Introduce
The permissions of TuGraph are managed based on role-based access control. The permissions that define access control are assigned to roles, and the roles are then assigned to users.
Level of permissions
- Global layer: indicates global permissions, which have permissions for management and graph operations.
- Graph layer: control permissions on each graph;
- Property level (Commercial version only) : control permissions on a property
Permission keyword
At present, the control of permissions is relatively simple
- The Global layer currently has admin permission, and the admin user is preset.
- The Graph layer has four operation permissions: none, read, write, and full
- none: No permission, no operation permission for the graph
- read: Read-only permission, only has read permission for the graph
- write: Read and write permission, not only has read permission for the graph, but also has write permission
- full: All permissions, not only have read and write permissions for graphs, but also have permissions to delete graphs, modify graphs, and modify schemas
- The Property layer (Commercial version only) has the following permissions: none, read, and write
- none: No permission, no operation permission for the property
- read: Read-only permission, only has read permission for the property
- write: Read and write permission, not only has read permission for the property, but also has write permission
Common permission operations
User action
- Creating a user
CALL dbms.security.createUser(user_name::STRING,password::STRING)
- Deleting a user
CALL dbms.security.deleteUser(user_name::STRING)
- Change the password of the current user
CALL dbms.security.changePassword(current_password::STRING,new_password::STRING)
- Changes the password of a specified user
CALL dbms.security.changeUserPassword(user_name::STRING,new_password::STRING)
- Disable or enable a user
CALL dbms.security.disableUser(user::STRING,disable::BOOLEAN)
- List all users
CALL dbms.security.listUsers()
- Lists the current user information
CALL dbms.security.showCurrentUser()
- Obtain user details
CALL dbms.security.getUserInfo(user::STRING)
# Role actions
- Create a role
CALL dbms.security.createRole(role_name::STRING,desc::STRING)
- Delete a role
CALL dbms.security.deleteRole(role_name::STRING
- List all characters
CALL dbms.security.listRoles()
- Disable or enable the role
CALL dbms.security.disableRole(role::STRING,disable::BOOLEAN)
Assign roles to users
- Adds the association between the user and the role
CALL dbms.security.addUserRoles(user::STRING,roles::LIST)
- Deletes the association between the user and the role
CALL dbms.security.deleteUserRoles(user::STRING,roles::LIST)
- Clears the relationship between user roles and rebuilds them
CALL dbms.security.rebuildUserRoles(user::STRING,roles::LIST)
Role empowerment
- Modifies the access permission of a role to a specified graph
CALL dbms.security.modSpecifiedAccessLevel(role::STRING,access_level::MAP)