Skip to content

User management

This topic describes how to manage users and roles.

By default, Nebula Graph allows connections with any username and password. After enabling authentication, only valid users can connect to Nebula Graph and access the resources according to the user roles.

CREATE USER

The root user with the GOD role can run CREATE USER to create a new user.

  • Syntax
    CREATE USER [IF NOT EXISTS] <user_name> [WITH PASSWORD '<password>'];
  • Example
    nebula> CREATE USER user1 WITH PASSWORD 'nebula';

GRANT ROLE

Users with the GOD role or the ADMIN role can run GRANT ROLE to assign a built-in role in a graph space to a user. For more information about Nebula Graph built-in roles, see Roles and privileges

NOTE: If the target user is connected to Nebula Graph when running GRANT ROLE, the new role takes effect when the user logs out and logs in again.

  • Syntax
    GRANT ROLE <role_type> ON <space_name> TO <user_name>;
  • Example
    nebula> GRANT ROLE USER ON basketballplayer TO user1;

REVOKE ROLE

Users with the GOD role or the ADMIN role can run REVOKE ROLE to revoke a user's role in a graph space.

NOTE: If the target user is connected to Nebula Graph when running REVOKE ROLE, the old role still takes effect until the user logs out.

  • Syntax
    REVOKE ROLE <role_type> ON <space_name> FROM <user_name>;
  • Example
    nebula> REVOKE ROLE USER ON basketballplayer FROM user1;

CHANGE PASSWORD

With the correct username and password, users can run CHANGE PASSWORD to set a new password for a user.

  • Syntax
    CHANGE PASSWORD <user_name> FROM '<old_password>' TO '<new_password>';
  • Example
    nebula> CHANGE PASSWORD user1 FROM 'nebula' TO 'nebula123';

ALTER USER

The root user with the GOD role can run ALTER USER to set a new password for a user.

  • Syntax
    ALTER USER <user_name> WITH PASSWORD '<password>';
  • Example
    nebula> ALTER USER user1 WITH PASSWORD 'nebula';

DROP USER

The root user with the GOD role can run DROP USER to remove a user.

NOTE: Removing a user does not close the user's current session, and the user role still takes effect in the session until the session is closed.

  • Syntax
    DROP USER [IF EXISTS] <user_name>;
  • Example
    nebula> DROP USER user1;

SHOW USERS

The root user with the GOD role can run SHOW USERS to list all the users.

  • Syntax
    SHOW USERS;
  • Example
    nebula> SHOW USERS;
+-----------+
| Account   |
+-----------+
| "test1"   |
+-----------+
| "test2"   |
+-----------+
| "test3"   |
+-----------+
Last update: April 13, 2021
Back to top