<schema>", "<property>"],...]
},
"edge": {
"read": [["<graph>", "<schema>", "<property>"],["<graph>", "<schema>", "<property>"],...],
"write": [["<graph>", "<schema>", "<property>"],["<graph>", "<schema>", "<property>"],...],
"deny": [["<graph>", "<schema>", "<property>"],["<graph>", "<schema>", "<property>"],...]
}
},
policies: ["<policy>", "<policy>", ...]
})
创建用户admin,并为其分配所有图权限和系统权限:
create().user("admin", "U7MRDBFXd2Ab").params({
graph_privileges: {"*":["READ","INSERT","UPSERT","UPDATE","DELETE","CREATE_SCHEMA","DROP_SCHEMA","ALTER_SCHEMA","SHOW_SCHEMA","RELOAD_SCHEMA","CREATE_PROPERTY","DROP_PROPERTY","ALTER_PROPERTY","SHOW_PROPERTY","CREATE_FULLTEXT","DROP_FULLTEXT","SHOW_FULLTEXT","CREATE_INDEX","DROP_INDEX","SHOW_INDEX","LTE","UFE","CLEAR_JOB","STOP_JOB","SHOW_JOB","ALGO","CREATE_PROJECT","SHOW_PROJECT","DROP_PROJECT","CREATE_HDC_GRAPH","SHOW_HDC_GRAPH","DROP_HDC_GRAPH","COMPACT_HDC_GRAPH","SHOW_VECTOR_INDEX","CREATE_VECTOR_INDEX","DROP_VECTOR_INDEX","SHOW_CONSTRAINT","CREATE_CONSTRAINT","DROP_CONSTRAINT"]},
system_privileges: ["TRUNCATE","COMPACT","CREATE_GRAPH","SHOW_GRAPH","DROP_GRAPH","ALTER_GRAPH","TOP","KILL","STAT","SHOW_POLICY","CREATE_POLICY","DROP_POLICY","ALTER_POLICY","SHOW_USER","CREATE_USER","DROP_USER","ALTER_USER","SHOW_PRIVILEGE","SHOW_META","SHOW_SHARD","ADD_SHARD","DELETE_SHARD","REPLACE_SHARD","SHOW_HDC_SERVER","ADD_HDC_SERVER","DELETE_HDC_SERVER","LICENSE_UPDATE","LICENSE_DUMP","GRANT","REVOKE","SHOW_BACKUP","CREATE_BACKUP","SHOW_VECTOR_SERVER","ADD_VECTOR_SERVER","DELETE_VECTOR_SERVER"]
})
创建用户johndoe,并为其分配:
- 系统权限:
SHOW_GRAPH,ALTER_GRAPH - 图权限:对所有图的
READ权限,对图amz和trans的SHOW_INDEX和SHOW_JOB权限 - 属性权限:
- 点:对所有点属性的
read权限 - 边:图
amz中,对边edgx的rank和asset属性的write权限,以及对所有边的mark属性的read权限
- 点:对所有点属性的
- 角色:
manager
create().user("johndoe", "mHMUUjQWG46z").params({
system_privileges: ["SHOW_GRAPH", "ALTER_GRAPH"],
graph_privileges: {
"*": ["READ", "SHOW_SCHEMA", "SHOW_PROPERTY"],
"amz": ["SHOW_INDEX", "SHOW_JOB"],
"trans": ["SHOW_INDEX", "SHOW_JOB"]
},
property_privileges: {
"node": {
"read": [["*", "*", "*"]]
},
"edge": {
"read": [["amz", "*", "mark"]],
"write": [
["amz", "edgx", "rank"],
["amz", "edgx", "asset"]
]
}
},
policies: ["manager"]
})
授予用户
您可为用户授予权限和角色,且不会覆盖该用户已有权限和角色。
grant().user("<userName>").params({
system_privileges: ["<systemPriv>", "<systemPriv>", ...],
// Set <graph> as * to specify all graphs
graph_privileges: {
"<graph>": ["<graphPriv>", "<graphPriv>", ...],
"<graph>": ["<graphPriv>", "<graphPriv>", ...],
...
},
// Set <graph>/<schema>/<property> as * to specify all graphs/schemas/properties
property_privileges: {
"node": {
"read": [["<graph>", "<schema>", "<property>"],["<graph>", "<schema>", "<property>"],...],
"write": [["<graph>", "<schema>", "<property>"],["<graph>", "<schema>", "<property>"],...],
"deny": [["<graph>", "<schema>", "<property>"],["<graph>", "<schema>", "<property>"],...]
},
"edge": {
"read": [["<graph>", "<schema>", "<property>"],["<graph>", "<schema>", "<property>"],...],
"write": [["<graph>", "<schema>", "<property>"],["<graph>", "<schema>", "<property>"],...],
"deny": [["<graph>", "<schema>", "<property>"],["<graph>", "<schema>", "<property>"],...]
}
},
policies: ["<policy>", "<policy>", ...]
})
为用户ultipaUsr授予对图集Tax的图权限CREATE_SCHEMA和DROP_SCHEMA,以及系统权限ADD_HDC_SERVER:
grant().user("ultipaUsr").params({
graph_privileges: {"Tax": ["CREATE_SCHEMA", "DROP_SCHEMA"]},
system_privileges: ["ADD_HDC_SERVER"]
})
从用户中撤销
您可撤销用户的权限和角色。
revoke().user("<userName>").params({
system_privileges: ["<systemPriv>", "<systemPriv>", ...],
// Set <graph> as * to specify all graphs
graph_privileges: {
"<graph>": ["<graphPriv>", "<graphPriv>", ...],
"<graph>": ["<graphPriv>", "<graphPriv>", ...],
...
},
// Set <graph>/<schema>/<property> as * to specify all graphs/schemas/properties
property_privileges: {
"node": {
"read": [["<graph>", "<schema>", "<property>"],["<graph>", "<schema>", "<property>"],...],
"write": [["<graph>", "<schema>", "<property>"],["<graph>", "<schema>", "<property>"],...],
"deny": [["<graph>", "<schema>", "<property>"],["<graph>", "<schema>", "<property>"],...]
},
"edge": {
"read": [["<graph>", "<schema>", "<property>"],["<graph>", "<schema>", "<property>"],...],
"write": [["<graph>", "<schema>", "<property>"],["<graph>", "<schema>", "<property>"],...],
"deny": [["<graph>", "<schema>", "<property>"],["<graph>", "<schema>", "<property>"],...]
}
},
policies: ["<policy>", "<policy>", ...]
})
撤销用户ultipaUsr对图集Tax的图权限CREATE_SCHEMA和DROP_SCHEMA,以及系统权限ADD_HDC_SERVER:
revoke().user("ultipaUsr").params({
graph_privileges: {"Tax": ["CREATE_SCHEMA", "DROP_SCHEMA"]},
system_privileges: ["ADD_HDC_SERVER"]
})
修改用户
您可修改用户的权限和角色。请注意,只有指定的项目会被修改,其余保持不变。
alter().user("<username>").set({
password: "<password>",
graph_privileges: {
"<graph>": ["<graphPriv>", "<graphPriv>", ...],
...
},
system_privileges: ["<systemPriv>", "<systemPriv>", ...],
property_privileges: {
"node": {
"<propertyPriv>": [
["<graph>", "<schema>", "<property>"],
...
],
...
},
"edge": {
"<propertyPriv>": [
["<graph>", "<schema>", "<property>"],
...
],
...
}
},
policies: ["<policyName>", "<policyName>", ...]
})
修改用户admin的密码,同时保持其权限和角色不变:
alter().user("admin").set({password: "zdcsQ7QFaCCE"})
修改用户johndoe的图权限、属性权限和角色,同时保证密码和系统权限不变:
alter().user("johndoe").set({
graph_privileges: {"*": ["UPDATE", "DELETE"]},
property_privileges: {
"node": {
"write": [["miniCircle","*","*"]]
},
"edge": {
"write": [["miniCircle","*","*"]]
}
},
policies: ["sales"]
})
删除用户
删除用户johndoe:
drop().user("johndoe")