User and Privilege

To enhance the system and service security, Ultipa creates a feature-rich authority system that grants privileges to users in a flexible way.

11.1 Privilege and Policy

Privilege grants users access to the execution of particular uQL commands. There are two levels of privileges regarding their scope:

  • graph level: INSERT, DELETE, UPDATE, etc.
  • system level: CREATE_GRAPH, DROP_GRAPH, USER, etc.

Policy organizes privileges into tree-structure that can be granted to users, to better classify and manage users with different roles.

A policy is a combination of graph privileges, system privileges and sub-policies. A user can own privileges and policies at the same time.

List All Privileges

from ultipa import Connection, ULTIPA_REQUEST
conn = Connection(host='host:prot', username="root", password="root")
ret = conn.listPrivilege()
print(ret.toJSON())

List All Policies

from ultipa import Connection, ULTIPA_REQUEST
conn = Connection(host='host:prot', username="root", password="root")
ret = conn.listPolicy()
print(ret.toJSON())

Get Policy Detail

The [parameter] of getting a policy's detail:

name type rule description
name string letters, length < 32 Policy name
from ultipa import Connection, ULTIPA_REQUEST
conn = Connection(host='host:prot', username="root", password="root")
ret = conn.getPolicy(ULTIPA_REQUEST.GetPolicy(name='sales'))
print(ret.toJSON())

Create Policy

The [parameter] of creating a policy:

name type rule description
name string letters, length < 32 Policy name
graph_privileges []dict / A distionary of grash privileges
system_privileges []string / A list of system privileges
policies []string / A list of sub-polices
from ultipa import Connection, ULTIPA_REQUEST
conn = Connection(host='host:prot', username="root", password="root")
graphPrivilege = ULTIPA_REQUEST.GraphPrivilege(name='default',
		values=['QUERY'])
ret = conn.createPolicy(ULTIPA_REQUEST.CreatePolicy(name='sales',
		graph_privileges=graphPrivilege))
print(ret.toJSON())

Update Policy

The [parameter] of updating a policy:

name type rule description
name string letters, length < 32 Policy name
graph_privileges []dict / A distionary of grash privileges
system_privileges []string / A list of system privileges
policies []string / A list of sub-polices
from ultipa import Connection, ULTIPA_REQUEST
conn = Connection(host='host:prot', username="root", password="root")
graphPrivilege = ULTIPA_REQUEST.GraphPrivilege(name='default',
		values=['INSERT'])
ret = conn.updatePolicy(ULTIPA_REQUEST.UpdatePolicy(name='sales',
		graph_privileges=graphPrivilege))
print(ret.toJSON())

Delete Policy

The [parameter] of deleting a policy:

name type rule description
name string letters, length < 32 Policy name
from ultipa import Connection, ULTIPA_REQUEST
conn = Connection(host='host:prot', username="root", password="root")
ret = conn.deletePolicy(ULTIPA_REQUEST.DeletePolicy(name='sales'))
print(ret.toJSON())

11.2 User Management

Get User Detail

The [parameter] of getting a user's detail:

name type rule description
username string / Username
from ultipa import Connection, ULTIPA_REQUEST
conn = Connection(host='host:prot', username="root", password="root")
ret = conn.getUser(ULTIPA_REQUEST.GetUser(username='XXXX'))
print(ret.toJSON())

Create User

The [parameter] of creating a user:

name type rule description
username string / Username
password string / Password
graph_privileges []dict / A distionary of grash privileges
system_privileges []string / A list of system privileges
policies []string / A list of sub-polices
from ultipa import Connection, ULTIPA_REQUEST
conn = Connection(host='host:prot', username="root", password="root")
ret = conn.createUser(ULTIPA_REQUEST.CreateUser(username='XXXX',
		password='XXXX'))
print(ret.toJSON())

Update User

The [parameter] of updating a user:

name type rule description
username string / Username
password string / Password
graph_privileges []dict / A distionary of grash privileges
system_privileges []string / A list of system privileges
policies []string / A list of sub-polices
from ultipa import Connection, ULTIPA_REQUEST
conn = Connection(host='host:prot', username="root", password="root")
ret = conn.updateUser(ULTIPA_REQUEST.UpdateUser(username='XXXX',
		password='XXXX'))
print(ret.toJSON())

Grant Privileges and/or Polices to User

The [parameter] of granting privileges and/or polices:

name type rule description
username string / Username
graph_privileges []dict / A distionary of grash privileges
system_privileges []string / A list of system privileges
policies []string / A list of sub-polices
from ultipa import Connection, ULTIPA_REQUEST
conn = Connection(host='host:prot', username="root", password="root")
graphPrivilege = ULTIPA_REQUEST.GraphPrivilege(name='default',
		values=['INSERT'])
ret = conn.grantPolicy(ULTIPA_REQUEST.GrantPolicy(username='test',
		graph_privileges=[graphPrivilege],policies=['sales']))
print(ret.toJSON())

Revoke Privileges and/or Polices from User

The [parameter] of revoking privileges and/or polices:

name type rule description
username string / Username
graph_privileges []dict / A distionary of grash privileges
system_privileges []string / A list of system privileges
policies []string / A list of sub-polices
from ultipa import Connection, ULTIPA_REQUEST
conn = Connection(host='host:prot', username="root", password="root")
graphPrivilege = ULTIPA_REQUEST.GraphPrivilege(name='default',
		values=['INSERT'])
ret = conn.revokePolicy(ULTIPA_REQUEST.RevokePolicy(username='test',
		graph_privileges=[graphPrivilege],policies=['sales']))
print(ret.toJSON())

Delete User

The [parameter] of deleting a user:

name type rule description
username string / Username
from ultipa import Connection, ULTIPA_REQUEST
conn = Connection(host='host:prot', username="root", password="root")
ret = conn.deleteUser(ULTIPA_REQUEST.DeleteUser(username='XXXX'))
print(ret.toJSON())

Reset Admin

Resetting Administrator's account can be done using ultipa-reset-user tool, which is ONLY applicable on the Ultipa Server for security reasons.