GQL - Privilege - Ultipa Graph

Change Password

Submit

Change Email

Submit

Change Nickname

Current Nickname:

Submit

Profile

Account ID:

Full Name:
Phone:
Company:
Company Email:
Country:
Language:

Change Password

Apply

You have no license application record.

Apply

Certificate	Issued at	Valid until	Serial No.	File

Serial No.	Valid until	File

Not having one? Apply now! >>>

Product	Created On	ID	Amount (USD)	Invoice

Product	Created On	ID	Amount (USD)	Invoice

No Invoice

Create Ultipa Account

Already have an Ultipa account? Sign in now!

Forgot Password

Reset Password

Back to sign in

Privilege

Overview

Privileges are a key access control mechanism that determine the operations a user can perform on the graph database. They enforce security by restricting access to specific operations, such as querying, updating, or administering the database. A set of privileges can be granted to a role, which can then be assigned to users. Alternatively, individual privileges can be directly assigned to users.

Types of Privileges in Ultipa:

Graph privileges: Includes operations for manipulating and reading data and structure of specific graphs, as well as managing their indexes, jobs, HDC graphs, etc.
System privileges: Includes operations for managing graphs, processes, privileges, roles, users, servers, etc., within the database.
Property privileges: Includes read, write, and deny, applied specifically to certain properties.

All Privileges

Graph Privileges

Privilege	Description	GQL
`READ`	Reads data from graphs.	`MATCH`
`INSERT`	Inserts nodes and edges into graphs.	`INSERT`
`UPSERT`	Updates or inserts nodes and edges in graphs.	`INSERT`
`UPDATE`	Updates nodes and edges in graphs.	`SET`
`DELETE`	Deletes nodes and edges in graphs.	`DELETE`
`CREATE_SCHEMA`	Creates schemas in graphs.	`ALTER GRAPH <graphName> ADD <NODE \| EDGE>`, and creates schemas using `CRETAE GRAPH`
`DROP_SCHEMA`	Drops schemas in graphs.	`ALTER GRAPH <graphName> DROP <NODE \| EDGE>`
`ALTER_SCHEMA`	Alters the schemas in graphs.	/
`SHOW_SCHEMA`	Shows schemas in graphs.	`SHOW <NODE \| EDGE> SCHEMA`
`RELOAD_SCHEMA`	Reloads the total number of nodes and edges in graphs.	/
`CREATE_PROPERTY`	Creates properties in graphs.	`ALTER <NODE \| EDGE> <schemaName> ADD PROPERTY`, and creates properties using `CRETAE GRAPH`
`DROP_PROPERTY`	Drops properties in graphs.	`ALTER <NODE \| EDGE> <schemaName> DROP PROPERTY`
`ALTER_PROPERTY`	Alters properties in graphs.	/
`SHOW_PROPERTY`	Shows properties in graphs.	`SHOW <NODE \| EDGE> <propertyName> PROPERTY`
`CREATE_FULLTEXT`	Creates full-text indexes in graphs.	`CREATE FULLTEXT`
`DROP_FULLTEXT`	Drop full-text indexes in graphs.	`DROP <NODE \| EDGE> FULLTEXT`
`SHOW_FULLTEXT`	Shows full-text indexes in graphs.	`SHOW <NODE \| EDGE> FULLTEXT`
`CREATE_VECTOR_INDEX`	Creates vector indexes in graphs.	`CREATE VECTOR INDEX`
`DROP_VECTOR_INDEX`	Drop vector indexes in graphs.	`DROP <NODE \| EDGE > VECTOR INDEX`
`SHOW_VECTOR_INDEX`	Shows vector indexes in graphs.	`SHOW <NODE \|EDGE > VECTOR INDEX`
`CREATE_INDEX`	Creates indexes in graphs.	`CREATE INDEX`
`DROP_INDEX`	Drops indexes in graphs.	`DROP <NODE \| EDGE> INDEX`
`SHOW_INDEX`	Shows indexes in graphs.	`SHOW <NODE \| EDGE> INDEX`
`LTE`	Loads properties from disk into the computing engine.	/
`UFE`	Unloads properties from the computing engine.	/
`CLEAR_JOB`	Clear jobs in graphs.	`DELETE JOB`
`STOP_JOB`	Stops jobs in graphs.	`STOP JOB`
`SHOW_JOB`	Shows jobs in graphs.	`SHOW JOB`
`ALGO`	Runs algorithms for graphs.	`CALL algo...`
`CREATE_PROJECT`	Creates distributed projections for graphs.	/
`SHOW_PROJECT`	Shows distributed projections of graphs.	/
`DROP_PROJECT`	Drops distributed projections of graphs.	/
`CREATE_HDC_GRAPH`	Creates HDC graphs.	`CALL hdc.graph.create()`
`SHOW_HDC_GRAPH`	Shows HDC graphs.	`CALL hdc.graph.show()`
`DROP_HDC_GRAPH`	Drops HDC graphs.	`CALL hdc.graph.drop()`
`COMPACT_HDC_GRAPH`	Compacts HDC graphs.	`CALL hdc.graph.compact()`
`SHOW_CONSTRAINT`	Shows constraints in graphs.	`SHOW <NODE \| EDGE> CONSTRAINT`
`CREATE_CONSTRAINT`	Creates constraints in graphs.	`ALTER <NODE \| EDGE> <schemaName> ADD CONSTRAINT`
`DROP_CONSTRAINT`	Drops constraint in graphs.	`ALTER <NODE \| EDGE> <schemaName> DROP CONSTRAINT`

System Privileges

Privilege	Description	GQL
`TRUNCATE`	Truncates graphs in database.	/
`COMPACT`	Compacts graphs in database.	/
`CREATE_GRAPH`	Creates graphs in database.	`CREATE GRAPH`
`SHOW_GRAPH`	Shows graphs in database.	`SHOW GRAPH`
`DROP_GRAPH`	Drops graphs in database.	`DROP GRAPH`
`ALTER_GRAPH`	Alters graphs in database.	/
`TOP`	Shows processes in database.	/
`KILL`	Kills processes in database.	/
`STAT`	Shows statistics of the database.	/
`SHOW_POLICY`	Shows policies in database.	`SHOW ROLE`
`CREATE_POLICY`	Creates policies in database.	`CREATE ROLE`
`DROP_POLICY`	Drops policies in database.	`DROP ROLE`
`ALTER_POLICY`	Alters policies in database.	`ALTER ROLE`
`SHOW_USER`	Shows users in database.	`SHOW USER`
`CREATE_USER`	Creates users in database.	`CREATE USER`
`DROP_USER`	Drops users in database.	`DROP USER`
`ALTER_USER`	Alters users in database.	`ALTER USER`
`SHOW_PRIVILEGE`	Shows privileges in database.	/
`GRANT`	Grants privileges and policies to a policy or user.	/
`REVOKE`	Revokes privileges and policies from a policy or user.	/
`SHOW_META`	Show meta servers of the database.	/
`SHOW_SHARD`	Show shard servers of the database.	/
`ADD_SHARD`	Adds shard servers to the database.	/
`REPLACE_SHARD`	Alters the replica addresses of a shard server.	/
`DELETE_SHARD`	Deletes shard servers from the database.	/
`SHOW_HDC_SERVER`	Show HDC servers of the database.	/
`ADD_HDC_SERVER`	Adds HDC servers to the database.	/
`DELETE_HDC_SERVER`	Deletes HDC servers from the database.	/
`SHOW_VECTOR_SERVER`	Show vector servers of the database.	`SHOW VECTOR SERVER`
`ADD_VECTOR_SERVER`	Adds vector servers to the database.	`ADD VECTOR SERVER`
`DELETE_VECTOR_SERVER`	Deletes vector servers from the database.	`DELETE VECTOR SERVER`
`LICENSE_UPDATE`	Updates license of the database.	/
`LICENSE_DUMP`	Dumps license of the database.	/
`SHOW_BACKUP`	Shows backups of the database.	/
`CREATE_BACKUP`	Creates backups for the database.	/

Property Privileges

Privilege	Description
`read`	Allows reading a specific property in graphs.
`write`	Allows both reading and writing a specific property in graphs.
`deny`	Denies the right to read or write a specific property in graphs. `deny` takes precedence over `read` and `write`. If both `deny` and `read` (or `write`) are granted to a user or policy, the effective privilege is `deny`.

read

If the read privilege for the name property of the user nodes is not granted:

Operation	Examples
Return the property	`MATCH (n:user) RETURN n` This query will exclude the `name` property from the results. `MATCH (n:user) RETURN n.name` This query throws an error as you cannot read the `name` property.
Filter the property	`MATCH (n:user {name: "johndoe"}) RETURN n` This query throws an error as you cannot read the `name` property.
Export	You cannot export the properties which you cannot read.

write

If the write privilege for the name property of the user nodes is not granted:

Operation	Examples
Insert	`INSERT (:user {_id: "U873", name:"johndoe"})` This query throws an error as you cannot write the `name` property.
Update	`MATCH (n:user {_id: "U873"}) SET n.name = "johndoe"` This query throws an error as you cannot write the `name` property.
Delete	You can delete properties, nodes or edges even if you don't have write privileges, as long as you possess the `DELETE` and `DROP_PROPERTY` graph privileges.

ID
Product
Status
Cores
Applied Validity Period(days)
Effective Date
Excpired Date
Mac Address
Apply Comment
Review Comment