本节为您介绍如何使用Connection
对象的方法管理对实例和其中图集的访问,包括权限、策略和用户。
每个示例主要展示如何使用所列方法。点击完整示例查看完整代码示例。
Privilege
ShowPrivilege()
获取全部系统权限和图权限,也就是基于操作范围分类的UQL命令名称。
参数:
RequestConfig
(可选):请求的配置。如果填入nil
,则使用默认的配置。
返回值:
[]Privilege
:全部系统权限和图权限。error
:一个包含发生问题详细信息的错误对象。如果操作成功,则返回nil
。
// 获取全部系统权限和图权限
myPri, err := conn.ShowPrivilege(nil)
if err != nil {
println(err)
}
PGraph := ""
for i, gp := range myPri[0].GraphPrivileges {
if i > 0 {
PGraph += ", "
}
PGraph += gp
}
println("GraphPrivileges:", "\n", PGraph)
SGraph := ""
for i, sp := range myPri[0].SystemPrivileges {
if i > 0 {
SGraph += ", "
}
SGraph += sp
}
println("SystemPrivileges:", "\n", SGraph)
GraphPrivileges:
TEMPLATE, KHOP, AB, SPREAD, AUTONET, FIND, FIND_NODE, FIND_EDGE, INSERT, EXPORT, UPSERT, UPDATE, DELETE, DELETE_NODE, DELETE_EDGE, CREATE_SCHEMA, DROP_SCHEMA, ALTER_SCHEMA, SHOW_SCHEMA, CREATE_TRIGGER, DROP_TRIGGER, SHOW_TRIGGER, CREATE_BACKUP, RESTORE_BACKUP, SHOW_BACKUP, CREATE_PROPERTY, DROP_PROPERTY, ALTER_PROPERTY, SHOW_PROPERTY, CREATE_FULLTEXT, DROP_FULLTEXT, SHOW_FULLTEXT, CREATE_INDEX, DROP_INDEX, SHOW_INDEX, LTE, UFE, CLEAR_TASK, STOP_TASK, PAUSE_TASK, RESUME_TASK, SHOW_TASK, ALGO, SHOW_ALGO
SystemPrivileges:
TRUNCATE, COMPACT, CREATE_GRAPH, SHOW_GRAPH, DROP_GRAPH, ALTER_GRAPH, MOUNT_GRAPH, UNMOUNT_GRAPH, TOP, KILL, STAT, SHOW_POLICY, CREATE_POLICY, DROP_POLICY, ALTER_POLICY, SHOW_USER, CREATE_USER, DROP_USER, ALTER_USER, GRANT, REVOKE, SHOW_PRIVILEGE
Policy
ShowPolicy()
获取实例上的全部策略。策略包括系统权限、图权限、属性权限和其他策略。
参数:
RequestConfig
(可选):请求的配置。如果填入nil
,则使用默认的配置。
返回值:
[]Policy
:实例上的全部策略列表。error
:一个包含发生问题详细信息的错误对象。如果操作成功,则返回nil
。
// 获取全部策略并打印其信息
myPol, err := conn.ShowPolicy(nil)
if err != nil {
println(err)
}
for i := 0; i < len(myPol); i++ {
println("Policy name:", myPol[i].Name)
println("Graph privileges include:", "\n", utils.JSONString(myPol[i].GraphPrivileges))
println("System privileges include:", "\n", utils.JSONString(myPol[i].SystemPrivileges))
println("Property privlileges include:", "\n", utils.JSONString(myPol[i].PropertyPrivileges))
println("Policies include:", utils.JSONString(myPol[i].Policies), "\n")
}
Policy name: operator
Graph privileges include:
{"miniCircle":["UPDATE","INSERT","TEMPLATE","UPSERT","AUTONET"]}
System privileges include:
["MOUNT_GRAPH","TRUNCATE","SHOW_GRAPH"]
Property privlileges include:
{"edge":{"deny":[],"read":[],"write":[]},"node":{"deny":[],"read":[],"write":[["miniCircle","account","*"]]}}
Policies include: []
Policy name: manager
Graph privileges include:
{"*":["CREATE_INDEX","DROP_TRIGGER","CREATE_FULLTEXT"]}
System privileges include:
["DROP_POLICY","COMPACT"]
Property privlileges include:
{"edge":{"deny":[],"read":[],"write":[]},"node":{"deny":[],"read":[],"write":[]}}
Policies include: ["operator"]
GetPolicy()
根据名称获取实例上的策略。
参数:
string
:策略名称。RequestConfig
(可选):请求的配置。如果填入nil
,则使用默认的配置。
返回值:
Policy
:获取到的策略。error
:一个包含发生问题详细信息的错误对象。如果操作成功,则返回nil
。
// 获取策略operator并打印其信息
myPol, err := conn.GetPolicy("operator", nil)
if err != nil {
println(err)
}
println("Policy", myPol.Name, "includes:")
println("- System privileges:", utils.JSONString(myPol.SystemPrivileges))
println("- Graph privileges:", utils.JSONString(myPol.GraphPrivileges))
println("- Proverty privileges:", utils.JSONString(myPol.PropertyPrivileges))
println("- Policies:", utils.JSONString(myPol.Policies))
Policy operator includes:
- System privileges: ["MOUNT_GRAPH","TRUNCATE","SHOW_GRAPH"]
- Graph privileges: {"miniCircle":["UPDATE","INSERT","TEMPLATE","UPSERT","AUTONET"]}
- Proverty privileges: {"edge":{"deny":[],"read":[],"write":[]},"node":{"deny":[],"read":[],"write":[["miniCircle","account","*"]]}}
- Policies: []
CreatePolicy()
在实例中创建一个策略。
参数:
Policy
:待创建的策略;必须设置Name
字段,SystemPrivileges
字段、GraphPrivileges
字段、PropertyPrivileges
字段和Policies
字段可选。RequestConfig
(可选):请求的配置。如果填入nil
,则使用默认的配置。
返回值:
Response
:请求的结果。error
:一个包含发生问题详细信息的错误对象。如果操作成功,则返回nil
。
// 新建策略sales并获取该策略
graphPrivileges := structs.GraphPrivileges{
"miniCircle": []string{"FIND", "SPREAD", "AUTONET", "AB", "TEMPLATE", "KHOP"},
"lcc": []string{"UPDATE", "INSERT", "DELETE", "UPSERT"},
}
propertyPrivileges := structs.PropertyPrivileges{
"node": {
"read": {{"miniCircle", "account", "*"}, {"miniCircle", "movie", "name"}},
"write": {{"lcc", "*", "*"}},
"deny": {},
},
"edge": {
"read": {{"*", "*", "*"}},
"write": {{"*", "*", "*"}},
"deny": {},
},
}
var policy = structs.Policy{
Name: "sales",
GraphPrivileges: graphPrivileges,
SystemPrivileges: []string{"SHOW_GRAPH", "TRUNCATE"},
PropertyPrivileges: propertyPrivileges,
Policies: []string{"manager", "operator"},
}
newPol, err := conn.CreatePolicy(&policy, nil)
if err != nil {
println(utils.JSONString(err.Error()))
}
println("Policy is created:", newPol.IsSuccess())
// 打印新创建的策略'sales'
myPol, err := conn.GetPolicy("sales", nil)
if err != nil {
println(err)
}
println("Policy", myPol.Name, "includes:")
println("- System privileges:", utils.JSONString(myPol.SystemPrivileges))
println("- Graph privileges:", utils.JSONString(myPol.GraphPrivileges))
println("- Proverty privileges:", utils.JSONString(myPol.PropertyPrivileges))
println("- Policies:", utils.JSONString(myPol.Policies))
Policy is created: true
Policy sales includes:
- System privileges: ["SHOW_GRAPH","TRUNCATE"]
- Graph privileges: {"lcc":["UPDATE","INSERT","DELETE","UPSERT"],"miniCircle":["FIND","SPREAD","AUTONET","AB","TEMPLATE","KHOP"]}
- Proverty privileges: {"edge":{"deny":[],"read":[["*","*","*"]],"write":[["*","*","*"]]},"node":{"deny":[],"read":[["miniCircle","account","*"],["miniCircle","movie","name"]],"write":[["lcc","*","*"]]}}
- Policies: ["manager","operator"]
AlterPolicy()
根据名称,修改实例中已有策略的系统权限、图权限、属性权限和其他策略。
参数:
Policy
:待创建的策略;必须设置Name
字段,SystemPrivileges
字段、GraphPrivileges
字段、PropertyPrivileges
字段和Policies
字段可选。RequestConfig
(可选):请求的配置。如果填入nil
,则使用默认的配置。
返回值:
Response
:请求的结果。error
:一个包含发生问题详细信息的错误对象。如果操作成功,则返回nil
。
// 修改策略sales并获取该策略
graphPrivileges := structs.GraphPrivileges{
"miniCircle": []string{"FIND"},
"lcc": []string{"UPDATE"},
}
var policy = structs.Policy{
Name: "sales",
GraphPrivileges: graphPrivileges,
SystemPrivileges: []string{"SHOW_GRAPH"},
Policies: []string{"operator"},
}
newPol, err := conn.AlterPolicy(&policy, nil)
if err != nil {
println(utils.JSONString(err.Error()))
}
println("Policy is altered:", newPol.IsSuccess())
time.Sleep(2 * time.Second)
myPol, err := conn.GetPolicy("sales", nil)
if err != nil {
println(err)
}
println("Policy", myPol.Name, "includes:")
println("- System privileges:", utils.JSONString(myPol.SystemPrivileges))
println("- Graph privileges:", utils.JSONString(myPol.GraphPrivileges))
println("- Proverty privileges:", utils.JSONString(myPol.PropertyPrivileges))
println("- Policies:", utils.JSONString(myPol.Policies))
Policy is altered: true
Policy sales includes:
- System privileges: ["SHOW_GRAPH"]
- Graph privileges: {"lcc":["UPDATE"],"miniCircle":["FIND"]}
- Proverty privileges: {"edge":{"deny":[],"read":[["*","*","*"]],"write":[["*","*","*"]]},"node":{"deny":[],"read":[["miniCircle","account","*"],["miniCircle","movie","name"]],"write":[["lcc","*","*"]]}}
- Policies: ["operator"]
DropPolicy()
根据名称删除实例中的一个策略。
参数:
string
:策略名称。RequestConfig
(可选):请求的配置。如果填入nil
,则使用默认的配置。
返回值:
Response
:请求的结果。error
:一个包含发生问题详细信息的错误对象。如果操作成功,则返回nil
。
// 删除策略sales并打印错误代码
myPol, err := conn.DropPolicy("sales", nil)
if err != nil {
println(utils.JSONString(err.Error()))
}
println("Policy is deleted:", myPol.IsSuccess())
Policy is deleted: true
User
ShowUser()
获取实例上的全部数据库用户。
参数:
RequestConfig
(可选):请求的配置。如果填入nil
,则使用默认的配置。
返回值:
[]User
:实例上的全部用户列表。error
:一个包含发生问题详细信息的错误对象。如果操作成功,则返回nil
。
// 获取全部用户并打印第一个返回的用户信息
userList, err := conn.ShowUser(nil)
if err != nil {
println(utils.JSONString(err.Error()))
}
println("Username:", userList[0].UserName)
println("Created at:", userList[0].Create)
println("System privileges:", "\n", utils.JSONString(userList[0].SystemPrivileges))
println("Graph privileges:", "\n", utils.JSONString(userList[0].GraphPrivileges))
println("Property privileges:", "\n", utils.JSONString(userList[0].PropertyPrivileges))
println("Policies:", "\n", utils.JSONString(userList[0].Policies))
Username: test006
Created at: 1970-01-01 08:00:00
System privileges:
["SHOW_PRIVILEGE","ALTER_USER","DROP_USER","CREATE_USER","SHOW_GRAPH","ALTER_GRAPH","DROP_GRAPH","COMPACT","MOUNT_GRAPH","TOP","CREATE_GRAPH","STAT","UNMOUNT_GRAPH","SHOW_POLICY","TRUNCATE","KILL","ALTER_POLICY","CREATE_POLICY","DROP_POLICY","SHOW_USER"]
Graph privileges:
{}
Property privileges:
{"edge":{"deny":[["*","*","*"]],"read":[],"write":[]},"node":{"deny":[["*","*","*"]],"read":[],"write":[]}}
Policies:
["operator"]
GetUser()
根据用户名获取实例上的数据库用户。
参数:
string
:用户名。RequestConfig
(可选):请求的配置。如果填入nil
,则使用默认的配置。
返回值:
User
:获取到的用户。error
:一个包含发生问题详细信息的错误对象。如果操作成功,则返回nil
。
// 获取用户test005并打印其访问信息
myUser, err := conn.GetUser("test005", nil)
if err != nil {
println(utils.JSONString(err.Error()))
}
println("Username:", myUser.UserName)
println("Created at:", myUser.Create)
println("System privileges:", "\n", utils.JSONString(myUser.SystemPrivileges))
println("Graph privileges:", "\n", utils.JSONString(myUser.GraphPrivileges))
println("Property privileges:", "\n", utils.JSONString(myUser.PropertyPrivileges))
println("Policies:", "\n", utils.JSONString(myUser.Policies))
Username: test005
Created at: 1970-01-01 08:00:00
System privileges:
["SHOW_PRIVILEGE","ALTER_USER","DROP_USER","CREATE_USER","SHOW_GRAPH","ALTER_GRAPH","DROP_GRAPH","COMPACT","MOUNT_GRAPH","TOP","CREATE_GRAPH","STAT","UNMOUNT_GRAPH","SHOW_POLICY","TRUNCATE","KILL","ALTER_POLICY","CREATE_POLICY","DROP_POLICY","SHOW_USER"]
Graph privileges:
{}
Property privileges:
{"edge":{"deny":[],"read":[],"write":[]},"node":{"deny":[],"read":[],"write":[]}}
Policies:
["operator"]
CreateUser()
在实例上创建一个数据库用户。
参数:
CreateUser
:待创建的用户;必须设定Username
字段和Password
字段,SystemPrivilegess
字段、GraphPrivileges
字段、PropertyPrivileges
字段和Policies
字段可选。RequestConfig
(可选):请求的配置。如果填入nil
,则使用默认的配置。
返回值:
Response
:请求的结果。error
:一个包含发生问题详细信息的错误对象。如果操作成功,则返回nil
。
// 创建用户GoUser并打印错误代码
graphPrivileges := structs.GraphPrivileges{
"miniCircle": []string{"FIND", "SPREAD", "AUTONET", "AB", "TEMPLATE", "KHOP"},
"lcc": []string{"UPDATE", "INSERT", "DELETE", "UPSERT"},
}
var user = structs.CreateUser{
UserName: "GoUser",
PassWord: "Password",
SystemPrivileges: []string{"SHOW_GRAPH", "TRUNCATE"},
GraphPrivileges: graphPrivileges,
Policies: []string{"manager", "operator"},
}
myUser, err := conn.CreateUser(&user, nil)
if err != nil {
println(utils.JSONString(err.Error()))
}
println("User is created:", myUser.IsSuccess())
User is created: true
AlterUser()
根据用户名,修改实例中已有数据库用户的密码、系统权限、图权限、属性权限和策略。
参数:
AlterUser
:待修改的用户;必须设定Username
字段和Password
字段,SystemPrivilegess
字段、GraphPrivileges
字段、PropertyPrivileges
字段和Policies
字段可选。RequestConfig
(可选):请求的配置。如果填入nil
,则使用默认的配置。
返回值:
Response
:请求的结果。error
:一个包含发生问题详细信息的错误对象。如果操作成功,则返回nil
。
// 修改用户GoUser并打印错误代码
graphPrivileges := structs.GraphPrivileges{
"miniCircle": []string{"FIND"},
}
var user = structs.AlterUser{
UserName: "GoUser",
SystemPrivileges: []string{"SHOW_GRAPH"},
GraphPrivileges: graphPrivileges,
Policies: []string{"operator"},
}
myUser, err := conn.AlterUser(&user, nil)
if err != nil {
println(utils.JSONString(err.Error()))
}
println("User is altered:", myUser.IsSuccess())
User is altered: true
DropUser()
根据用户名从实例中删除数据库用户。
参数:
string
:用户名。RequestConfig
(可选):请求的配置。如果填入nil
,则使用默认的配置。
返回值:
Response
:请求的结果。error
:一个包含发生问题详细信息的错误对象。如果操作成功,则返回nil
。
// 删除用户GoUser并打印错误代码
myUser, err := conn.DropUser("GoUser", nil)
if err != nil {
println(utils.JSONString(err.Error()))
}
println("User is deleted:", myUser.IsSuccess())
User is deleted: true
GrantPolicy()
为实例中的数据库用户授予系统权限、图权限、属性权限和策略。
参数:
string
:用户名。GraphPrivileges
:待授予的图权限;设置为nil
表示不授予任何图权限。[]string
:待授予的系统权限;设置为[]string{}
表示不授予任何系统权限。PropertyPrivileges
:待授予的属性权限;设置为nil
表示不授予任何属性权限。[]string
:待授予的策略;设置为[]string{}
表示不授予任何策略。RequestConfig
(可选):请求的配置。如果填入nil
,则使用默认的配置。
返回值:
Response
:请求的结果。error
:一个包含发生问题详细信息的错误对象。如果操作成功,则返回nil
。
// 授予用户'johndoe'权限和策略,并打印错误代码。
graphPrivileges := structs.GraphPrivileges{
"miniCircle": []string{"FIND", "SPREAD", "AUTONET", "AB", "TEMPLATE", "KHOP"},
"lcc": []string{"UPDATE", "INSERT", "DELETE", "UPSERT"},
}
myPol, err := conn.GrantPolicy("johndoe", &graphPrivileges, []string{"SHOW_GRAPH", "TRUNCATE"}, nil, []string{"manager", "operator"}, nil)
if err != nil {
println(utils.JSONString(err.Error()))
}
println("Policy is granted:", myPol.IsSuccess())
Policy is granted: true
RevokePolicy()
撤销实例中的数据库用户的系统权限、图权限、属性权限和策略。
参数:
string
:用户名。GraphPrivileges
:待撤销的图权限;设定为nil
可跳过图权限撤销。[]string
:待撤销的系统权限;设置为[]string{}
可跳过系统权限撤销。PropertyPrivileges
:待撤销的属性权限;设置为nil
可跳过属性权限撤销。[]string
:待撤销的策略;设置为[]string{}
可跳过策略撤销。RequestConfig
(可选):请求的配置。如果填入nil
,则使用默认的配置。
返回值:
Response
:请求的结果。error
:一个包含发生问题详细信息的错误对象。如果操作成功,则返回nil
。
graphPrivileges := structs.GraphPrivileges{
"miniCircle": []string{"FIND", "SPREAD", "AUTONET", "AB", "TEMPLATE", "KHOP"},
"default": []string{"UPDATE", "INSERT", "DELETE", "UPSERT"},
}
propertyPrivileges := structs.PropertyPrivileges{
"node": {
"read": {{"miniCircle", "account", "*"}, {"miniCircle", "movie", "name"}},
"write": {{"default", "*", "*"}},
"deny": {},
},
"edge": {
"read": {{"*", "*", "*"}},
"write": {{"miniCircle", "*", "*"}},
"deny": {},
},
}
myPol1, err := conn.RevokePolicy("johndoe", &graphPrivileges, []string{}, nil, []string{}, nil)
if err != nil {
println(utils.JSONString(err.Error()))
}
println("Policy is revoked:", myPol1.IsSuccess())
myPol2, err := conn.RevokePolicy("Tester", &graphPrivileges, []string{"SHOW_GRAPH", "TRUNCATE"}, &propertyPrivileges, []string{"manager", "operator"}, nil)
if err != nil {
println(utils.JSONString(err.Error()))
}
println("Policy is revoked:", myPol2.IsSuccess())
Policy is revoked: true
Policy is revoked: true
完整示例
package main
import (
"github.com/ultipa/ultipa-go-sdk/sdk"
"github.com/ultipa/ultipa-go-sdk/sdk/configuration"
"github.com/ultipa/ultipa-go-sdk/utils"
)
func main() {
// 设置连接
// URI示例: Hosts:=[]string{"mqj4zouys.us-east-1.cloud.ultipa.com:60010"}
config, _ := configuration.NewUltipaConfig(&configuration.UltipaConfig{
Hosts: []string{"192.168.1.85:60061", "192.168.1.86:60061", "192.168.1.87:60061"},
Username: "***",
Password: "***",
})
// 建立与数据库的连接
conn, _ := sdk.NewUltipa(config)
// 获取全部策略并打印其信息
myPol, err := conn.ShowPolicy(nil)
if err != nil {
println(err)
}
for i := 0; i < len(myPol); i++ {
println("Policy name:", myPol[i].Name)
println("Graph privileges include:", "\n", utils.JSONString(myPol[i].GraphPrivileges))
println("System privileges include:", "\n", utils.JSONString(myPol[i].SystemPrivileges))
println("Property privlileges include:", "\n", utils.JSONString(myPol[i].PropertyPrivileges))
println("Policies include:", utils.JSONString(myPol[i].Policies), "\n")
}
println(utils.JSONString(newNodeSchema))
}