本节介绍用于控制数据库、图和数据权限的方法。
权限
showPrivilege()
获取全部系统权限和图集权限。
参数
config: RequestConfig(可选):请求配置。
返回值
Privilege[]:获取的权限列表。
// Retrieves all system privileges and graph privileges
const privileges = await conn.showPrivilege();
const graphPriviledgeNames = privileges
.filter((p) => p.level === PrivilegeLevel.GraphLevel)
.map((p) => p.name)
.join(", ");
console.log("Graph privileges: " + graphPriviledgeNames);
const systemPriviledgeNames = privileges
.filter((p) => p.level === PrivilegeLevel.SystemLevel)
.map((p) => p.name)
.join(", ");
console.log("System privileges: " + systemPriviledgeNames);
Graph privileges: ['READ', 'INSERT', 'UPSERT', 'UPDATE', 'DELETE', 'CREATE_SCHEMA', 'DROP_SCHEMA', 'ALTER_SCHEMA', 'SHOW_SCHEMA', 'RELOAD_SCHEMA', 'CREATE_PROPERTY', 'DROP_PROPERTY', 'ALTER_PROPERTY', 'SHOW_PROPERTY', 'CREATE_FULLTEXT', 'DROP_FULLTEXT', 'SHOW_FULLTEXT', 'CREATE_INDEX', 'DROP_INDEX', 'SHOW_INDEX', 'LTE', 'UFE', 'CLEAR_JOB', 'STOP_JOB', 'SHOW_JOB', 'ALGO', 'CREATE_PROJECT', 'SHOW_PROJECT', 'DROP_PROJECT', 'CREATE_HDC_GRAPH', 'SHOW_HDC_GRAPH', 'DROP_HDC_GRAPH', 'COMPACT_HDC_GRAPH', 'SHOW_VECTOR_INDEX', 'CREATE_VECTOR_INDEX', 'DROP_VECTOR_INDEX', 'SHOW_CONSTRAINT', 'CREATE_CONSTRAINT', 'DROP_CONSTRAINT']
System privileges: ['TRUNCATE', 'COMPACT', 'CREATE_GRAPH', 'SHOW_GRAPH', 'DROP_GRAPH', 'ALTER_GRAPH', 'TOP', 'KILL', 'STAT', 'SHOW_POLICY', 'CREATE_POLICY', 'DROP_POLICY', 'ALTER_POLICY', 'SHOW_USER', 'CREATE_USER', 'DROP_USER', 'ALTER_USER', 'SHOW_PRIVILEGE', 'SHOW_META', 'SHOW_SHARD', 'ADD_SHARD', 'DELETE_SHARD', 'REPLACE_SHARD', 'SHOW_HDC_SERVER', 'ADD_HDC_SERVER', 'DELETE_HDC_SERVER', 'LICENSE_UPDATE', 'LICENSE_DUMP', 'GRANT', 'REVOKE', 'SHOW_BACKUP', 'CREATE_BACKUP', 'SHOW_VECTOR_SERVER', 'ADD_VECTOR_SERVER', 'DELETE_VECTOR_SERVER']
Policy (Role)
showPolicy()
获取数据库中的全部策略。
参数
config: RequestConfig(可选):请求配置。
返回值
Policy[]:获取的策略列表。
// Retrieves all policies
const policies = await conn.showPolicy();
for (const policy of policies) {
console.log(policy.name);
}
manager
Tester
sales
superADM
getPolicy()
获取数据库中一个指定的策略。
参数
policyName: string:策略名称。config: RequestConfig(可选):请求配置。
返回值
Policy:获取的策略。
// Retrieves the policy 'Tester'
const policy = await conn.getPolicy("Tester")
console.log("Graph privileges: ", policy.graphPrivileges);
console.log("System privileges: ", policy.systemPrivileges);
console.log("Property privileges:");
console.log("- Node (Read): ", policy.propertyPrivileges?.node?.read);
console.log("- Node (Write): ", policy.propertyPrivileges?.node?.write);
console.log("- Node (Deny): ", policy.propertyPrivileges?.node?.deny);
console.log("- Edge (Read): ", policy.propertyPrivileges?.edge?.read);
console.log("- Edge (Write): ", policy.propertyPrivileges?.edge?.write);
console.log("- Edge (Deny): ", policy.propertyPrivileges?.edge?.deny);
console.log("Policies: ", policy.policies);
Graph Privileges: Map(2) {
'amz' => [ 'ALGO', 'DROP_FULLTEXT', 'INSERT', 'DELETE', 'UPSERT'],
'StoryGraph' => [ 'UPDATE', 'READ' ]
}
System Privileges: ['TRUNCATE', 'KILL', 'TOP']
Property Privileges:
- Node (Read): [['*', '*', '*']]
- Node (Write): []
- Node (Deny): []
- Edge (Read): []
- Edge (Write): [['amz', '*', '*'], ['alimama', '*', '*']]
- Edge (Deny): [['miniCircle', 'review', 'value, timestamp']]
Policies: ['sales', 'manager']
createPolicy()
在数据库中创建一个策略。
参数
policy: Policy:待创建的策略;name属性必填,systemPrivileges、graphPrivileges、propertyPrivilege和policies选填。config: RequestConfig(可选):请求配置。
返回值
Response:请求结果。
// Create a new policy 'operator'
const graphPrivileges = new Map<string, string[]>();
graphPrivileges.set("lcc", ["UPDATE", "INSERT", "DELETE", "UPSERT"]);
const propertyPrivilege = {
node: {
read: [
["miniCircle", "account", "*"],
["miniCircle", "movie", "name"],
],
write: [["lcc", "*", "*"]],
},
edge: { read: [["*", "*", "*"]], deny: [["miniCircle", "*", "*"]] },
};
const policy: Policy = {
name: "operator",
systemPrivileges: ["SHOW_GRAPH", "TRUNCATE"],
graphPrivileges: graphPrivileges,
propertyPrivileges: propertyPrivilege,
policies: ["manager", "sales"],
};
const response = await conn.createPolicy(policy);
console.log(response.status?.message);
SUCCESS
alterPolicy()
修改一个策略中包含的权限和策略。请留意,只有指定的属性会被修改,其余保持不变。
参数
policy: Policy:用于设置新的systemPrivileges、graphPrivileges、propertyPrivilege和policies的Policy对象,通过name属性指定策略。config: RequestConfig(可选):请求配置。
返回值
Response:请求结果。
// Alters the policy 'operator'
const policy: Policy = {
name: "operator",
systemPrivileges: ["CREATE_GRAPH","SHOW_GRAPH","SHOW_GRAPH","TRUNCATE"],
policies: ["manager"],
};
const response = await conn.alterPolicy(policy);
console.log(response.status?.message);
SUCCESS
dropPolicy()
删除数据库中一个指定的策略。
参数
policyName: string:策略名称。config: RequestConfig(可选):请求配置。
返回值
Response:请求结果。
// Drops the policy 'operator'
const response = await conn.dropPolicy("operator");
console.log(response.status?.message);
SUCCESS
用户
showUser()
获取全部数据库用户。
参数
config: RequestConfig(可选):请求配置。
返回值
User[]:获取的用户列表。
// Retrieves all database users
const users = await conn.showUser();
for(const user of users){
console.log(user.username)
}
johndoe
root
admin
getUser()
获取一个指定的数据库用户。
参数
username: string:用户名。config: RequestConfig(可选):请求配置。
返回值
User:用户名。
// Retrieves the database user 'johndoe'
const user = await conn.getUser("root");
console.log("CreatedTime: ", user.createdTime);
console.log("Graph privileges: ", user.graphPrivileges);
console.log("System privileges: ", user.systemPrivileges);
console.log("Property privileges:");
console.log("- Node (Read): ", user.propertyPrivileges?.node?.read);
console.log("- Node (Write): ", user.propertyPrivileges?.node?.write);
console.log("- Node (Deny): ", user.propertyPrivileges?.node?.deny);
console.log("- Edge (Read): ", user.propertyPrivileges?.edge?.read);
console.log("- Edge (Write): ", user.propertyPrivileges?.edge?.write);
console.log("- Edge (Deny): ", user.propertyPrivileges?.edge?.deny);
console.log("Policies: ", user.policies);
Created Time: 2025-04-02 11:08:38
Graph Privileges: {'amz': ['ALGO', 'INSERT', 'DELETE', 'UPSERT'], 'StoryGraph': ['UPDATE', 'READ']}
System Privileges: ['TRUNCATE', 'KILL', 'TOP']
Property Privileges:
- Node (Read): [['*', '*', '*']]
- Node (Write): []
- Node (Deny): []
- Edge (Read): []
- Edge (Write): [['amz', '*', '*'], ['alimama', '*', '*']]
- Edge (Deny): [['miniCircle', 'review', 'value, timestamp']]
Policies: ['sales', 'manager']
createUser()
创建一个数据库用户。
参数
user: User:待创建的用户;username和password属性必填,systemPrivileges、graphPrivileges、propertyPrivilege和policies选填。config: RequestConfig(可选):请求配置。
返回值
Response:请求结果。
// Creates a new user 'user01'
const graphPrivileges = new Map<string, string[]>();
graphPrivileges.set("lcc", ["UPDATE", "INSERT", "DELETE", "UPSERT"]);
const propertyPrivilege = {
node: {
read: [
["miniCircle", "account", "*"],
["miniCircle", "movie", "name"],
],
write: [["lcc", "*", "*"]],
},
edge: { read: [["*", "*", "*"]], deny: [["miniCircle", "*", "*"]] },
};
const user : User ={
username: "user01",
password: "U7MRDBFXd2Ab",
systemPrivileges:["CREATE_GRAPH","SHOW_GRAPH","SHOW_GRAPH","TRUNCATE"],
graphPrivileges:graphPrivileges,
propertyPrivileges: propertyPrivilege,
policies:["manager", "sales"],
}
const response = await conn.createUser(user);
console.log(response.status?.message)
SUCCESS
alterUser()
修改一个用户的密码、权限和策略。请留意,只有指定的属性会被修改,其余保持不变。
参数
user: User:用于设置新的password、systemPrivileges、graphPrivileges、propertyPrivilege和policies的User对象,通过username属性指定用户。config: RequestConfig(可选):请求配置。
返回值
Response:请求结果。
// Alters the user 'user01'
const user: User = {
username: "user01",
systemPrivileges: ["CREATE_GRAPH", "SHOW_GRAPH", "SHOW_GRAPH", "TRUNCATE"],
policies: ["manager"],
};
const response = await conn.alterUser(user);
console.log(response.status?.message);
SUCCESS
dropUser()
删除一个指定的数据库用户。
参数
username: string:用户名。config: RequestConfig(可选):请求配置。
返回值
Response:请求结果。
// Drops the user 'user01'
const response = await conn.dropUser("user01");
console.log(response.status?.message);
SUCCESS
完整示例
import { UltipaDriver } from "@ultipa-graph/ultipa-driver";
import { ULTIPA } from "@ultipa-graph/ultipa-driver/dist/types";
import { Policy } from "@ultipa-graph/ultipa-driver/dist/types/types";
let sdkUsage = async () => {
// URI example: ultipaConfig.hosts: ["mqj4zouys.us-east-1.cloud.ultipa.com:60010"]
const ultipaConfig: ULTIPA.UltipaConfig = {
hosts: ["192.168.1.85:60061", "192.168.1.87:60061", "192.168.1.88:60061"],
username: "<username>",
password: "<password>"
};
const conn = new UltipaDriver(ultipaConfig);
const isSuccess = await conn.test();
console.log(`Connection succeeds: ${isSuccess}`);
// Create a new policy 'operator'
const graphPrivileges = new Map<string, string[]>();
graphPrivileges.set("lcc", ["UPDATE", "INSERT", "DELETE", "UPSERT"]);
const propertyPrivilege = {
node: {
read: [
["miniCircle", "account", "*"],
["miniCircle", "movie", "name"],
],
write: [["lcc", "*", "*"]],
},
edge: { read: [["*", "*", "*"]], deny: [["miniCircle", "*", "*"]] },
};
const policy: Policy = {
name: "operator",
systemPrivileges: ["SHOW_GRAPH", "TRUNCATE"],
graphPrivileges: graphPrivileges,
propertyPrivileges: propertyPrivilege,
policies: ["manager", "sales"],
};
const response = await conn.createPolicy(policy);
console.log(response.status?.message);
};
sdkUsage().catch(console.error);