本节为您介绍如何使用Connection
对象的方法管理对实例和其中图集的访问,包括权限、策略和用户。
每个示例主要展示如何使用所列方法。点击完整示例查看完整代码示例。
权限
showPrivilege()
获取全部系统权限和图权限,也就是基于操作范围分类的UQL命令名称。
参数:
RequestConfig
(可选):配置请求。
返回值:
Privilege
:全部系统权限和图权限。
# 获取全部系统权限和图权限
privilege = Conn.showPrivilege()
print("System privileges:", privilege.systemPrivileges)
print("Graph privileges:", privilege.graphPrivileges)
System privileges: ['TRUNCATE', 'COMPACT', 'CREATE_GRAPH', 'SHOW_GRAPH', 'DROP_GRAPH', 'ALTER_GRAPH', 'MOUNT_GRAPH', 'UNMOUNT_GRAPH', 'TOP', 'KILL', 'STAT', 'SHOW_POLICY', 'CREATE_POLICY', 'DROP_POLICY', 'ALTER_POLICY', 'SHOW_USER', 'CREATE_USER', 'DROP_USER', 'ALTER_USER', 'GRANT', 'REVOKE', 'SHOW_PRIVILEGE']
Graph privileges: ['TEMPLATE', 'KHOP', 'AB', 'SPREAD', 'AUTONET', 'FIND', 'FIND_NODE', 'FIND_EDGE', 'INSERT', 'EXPORT', 'UPSERT', 'UPDATE', 'DELETE', 'DELETE_NODE', 'DELETE_EDGE', 'CREATE_SCHEMA', 'DROP_SCHEMA', 'ALTER_SCHEMA', 'SHOW_SCHEMA', 'CREATE_TRIGGER', 'DROP_TRIGGER', 'SHOW_TRIGGER', 'CREATE_BACKUP', 'RESTORE_BACKUP', 'SHOW_BACKUP', 'CREATE_PROPERTY', 'DROP_PROPERTY', 'ALTER_PROPERTY', 'SHOW_PROPERTY', 'CREATE_FULLTEXT', 'DROP_FULLTEXT', 'SHOW_FULLTEXT', 'CREATE_INDEX', 'DROP_INDEX', 'SHOW_INDEX', 'LTE', 'UFE', 'CLEAR_TASK', 'STOP_TASK', 'PAUSE_TASK', 'RESUME_TASK', 'SHOW_TASK', 'ALGO', 'SHOW_ALGO']
策略
showPolicy()
获取实例上的全部策略。策略包括系统权限、图权限、属性权限和其他策略。
参数:
RequestConfig
(可选):配置请求。
返回值:
List[Policy]
:实例上的全部策略列表。
# 获取全部策略并打印其信息
policyList = Conn.showPolicy()
for policy in policyList:
print("Policy", policy.name, "include:")
print("- System privileges:", policy.systemPrivileges)
print("- Graph privileges:", policy.graphPrivileges)
print("- Property privileges:", policy.propertyPrivileges)
print("- Policies:", policy.policies)
Policy operator include:
- System privileges: ['MOUNT_GRAPH', 'TRUNCATE', 'SHOW_GRAPH']
- Graph privileges: {'miniCircle': ['UPDATE', 'INSERT', 'TEMPLATE', 'UPSERT', 'AUTONET']}
- Property privileges: {"node":{"read":[],"write":[["miniCircle","account","*"]],"deny":[]},"edge":{"read":[],"write":[],"deny":[]}}
- Policies: []
Policy manager include:
- System privileges: ['DROP_POLICY', 'COMPACT']
- Graph privileges: {'*': ['CREATE_INDEX', 'DROP_TRIGGER', 'CREATE_FULLTEXT']}
- Property privileges: {"node":{"read":[],"write":[],"deny":[]},"edge":{"read":[],"write":[],"deny":[]}}
- Policies: ['operator']
getPolicy()
根据名称获取实例上的策略。
参数:
str
:策略名称。RequestConfig
(可选):配置请求。
返回值:
Policy
:获取到的策略。
# 获取策略operator并打印其信息
policy = Conn.getPolicy("operator")
print("Policy", policy.name, "include:")
print("- System privileges:", policy.systemPrivileges)
print("- Graph privileges:", policy.graphPrivileges)
print("- Property privileges:", policy.propertyPrivileges)
print("- Policies:", policy.policies)
Policy operator include:
- System privileges: ['MOUNT_GRAPH', 'TRUNCATE', 'SHOW_GRAPH']
- Graph privileges: {'miniCircle': ['UPDATE', 'INSERT', 'TEMPLATE', 'UPSERT', 'AUTONET']}
- Property privileges: {"node":{"read":[],"write":[["miniCircle","account","*"]],"deny":[]},"edge":{"read":[],"write":[],"deny":[]}}
- Policies: []
createPolicy()
在实例中创建一个策略。
参数:
Policy
:待创建的策略;必须设置name
字段,systemPrivileges
字段、graphPrivileges
字段、propertyPrivilege
字段和policies
字段可选。RequestConfig
(可选):配置请求。
返回值:
UltipaResponse
:请求的结果。
# 新建策略sales并获取该策略
policy = Policy(
name="sales",
systemPrivileges=["SHOW_GRAPH","TRUNCATE"],
graphPrivileges={
"lcc": ["UPDATE","INSERT","DELETE","UPSERT"]
},
propertyPrivileges={
"node": {
"read": [
["miniCircle", "account", "*"],
["miniCircle", "movie", "name"]
],
"write": [
["lcc", "*", "*"]
]
},
"edge": {
"read": [
["*", "*", "*"]
],
"write": [
["miniCircle", "*", "*"]
]
}
},
policies=['manager', "operator"]
)
response = Conn.createPolicy(policy)
print(response.status.code)
time.sleep(3)
createdPolicy = Conn.getPolicy("sales")
print("Policy", createdPolicy.name, "include:")
print("- System privileges:", createdPolicy.systemPrivileges)
print("- Graph privileges:", createdPolicy.graphPrivileges)
print("- Property privileges:", createdPolicy.propertyPrivileges)
print("- Policies:", createdPolicy.policies)
0
Policy sales include:
- System privileges: ['SHOW_GRAPH', 'TRUNCATE']
- Graph privileges: {'lcc': ['UPDATE', 'INSERT', 'DELETE', 'UPSERT']}
- Property privileges: {"node":{"read":[["miniCircle","account","*"],["miniCircle","movie","name"]],"write":[["lcc","*","*"]],"deny":[]},"edge":{"read":[["*","*","*"]],"write":[["miniCircle","*","*"]],"deny":[]}}
- Policies: ['manager', 'operator']
alterPolicy()
根据名称,修改实例中已有策略的系统权限、图权限、属性权限和其他策略。
参数:
Policy
:待修改的策略;必须设置name
字段,systemPrivileges
字段、graphPrivileges
字段、propertyPrivilege
字段和policies
字段可选。RequestConfig
(可选):配置请求。
返回值:
UltipaResponse
:请求的结果。
# Alters the policy 'sales' and then retrieves it
policy = Policy(
name="sales",
systemPrivileges=["SHOW_GRAPH"],
graphPrivileges={
"miniCircle": ["FIND"],
"lcc": ["UPDATE"]
},
policies=["operator"]
)
response = Conn.alterPolicy(policy)
print(response.status.code)
time.sleep(3)
alteredPolicy = Conn.getPolicy("sales")
print("Policy", alteredPolicy.name, "include:")
print("- System privileges:", alteredPolicy.systemPrivileges)
print("- Graph privileges:", alteredPolicy.graphPrivileges)
print("- Property privileges:", alteredPolicy.propertyPrivileges)
print("- Policies:", alteredPolicy.policies)
0
Policy sales include:
- System privileges: ['SHOW_GRAPH']
- Graph privileges: {'miniCircle': ['FIND'], 'lcc': ['UPDATE']}
- Property privileges: {"node":{"read":[["miniCircle","account","*"],["miniCircle","movie","name"]],"write":[["lcc","*","*"]],"deny":[]},"edge":{"read":[["*","*","*"]],"write":[["miniCircle","*","*"]],"deny":[]}}
- Policies: ['operator']
dropPolicy()
根据名称删除实例中的一个策略。
参数:
str
:策略名称。RequestConfig
(可选):配置请求。
返回值:
UltipaResponse
:请求的结果。
# 删除策略sales并打印错误代码
response = Conn.dropPolicy("sales")
print(response.status.code)
0
用户
showUser()
获取实例上的全部数据库用户。
参数:
RequestConfig
(可选):配置请求。
返回值:
List[User]
:实例上的全部用户列表。
# 获取全部用户并打印第一个返回的用户访问信息
userList = Conn.showUser()
print("Username:", userList[0].username)
print("Created On:", userList[0].create)
print("System privileges:", userList[0].systemPrivileges)
print("Graph privileges:", userList[0].graphPrivileges)
print("Property privileges:", userList[0].propertyPrivileges)
print("Policies:", userList[0].policies)
Username: test006
Created On: 1693550276
System privileges: ['SHOW_PRIVILEGE', 'ALTER_USER', 'DROP_USER', 'CREATE_USER', 'SHOW_GRAPH', 'ALTER_GRAPH', 'DROP_GRAPH', 'COMPACT', 'MOUNT_GRAPH', 'TOP', 'CREATE_GRAPH', 'STAT', 'UNMOUNT_GRAPH', 'SHOW_POLICY', 'TRUNCATE', 'KILL', 'ALTER_POLICY', 'CREATE_POLICY', 'DROP_POLICY', 'SHOW_USER']
Graph privileges: {}
Property privileges: {"node":{"read":[],"write":[],"deny":[["*","*","*"]]},"edge":{"read":[],"write":[],"deny":[["*","*","*"]]}}
Policies: ['operator']
getUser()
根据用户名获取实例上的数据库用户。
参数:
str
:用户名。RequestConfig
(可选):配置请求。
返回值:
User
:获取到的用户。
# 获取用户test005并打印其访问信息
user = Conn.getUser("test005")
print("Username:", user.username)
print("Created On:", user.create)
print("System privileges:", user.systemPrivileges)
print("Graph privileges:", user.graphPrivileges)
print("Property privileges:", user.propertyPrivileges)
print("Policies:", user.policies)
Username: test005
Created On: 1693473359
System privileges: ['SHOW_PRIVILEGE', 'ALTER_USER', 'DROP_USER', 'CREATE_USER', 'SHOW_GRAPH', 'ALTER_GRAPH', 'DROP_GRAPH', 'COMPACT', 'MOUNT_GRAPH', 'TOP', 'CREATE_GRAPH', 'STAT', 'UNMOUNT_GRAPH', 'SHOW_POLICY', 'TRUNCATE', 'KILL', 'ALTER_POLICY', 'CREATE_POLICY', 'DROP_POLICY', 'SHOW_USER']
Graph privileges: {}
Property privileges: {"node":{"read":[],"write":[],"deny":[]},"edge":{"read":[],"write":[],"deny":[]}}
Policies: ['operator']
createUser()
在实例上创建一个数据库用户。
参数:
CreateUser
:待创建的用户;必须设定username
字段和password
字段,systemPrivileges
字段、graphPrivileges
字段、propertyPrivilege
字段和policies
字段可选。RequestConfig
(可选):配置请求。
返回值:
UltipaResponse
:请求的结果。
# 创建用户pythonUser并打印错误代码
createUser = CreateUser(
username="pythonUser",
password="@#pythonUser",
systemPrivileges=["SHOW_GRAPH", "TRUNCATE"],
graphPrivileges={
"miniCircle": ["FIND", "SPREAD", "AUTONET", "AB", "TEMPLATE", "KHOP"],
"lcc": ["UPDATE", "INSERT", "DELETE", "UPSERT"]
},
propertyPrivileges={
"node": {
"read": [
["miniCircle", "account", "*"],
["miniCircle", "movie", "name"]
],
"write": [
["lcc", "*", "*"]
]
},
"edge": {
"read": [
["*", "*", "*"]
],
"write": [
["miniCircle", "*", "*"]
]
}
},
policies=["manager"]
)
response = Conn.createUser(createUser)
print(response.status.code)
0
alterUser()
根据用户名,修改实例中已有数据库用户的密码、系统权限、图权限、属性权限和策略。
参数:
AlterUser
待修改的用户;必须设定username
字段和password
字段,systemPrivileges
字段、graphPrivileges
字段、propertyPrivilege
字段和policies
字段可选。RequestConfig
(可选):配置请求。
返回值:
UltipaResponse
:请求的结果。
# 修改用户pythonUser并打印错误代码
user = AlterUser(
username="pythonUser",
password="!!@#pythonUser",
systemPrivileges=["SHOW_GRAPH"],
graphPrivileges={
"miniCircle": ["FIND"],
"lcc": ["UPDATE"]
},
policies=["operator"]
)
response = Conn.alterUser(user)
print(response.status.code)
0
dropUser()
根据用户名从实例中删除数据库用户。
参数:
str
: 用户名。RequestConfig
(可选):配置请求。
返回值:
UltipaResponse
:请求的结果。
# 删除用户pythonUser并打印错误代码
response = Conn.dropUser("pythonUser")
print(response.status.code)
0
grantPolicy()
为实例中的数据库用户授予系统权限、图权限、属性权限和策略。
参数:
str
:用户名。dict
:待授予的图权限;设定为null
可跳过图权限授予。List[str]
:待授予的系统权限;设定为null
可跳过系统权限授予。List[str]
:待授予的策略;设定为null
可跳过策略授予。dict
:待授予的属性权限;设定为null
可跳过属性权限授予。RequestConfig
(Optional): Configuration settings for the request.
返回值:
UltipaResponse
(可选):配置请求。
graphPrivileges = {
"miniCircle": ["FIND", "SPREAD", "AUTONET", "AB", "TEMPLATE", "KHOP"],
"default": ["UPDATE", "INSERT", "DELETE", "UPSERT"]
}
systemPrivileges = ["SHOW_GRAPH", "TRUNCATE"]
propertyPrivileges = {
"node": {
"read": [
["miniCircle", "account", "*"],
["miniCircle", "movie", "name"]
],
"write": [
["lcc", "*", "*"]
]
},
"edge": {
"read": [
["*", "*", "*"]
],
"write": [
["miniCircle", "*", "*"]
]
}
}
policies = ["operator", "manager"]
response1 = Conn.grantPolicy("johndoe", graphPrivileges)
print(response1.status.code)
response2 = Conn.grantPolicy("Tester", graphPrivileges, systemPrivileges, policies, propertyPrivileges)
print(response2.status.code)
0
0
revokePolicy()
撤销实例中的数据库用户的系统权限、图权限、属性权限和策略。
参数:
str
:用户名。dict
:待撤销的图权限;设定为null
可跳过图权限撤销。List[str]:待撤销的系统权限;设定为
null`可跳过系统权限撤销。List[str]
:待撤销的策略;设定为null
可跳过策略撤销。dict
:待撤销的属性权限;设定为null
可跳过属性权限撤销。RequestConfig
(可选):配置请求。
返回值:
UltipaResponse
:请求的结果。
graphPrivileges = {
"miniCircle": ["FIND", "SPREAD", "AUTONET", "AB", "TEMPLATE", "KHOP"],
"default": ["UPDATE", "INSERT", "DELETE", "UPSERT"]
}
systemPrivileges = ["SHOW_GRAPH", "TRUNCATE"]
propertyPrivileges = {
"node": {
"read": [
["miniCircle", "account", "*"],
["miniCircle", "movie", "name"]
],
"write": [
["lcc", "*", "*"]
]
},
"edge": {
"read": [
["*", "*", "*"]
],
"write": [
["miniCircle", "*", "*"]
]
}
}
policies = ["operator", "manager"]
response1 = Conn.revokePolicy("johndoe", graphPrivileges)
print(response1.status.code)
response2 = Conn.revokePolicy("Tester", graphPrivileges, systemPrivileges, policies, propertyPrivileges)
print(response2.status.code)
0
0
完整示例
from ultipa import Connection, UltipaConfig
ultipaConfig = UltipaConfig()
# URI 示例: ultipaConfig.hosts = ["mqj4zouys.us-east-1.cloud.ultipa.com:60010"]
ultipaConfig.hosts = ["192.168.1.85:60061", "192.168.1.87:60061", "192.168.1.88:60061"]
ultipaConfig.username = "<username>"
ultipaConfig.password = "<password>"
Conn = Connection.NewConnection(defaultConfig=ultipaConfig)
# 获取全部策略并打印其信息
policyList = Conn.showPolicy()
for policy in policyList:
print("Policy", policy.name, "include:")
print("- System privileges:", policy.systemPrivileges)
print("- Graph privileges:", policy.graphPrivileges)
print("- Property privileges:", policy.propertyPrivileges)
print("- Policies:", policy.policies)