本节介绍用于控制数据库、图和数据权限的方法。
权限
ShowPrivilege()
获取全部系统权限和图集权限。
参数
confg: *configuration.RequestConfig(可选):请求配置。
返回值
[]*structs.Privilege:获取的权限的指针切片。error:包含操作过程中遇到的任何问题的错误对象;如果操作成功,则返回nil。
// Retrieves all system privileges and graph privileges
response, _ := driver.Uql("show().privilege()", nil)
privileges, _ := response.Alias("_privilege").AsPrivileges()
var graphPrivileges []string
var systemPrivileges []string
for _, privilege := range privileges {
if privilege.Level == structs.GraphPrivilege {
graphPrivileges = append(graphPrivileges, privilege.Name)
} else {
systemPrivileges = append(systemPrivileges, privilege.Name)
}
}
fmt.Println("Graph Privileges:", graphPrivileges)
fmt.Println("System Privileges:", systemPrivileges)
Graph Privileges: [READ INSERT UPSERT UPDATE DELETE CREATE_SCHEMA DROP_SCHEMA ALTER_SCHEMA SHOW_SCHEMA RELOAD_SCHEMA CREATE_PROPERTY DROP_PROPERTY ALTER_PROPERTY SHOW_PROPERTY CREATE_FULLTEXT DROP_FULLTEXT SHOW_FULLTEXT CREATE_INDEX DROP_INDEX SHOW_INDEX LTE UFE CLEAR_JOB STOP_JOB SHOW_JOB ALGO CREATE_PROJECT SHOW_PROJECT DROP_PROJECT CREATE_HDC_GRAPH SHOW_HDC_GRAPH DROP_HDC_GRAPH COMPACT_HDC_GRAPH SHOW_VECTOR_INDEX CREATE_VECTOR_INDEX DROP_VECTOR_INDEX SHOW_CONSTRAINT CREATE_CONSTRAINT DROP_CONSTRAINT]
System Privileges: [TRUNCATE COMPACT CREATE_GRAPH SHOW_GRAPH DROP_GRAPH ALTER_GRAPH CREATE_GRAPH_TYPE SHOW_GRAPH_TYPE DROP_GRAPH_TYPE TOP KILL STAT SHOW_POLICY CREATE_POLICY DROP_POLICY ALTER_POLICY SHOW_USER CREATE_USER DROP_USER ALTER_USER SHOW_PRIVILEGE SHOW_META SHOW_SHARD ADD_SHARD DELETE_SHARD REPLACE_SHARD SHOW_HDC_SERVER ADD_HDC_SERVER DELETE_HDC_SERVER LICENSE_UPDATE LICENSE_DUMP GRANT REVOKE SHOW_BACKUP CREATE_BACKUP SHOW_VECTOR_SERVER ADD_VECTOR_SERVER DELETE_VECTOR_SERVER]
策略(角色)
ShowPolicy()
获取数据库中的全部策略。
参数
confg: *configuration.RequestConfig(可选):请求配置。
返回值
[]*structs.Policy:获取的策略的指针切片。error:包含操作过程中遇到的任何问题的错误对象;如果操作成功,则返回nil。
// Retrieves all policies
policies, _ := driver.ShowPolicy(nil)
for _, policy := range policies {
fmt.Println(policy.Name)
}
manager
Tester
sales
superADM
GetPolicy()
获取数据库中一个指定的策略。
参数
policyName: string:策略名称。confg: *configuration.RequestConfig(可选):请求配置。
返回值
*structs.Policy:获取的策略。error:包含操作过程中遇到的任何问题的错误对象;如果操作成功,则返回nil。
// Retrieves the policy 'Tester'
policy, _ := driver.GetPolicy("Tester", nil)
fmt.Println("Graph Privileges:", policy.GraphPrivileges)
fmt.Println("System Privileges:", policy.SystemPrivileges)
fmt.Println("Property Privileges:")
fmt.Println("- Node (Read):", policy.PropertyPrivileges.Node.Read)
fmt.Println("- Node (Write):", policy.PropertyPrivileges.Node.Write)
fmt.Println("- Node (Deny):", policy.PropertyPrivileges.Node.Deny)
fmt.Println("- Edge (Read):", policy.PropertyPrivileges.Edge.Read)
fmt.Println("- Edge (Write):", policy.PropertyPrivileges.Edge.Write)
fmt.Println("- Edge (Deny):", policy.PropertyPrivileges.Edge.Deny)
fmt.Println("Policies:", policy.Policies)
Graph Privileges: map[*:[SHOW_PROPERTY READ SHOW_SCHEMA] alimama:[SHOW_JOB SHOW_INDEX] trans:[SHOW_JOB SHOW_INDEX]]
System Privileges: [ALTER_GRAPH SHOW_GRAPH]
Property Privileges:
- Node (Read): [[* * *]]
- Node (Write): []
- Node (Deny): []
- Edge (Read): [[alimama * timestamp]]
- Edge (Write): [[alimama edgx behavior] [alimama edgx timestamp]]
- Edge (Deny): []
Policies: [manager]
CreatePolicy()
在数据库中创建一个策略。
参数
policy: Policy:待创建的策略;Name字段必填,SystemPrivileges、GraphPrivileges、PropertyPrivilege和Policies选填。confg: *configuration.RequestConfig(可选):请求配置。
返回值
Response:请求结果。error:包含操作过程中遇到的任何问题的错误对象;如果操作成功,则返回nil。
// Creates a new policy 'operator'
response, _ := driver.CreatePolicy(&structs.Policy{
Name: "operator",
SystemPrivileges: []string{"SHOW_GRAPH", "TRUNCATE"},
GraphPrivileges: structs.GraphPrivileges{
"lcc": []string{"UPDATE", "INSERT", "DELETE", "UPSERT"},
},
PropertyPrivileges: structs.PropertyPrivileges{
Node: structs.PropertyPrivilegeElement{
Read: [][]string{
{"miniCircle", "account", "*"},
{"miniCircle", "movie", "name"},
},
Write: [][]string{
{"lcc", "*", "*"},
},
},
Edge: structs.PropertyPrivilegeElement{
Read: [][]string{
{"*", "*", "*"},
},
Deny: [][]string{
{"miniCircle", "*", "*"},
},
},
},
Policies: []string{"manager", "sales"},
}, nil)
fmt.Println(response.Status.Code)
SUCCESS
AlterPolicy()
修改一个策略中包含的权限和策略。请留意,只有指定的属性会被修改,其余保持不变。
参数
policy: *structs.Policy:用于设置新的SystemPrivileges、GraphPrivileges、PropertyPrivilege和Policies的指向Policy结构体的指针,通过Name字段指定策略。confg: *configuration.RequestConfig(可选):请求配置。
返回值
Response:请求结果。error:包含操作过程中遇到的任何问题的错误对象;如果操作成功,则返回nil。
// Alters the policy 'operator'
response, _ := driver.AlterPolicy(&structs.Policy{
Name: "operator",
SystemPrivileges: []string{"CREATE_GRAPH", "SHOW_GRAPH", "SHOW_GRAPH", "TRUNCATE"},
Policies: []string{"manager"},
}, nil)
fmt.Println(response.Status.Code)
SUCCESS
DropPolicy()
删除数据库中一个指定的策略。
参数
policyName: string:策略名称。confg: *configuration.RequestConfig(可选):请求配置。
返回值
Response:请求结果。error:包含操作过程中遇到的任何问题的错误对象;如果操作成功,则返回nil。
// Drops the policy 'operator'
response, _ := driver.DropPolicy("operator", nil)
fmt.Println(response.Status.Code)
SUCCESS
User
ShowUser()
获取全部数据库用户。
参数
confg: *configuration.RequestConfig(可选):请求配置。
返回值
[]*structs.User:获取的用户的指针切片。error:包含操作过程中遇到的任何问题的错误对象;如果操作成功,则返回nil。
// Retrieves all database users
users, _ := driver.ShowUser(nil)
for _, user := range users {
fmt.Println(user.UserName)
}
johndoe
root
admin
GetUser()
获取一个指定的数据库用户。
参数
username: string:用户名。confg: *configuration.RequestConfig(可选):请求配置。
返回值
*structs.User:获取的用户。error:包含操作过程中遇到的任何问题的错误对象;如果操作成功,则返回nil。
// Retrieves the database user 'johndoe'
user, _ := driver.GetUser("johndoe", nil)
fmt.Println("Created Time:", user.CreatedTime)
fmt.Println("Graph Privileges:", user.GraphPrivileges)
fmt.Println("System Privileges:", user.SystemPrivileges)
fmt.Println("Property Privileges:")
fmt.Println("- Node (Read):", user.PropertyPrivileges.Node.Read)
fmt.Println("- Node (Write):", user.PropertyPrivileges.Node.Write)
fmt.Println("- Node (Deny):", user.PropertyPrivileges.Node.Deny)
fmt.Println("- Edge (Read):", user.PropertyPrivileges.Edge.Read)
fmt.Println("- Edge (Write):", user.PropertyPrivileges.Edge.Write)
fmt.Println("- Edge (Deny):", user.PropertyPrivileges.Edge.Deny)
fmt.Println("Policies:", user.Policies)
Created Time: 2025-04-02T11:08:38.000+08:00
Graph Privileges: map[*:[SHOW_PROPERTY READ SHOW_SCHEMA] alimama:[SHOW_JOB SHOW_INDEX] trans:[SHOW_JOB SHOW_INDEX]]
System Privileges: [ALTER_GRAPH SHOW_GRAPH]
Property Privileges:
- Node (Read): [[* * *]]
- Node (Write): []
- Node (Deny): []
- Edge (Read): [[alimama * timestamp]]
- Edge (Write): [[alimama edgx behavior] [alimama edgx timestamp]]
- Edge (Deny): []
Policies: [manager]
CreateUser()
创建一个数据库用户。
参数
user: *structs.User:待创建的用户;Username和Password字段必填,SystemPrivileges、GraphPrivileges、PropertyPrivilege和Policies选填。confg: *configuration.RequestConfig(可选):请求配置。
返回值
Response:请求结果。error:包含操作过程中遇到的任何问题的错误对象;如果操作成功,则返回nil。
// Creates a new user 'user01'
response, _ := driver.CreateUser(&structs.User{
UserName: "user01",
PassWord: "U7MRDBFXd2Ab",
SystemPrivileges: []string{"SHOW_GRAPH", "TRUNCATE"},
GraphPrivileges: structs.GraphPrivileges{
"lcc": []string{"UPDATE", "INSERT", "DELETE", "UPSERT"},
},
PropertyPrivileges: structs.PropertyPrivileges{
Node: structs.PropertyPrivilegeElement{
Read: [][]string{
{"miniCircle", "account", "*"},
{"miniCircle", "movie", "name"},
},
Write: [][]string{
{"lcc", "*", "*"},
},
},
Edge: structs.PropertyPrivilegeElement{
Read: [][]string{
{"*", "*", "*"},
},
Deny: [][]string{
{"miniCircle", "*", "*"},
},
},
},
Policies: []string{"manager", "sales"},
}, nil)
fmt.Println(response.Status.Code)
SUCCESS
AlterUser()
修改一个用户的密码、权限和策略。请留意,只有指定的属性会被修改,其余保持不变。
参数
user: *structs.User:用于设置新的Password、SystemPrivileges、GraphPrivileges、PropertyPrivilege和Policies的指向User结构体的指针,通过Username字段指定用户。confg: *configuration.RequestConfig(可选):请求配置。
返回值
Response:请求结果。error:包含操作过程中遇到的任何问题的错误对象;如果操作成功,则返回nil。
// Alters the user 'user01'
response, _ := driver.AlterUser(&structs.User{
UserName: "user01",
SystemPrivileges: []string{"CREATE_GRAPH", "SHOW_GRAPH", "SHOW_GRAPH", "TRUNCATE"},
Policies: []string{"manager"},
}, nil)
fmt.Println(response.Status.Code)
SUCCESS
DropUser()
删除一个指定的数据库用户。
参数
username: string: 用户名。confg: *configuration.RequestConfig(可选):请求配置。
返回值
Response:请求结果。error:包含操作过程中遇到的任何问题的错误对象;如果操作成功,则返回nil。
// Drops the user 'user01'
response, _ := driver.DropUser("user01", nil)
fmt.Println(response.Status.Code)
SUCCESS
完整示例
package main
import (
"fmt"
"log"
"github.com/ultipa/ultipa-go-driver/v5/sdk"
"github.com/ultipa/ultipa-go-driver/v5/sdk/configuration"
"github.com/ultipa/ultipa-go-driver/v5/sdk/structs"
)
func main() {
config := &configuration.UltipaConfig{
// URI example: Hosts: []string{"mqj4zouys.us-east-1.cloud.ultipa.com:60010"},
Hosts: []string{"192.168.1.85:60061", "192.168.1.87:60061", "192.168.1.88:60061"},
Username: "<usernmae>",
Password: "<password>",
}
driver, err := sdk.NewUltipaDriver(config)
if err != nil {
log.Fatalln("Failed to connect to Ultipa:", err)
}
// Creates a new policy 'operator'
response, _ := driver.CreatePolicy(&structs.Policy{
Name: "operator",
SystemPrivileges: []string{"SHOW_GRAPH", "TRUNCATE"},
GraphPrivileges: structs.GraphPrivileges{
"lcc": []string{"UPDATE", "INSERT", "DELETE", "UPSERT"},
},
PropertyPrivileges: structs.PropertyPrivileges{
Node: structs.PropertyPrivilegeElement{
Read: [][]string{
{"miniCircle", "account", "*"},
{"miniCircle", "movie", "name"},
},
Write: [][]string{
{"lcc", "*", "*"},
},
},
Edge: structs.PropertyPrivilegeElement{
Read: [][]string{
{"*", "*", "*"},
},
Deny: [][]string{
{"miniCircle", "*", "*"},
},
},
},
Policies: []string{"manager", "sales"},
}, nil)
fmt.Println(response.Status.Code)
}