本节介绍用于控制数据库、图和数据权限的方法。
权限
showPrivilege()
获取全部系统权限和图集权限。
参数
- 无
返回值
List[Privilege]:获取的权限列表。
# Retrieves all system privileges and graph privileges
privileges = Conn.showPrivilege()
graphPrivileges = [privilege.name for privilege in privileges if privilege.level.name == "GRAPH"]
print("Graph privileges:", graphPrivileges)
systemPrivileges = [privilege.name for privilege in privileges if privilege.level.name == "SYSTEM"]
print("System privileges:", systemPrivileges)
Graph privileges: ['READ', 'INSERT', 'UPSERT', 'UPDATE', 'DELETE', 'CREATE_SCHEMA', 'DROP_SCHEMA', 'ALTER_SCHEMA', 'SHOW_SCHEMA', 'RELOAD_SCHEMA', 'CREATE_PROPERTY', 'DROP_PROPERTY', 'ALTER_PROPERTY', 'SHOW_PROPERTY', 'CREATE_FULLTEXT', 'DROP_FULLTEXT', 'SHOW_FULLTEXT', 'CREATE_INDEX', 'DROP_INDEX', 'SHOW_INDEX', 'LTE', 'UFE', 'CLEAR_JOB', 'STOP_JOB', 'SHOW_JOB', 'ALGO', 'CREATE_PROJECT', 'SHOW_PROJECT', 'DROP_PROJECT', 'CREATE_HDC_GRAPH', 'SHOW_HDC_GRAPH', 'DROP_HDC_GRAPH', 'COMPACT_HDC_GRAPH', 'SHOW_VECTOR_INDEX', 'CREATE_VECTOR_INDEX', 'DROP_VECTOR_INDEX', 'SHOW_CONSTRAINT', 'CREATE_CONSTRAINT', 'DROP_CONSTRAINT']
System privileges: ['TRUNCATE', 'COMPACT', 'CREATE_GRAPH', 'SHOW_GRAPH', 'DROP_GRAPH', 'ALTER_GRAPH', 'TOP', 'KILL', 'STAT', 'SHOW_POLICY', 'CREATE_POLICY', 'DROP_POLICY', 'ALTER_POLICY', 'SHOW_USER', 'CREATE_USER', 'DROP_USER', 'ALTER_USER', 'SHOW_PRIVILEGE', 'SHOW_META', 'SHOW_SHARD', 'ADD_SHARD', 'DELETE_SHARD', 'REPLACE_SHARD', 'SHOW_HDC_SERVER', 'ADD_HDC_SERVER', 'DELETE_HDC_SERVER', 'LICENSE_UPDATE', 'LICENSE_DUMP', 'GRANT', 'REVOKE', 'SHOW_BACKUP', 'CREATE_BACKUP', 'SHOW_VECTOR_SERVER', 'ADD_VECTOR_SERVER', 'DELETE_VECTOR_SERVER']
策略(角色)
showPolicy()
获取数据库中的全部策略。
参数
config: RequestConfig(可选):请求配置。
返回值
List[Policy]:获取的策略列表。
# Retrieves all policies
policies = Conn.showPolicy()
for policy in policies:
print(policy.name)
manager
Tester
sales
superADM
getPolicy()
获取数据库中一个指定的策略。
参数
policyName: str:策略名称。config: RequestConfig(可选):请求配置。
返回值
Policy:获取的策略。
# Retrieves the policy 'Tester'
policy = Conn.getPolicy("Tester")
print("Graph Privileges:", policy.graphPrivileges)
print("System Privileges:", policy.systemPrivileges)
print("Property Privileges:")
print("- Node (Read):", policy.propertyPrivileges.node.read)
print("- Node (Write):", policy.propertyPrivileges.node.write)
print("- Node (Deny):", policy.propertyPrivileges.node.deny)
print("- Edge (Read):", policy.propertyPrivileges.edge.read)
print("- Edge (Write):", policy.propertyPrivileges.edge.write)
print("- Edge (Deny):", policy.propertyPrivileges.edge.deny)
print("Policies:", policy.policies)
Graph Privileges: {'amz': ['ALGO', 'DROP_FULLTEXT', 'INSERT', 'DELETE', 'UPSERT'], 'StoryGraph': ['UPDATE', 'READ']}
System Privileges: ['TRUNCATE', 'KILL', 'TOP']
Property Privileges:
- Node (Read): [['*', '*', '*']]
- Node (Write): []
- Node (Deny): []
- Edge (Read): []
- Edge (Write): [['amz', '*', '*'], ['alimama', '*', '*']]
- Edge (Deny): [['miniCircle', 'review', 'value, timestamp']]
Policies: ['sales', 'manager']
createPolicy()
在数据库中创建一个策略。
参数
policy: Policy:待创建的策略;name属性必填,systemPrivileges、graphPrivileges、propertyPrivilege和policies选填。config: RequestConfig(可选):请求配置。
返回值
Response:请求结果。
# Creates a new policy 'operator'
policy = Policy(
name="operator",
systemPrivileges=["SHOW_GRAPH","TRUNCATE"],
graphPrivileges={
"lcc": ["UPDATE","INSERT","DELETE","UPSERT"]
},
propertyPrivileges=PropertyPrivilege(
node=PropertyPrivilegeElement(
read=[["miniCircle", "account", "*"], ["miniCircle", "movie", "name"]],
write=[["lcc", "*", "*"]]
),
edge=PropertyPrivilegeElement(
read=[["*", "*", "*"]],
deny=[["miniCircle", "*", "*"]]
)
),
policies=['manager', "sales"]
)
response = Conn.createPolicy(policy)
print(response.status.code.name)
SUCCEED
alterPolicy()
修改一个策略中包含的权限和策略。请留意,只有指定的属性会被修改,其余保持不变。
参数
policy: Policy:用于设置新的systemPrivileges、graphPrivileges、propertyPrivilege和policies的Policy对象,通过name属性指定策略。config: RequestConfig(可选):请求配置。
返回值
Response:请求结果。
# Alters the policy 'operator'
policy = Policy(
name="operator",
systemPrivileges=["CREATE_GRAPH","SHOW_GRAPH","SHOW_GRAPH","TRUNCATE"],
policies=['manager']
)
response = Conn.alterPolicy(policy)
print(response.status.code.name)
SUCCESS
dropPolicy()
删除数据库中一个指定的策略。
参数
policyName: str:策略名称。config: RequestConfig(可选):请求配置。
返回值
Response:请求结果。
# Drops the policy 'operator'
response = Conn.dropPolicy("operator")
print(response.status.code.name)
SUCCESS
用户
showUser()
获取全部数据库用户。
参数
config: RequestConfig(可选):请求配置。
返回值
List[User]:获取的用户列表。
# Retrieves all database users
users = Conn.showUser()
for user in users:
print(user.username)
johndoe
root
admin
getUser()
获取一个指定的数据库用户。
参数
username: str:用户名。config: RequestConfig(可选):请求配置。
返回值
User:获取的用户。
# Retrieves the database user 'johndoe'
user = Conn.getUser("johndoe")
print("Created Time:", user.createdTime)
print("Graph Privileges:", user.graphPrivileges)
print("System Privileges:", user.systemPrivileges)
print("Property Privileges:")
print("- Node (Read):", user.propertyPrivileges.node.read)
print("- Node (Write):", user.propertyPrivileges.node.write)
print("- Node (Deny):", user.propertyPrivileges.node.deny)
print("- Edge (Read):", user.propertyPrivileges.edge.read)
print("- Edge (Write):", user.propertyPrivileges.edge.write)
print("- Edge (Deny):", user.propertyPrivileges.edge.deny)
print("Policies:", user.policies)
Created Time: 2025-04-02 11:08:38
Graph Privileges: {'amz': ['ALGO', 'INSERT', 'DELETE', 'UPSERT'], 'StoryGraph': ['UPDATE', 'READ']}
System Privileges: ['TRUNCATE', 'KILL', 'TOP']
Property Privileges:
- Node (Read): [['*', '*', '*']]
- Node (Write): []
- Node (Deny): []
- Edge (Read): []
- Edge (Write): [['amz', '*', '*'], ['alimama', '*', '*']]
- Edge (Deny): [['miniCircle', 'review', 'value, timestamp']]
Policies: ['sales', 'manager']
createUser()
创建一个数据库用户。
参数
user:User:待创建的用户;username和password属性必填,systemPrivileges、graphPrivileges、propertyPrivilege和policies选填。config: RequestConfig(可选):请求配置。
返回值
Response:请求结果。
# Creates a new user 'user01'
user = User(
username="user01",
password="U7MRDBFXd2Ab",
systemPrivileges=["SHOW_GRAPH","TRUNCATE"],
graphPrivileges={
"lcc": ["UPDATE","INSERT","DELETE","UPSERT"]
},
propertyPrivileges=PropertyPrivilege(
node=PropertyPrivilegeElement(
read=[["miniCircle", "account", "*"], ["miniCircle", "movie", "name"]],
write=[["lcc", "*", "*"]]
),
edge=PropertyPrivilegeElement(
read=[["*", "*", "*"]],
deny=[["miniCircle", "*", "*"]]
)
),
policies=['manager', "sales"]
)
response = Conn.createUser(user)
print(response.status.code.name)
SUCCEED
alterUser()
修改一个用户的密码、权限和策略。请留意,只有指定的属性会被修改,其余保持不变。
参数
user: User:用于设置新的password、systemPrivileges、graphPrivileges、propertyPrivilege和policies的User对象,通过username属性指定用户。config: RequestConfig(可选):请求配置。
# Alters the user 'user01'
user = User(
username="user01",
systemPrivileges=["CREATE_GRAPH","SHOW_GRAPH","SHOW_GRAPH","TRUNCATE"],
policies=['manager']
)
response = Conn.alterUser(user)
print(response.status.code.name)
SUCCEED
dropUser()
删除一个指定的数据库用户。
参数
username: str: 用户名。config: RequestConfig(可选):请求配置。
返回值
Response:请求结果。
# Drops the user 'user01'
response = Conn.dropUser("user01")
print(response.status.code.name)
SUCCESS
完整示例
from ultipa.structs.PropertyPrivilege import PropertyPrivilege, PropertyPrivilegeElement
from ultipa import UltipaConfig, Connection, Policy
ultipaConfig = UltipaConfig()
# URI example: ultipaConfig.hosts = ["https://mqj4zouys.us-east-1.cloud.ultipa.com:60010"]
ultipaConfig.hosts = ["192.168.1.85:60061", "192.168.1.87:60061", "192.168.1.88:60061"]
ultipaConfig.username = "<username>"
ultipaConfig.password = "<password>"
Conn = Connection.NewConnection(defaultConfig=ultipaConfig)
# Creates a new policy 'operator'
policy = Policy(
name="operator",
systemPrivileges=["SHOW_GRAPH","TRUNCATE"],
graphPrivileges={
"lcc": ["UPDATE","INSERT","DELETE","UPSERT"]
},
propertyPrivileges=PropertyPrivilege(
node=PropertyPrivilegeElement(
read=[["miniCircle", "account", "*"], ["miniCircle", "movie", "name"]],
write=[["lcc", "*", "*"]]
),
edge=PropertyPrivilegeElement(
read=[["*", "*", "*"]],
deny=[["miniCircle", "*", "*"]]
)
),
policies=['manager', "sales"]
)
response = Conn.createPolicy(policy)
print(response.status.code.name)