User rights Management|V3.3.3|OceanBase TuGraph| docs|Distributed Database

User rights Management

Last Updated：2023-06-25 03:23:24 Updated

The permissions of TuGraph are managed based on role-based access control. The permissions that define access control are assigned to roles, and the roles are then assigned to users.

Level of permissions

Global layer: indicates global permissions, which have permissions for management and graph operations.
Graph layer: control permissions on each graph;
Property level (Commercial version only) : control permissions on a property

Permission keyword

At present, the control of permissions is relatively simple

The Global layer currently has admin permission, and the admin user is preset.

The Graph layer has four operation permissions: none, read, write, and full

none: No permission, no operation permission for the graph
read: Read-only permission, only has read permission for the graph
write: Read and write permission, not only has read permission for the graph, but also has write permission
full: All permissions, not only have read and write permissions for graphs, but also have permissions to delete graphs, modify graphs, and modify schemas

The Property layer (Commercial version only) has the following permissions: none, read, and write

none: No permission, no operation permission for the property
read: Read-only permission, only has read permission for the property
write: Read and write permission, not only has read permission for the property, but also has write permission

Common permission operations

User action

Creating a user

CALL dbms.security.createUser(user_name::STRING,password::STRING)

Deleting a user

CALL dbms.security.deleteUser(user_name::STRING)

Change the password of the current user

CALL dbms.security.changePassword(current_password::STRING,new_password::STRING)

Changes the password of a specified user


CALL dbms.security.changeUserPassword(user_name::STRING,new_password::STRING)

Disable or enable a user

CALL dbms.security.disableUser(user::STRING,disable::BOOLEAN)

List all users

CALL dbms.security.listUsers()

Lists the current user information

CALL dbms.security.showCurrentUser()

Obtain user details

CALL dbms.security.getUserInfo(user::STRING)

# Role actions

Create a role

CALL dbms.security.createRole(role_name::STRING,desc::STRING)

Delete a role

CALL dbms.security.deleteRole(role_name::STRING

List all characters

CALL dbms.security.listRoles()

Disable or enable the role

CALL dbms.security.disableRole(role::STRING,disable::BOOLEAN)

Assign roles to users

Adds the association between the user and the role

CALL dbms.security.addUserRoles(user::STRING,roles::LIST)

Deletes the association between the user and the role

CALL dbms.security.deleteUserRoles(user::STRING,roles::LIST)

Clears the relationship between user roles and rebuilds them

CALL dbms.security.rebuildUserRoles(user::STRING,roles::LIST)

Role empowerment

Modifies the access permission of a role to a specified graph

CALL dbms.security.modSpecifiedAccessLevel(role::STRING,access_level::MAP)

User rights Management

Introduce

Level of permissions

Permission keyword

Common permission operations

User action

# Role actions

Assign roles to users

Role empowerment