概述
数据库用户可以访问数据库系统,在给定的权限范围内执行各种查询和管理操作。
显示用户
获取所有数据库用户:
show().user()
获取指定用户信息,如用户root
的信息:
show().user("root")
获取当前登录的用户信息:
show().self()
语句返回表格_user
,包含以下字段:
字段 |
描述 |
---|---|
username |
用户名 |
create |
用户创建的日期和时间 |
graphPrivileges |
分配给用户的图集权限 |
systemPrivileges |
分配给用户的系统权限 |
propertyPrivileges |
分配给用户的属性权限 |
policies |
分配给用户的策略 |
创建用户
使用语句create().user().params()
创建数据库用户。
语法
create().user("<username>", "<password>").params({
graph_privileges: {
"<graph>": ["<graphPriv>", "<graphPriv>", ...],
...
},
system_privileges: ["<systemPriv>", "<systemPriv>", ...],
property_privileges: {
"node": {
"<propertyPriv>": [
["<graph>", "<schema>", "<property>"],
...
],
...
},
"edge": {
"<propertyPriv>": [
["<graph>", "<schema>", "<property>"],
...
],
...
}
},
policies: ["<policyName>", "<policyName>", ...]
})
方法 | 参数 | 描述 |
---|---|---|
user() |
<name> |
用户名,需唯一。命名规范:
|
<password> |
用户密码,长度必须在6到64个字符之间 | |
params() |
graph_privileges |
为各图集指定图集权限,分配给用户;使用"*" 指定所有图集 |
system_privileges |
指定分配给用户的系统权限 | |
property_privileges |
指定分配给用户的点 属性权限和边 属性权限;使用["*", "*", "*"] 指定所有图集、所有schema和所有属性 |
|
policies |
指定分配给用户的策略 |
示例
创建名为admin
的用户,为其分配所有图集权限和系统权限,以及对所有属性的write
权限,但不包含其他策略:
create().user("admin", "U7MRDBFXd2Ab").params({
graph_privileges: {"*":["READ","INSERT","UPSERT","UPDATE","DELETE","CREATE_SCHEMA","DROP_SCHEMA","ALTER_SCHEMA","SHOW_SCHEMA","RELOAD_SCHEMA","CREATE_PROPERTY","DROP_PROPERTY","ALTER_PROPERTY","SHOW_PROPERTY","CREATE_FULLTEXT","DROP_FULLTEXT","SHOW_FULLTEXT","CREATE_INDEX","DROP_INDEX","SHOW_INDEX","LTE","UFE","CLEAR_JOB","STOP_JOB","SHOW_JOB","ALGO","CREATE_PROJECT","SHOW_PROJECT","DROP_PROJECT","CREATE_HDC_GRAPH","SHOW_HDC_GRAPH","DROP_HDC_GRAPH","COMPACT_HDC_GRAPH"]},
system_privileges: ["TRUNCATE","COMPACT","CREATE_GRAPH","SHOW_GRAPH","DROP_GRAPH","ALTER_GRAPH","TOP","KILL","STAT","SHOW_POLICY","CREATE_POLICY","DROP_POLICY","ALTER_POLICY","SHOW_USER","CREATE_USER","DROP_USER","ALTER_USER","SHOW_PRIVILEGE","SHOW_META","SHOW_SHARD","ADD_SHARD","DELETE_SHARD","SHOW_HDC_SERVER","ADD_HDC_SERVER","DELETE_HDC_SERVER","LICENSE_UPDATE","LICENSE_DUMP"],
property_privileges: {
"node": {"write": [["*", "*", "*"]]},
"edge": {"write": [["*", "*", "*"]]}
}
})
创建名为johndoe
的用户,为其分配以下权限:
- 图集权限:对所有图集的
UPDATE
权限 - 系统权限:
SHOW_POLICY
,ALTER_GRAPH
- 属性权限:
- 对所有图集所有schema所有点属性的
read
权限 - 对图集
Tax
所有schema下的边属性value
和time
的write
权限 - 图集
miniCircle
中,名为rate
的schema下,对边属性score
的deny
权限(即不允许read
和write
权限)
- 对所有图集所有schema所有点属性的
- 策略:
manager
create().user("johndoe", "mHMUUjQWG46z").params({
graph_privileges: {"*": ["UPDATE"]},
system_privileges: ["SHOW_POLICY", "ALTER_GRAPH"],
property_privileges: {
"node": {
"read": [
["*", "*", "*"]
]
},
"edge": {
"write": [
["Tax", "*", "value"],
["Tax", "*", "time"]
],
"deny": [
["miniCircle", "rates", "score"]
]
}
},
policies: ["manager"]
})
修改用户
使用语句alter().user().set()
可以修改用户密码和分配给用户的权限及策略。
语法
alter().user("<username>").set({
password: "<password>",
graph_privileges: {
"<graph>": ["<graphPriv>", "<graphPriv>", ...],
...
},
system_privileges: ["<systemPriv>", "<systemPriv>", ...],
property_privileges: {
"node": {
"<propertyPriv>": [
["<graph>", "<schema>", "<property>"],
...
],
...
},
"edge": {
"<propertyPriv>": [
["<graph>", "<schema>", "<property>"],
...
],
...
}
},
policies: ["<policyName>", "<policyName>", ...]
})
方法 | 参数 | 描述 |
---|---|---|
user() |
<username> |
用户名 |
set() |
<password> |
用户密码,长度必须在6到64个字符之间 |
graph_privileges |
指定各图集下新分配给用户的图集权限;使用"*" 指定所有图集 |
|
system_privileges |
指定新分配给用户的系统权限 | |
policies |
指定新分配给用户的策略 | |
property_privileges |
指定新分配给用户的点 属性权限和边 属性权限;使用["*", "*", "*"] 指定所有图集、所有schema和所有属性 |
示例
修改用户admin
的密码,保持其权限和策略不变:
alter().user("admin").set({password: "zdcsQ7QFaCCE"})
修改用户johndoe
的图集权限和属性权限,保持其密码和系统权限不变:
alter().user("johndoe").set({
graph_privileges: {"*": ["UPDATE", "DELETE"]},
property_privileges: {
"node": {
"write": [["miniCircle","*","*"]]
},
"edge": {
"write": [["miniCircle","*","*"]]
}
},
policies: ["sales"]
})
删除用户
使用语句drop().user()
删除用户。
删除用户johndoe
:
drop().user("johndoe")