Skip to content

User management

User management is an indispensable part of Nebula Graph access control. This topic describes how to manage users and roles.

After enabling authentication, only valid users can connect to Nebula Graph and access the resources according to the user roles.

Note

  • By default, the authentication is disabled. Nebula Graph allows connections with the username root and any password.
  • Once the role of a user is modified, the user has to re-login to make the new role takes effect.

CREATE USER

The root user with the GOD role can run CREATE USER to create a new user.

  • Syntax

    CREATE USER [IF NOT EXISTS] <user_name> [WITH PASSWORD '<password>'];
    
  • Example

    nebula> CREATE USER user1 WITH PASSWORD 'nebula';
    

GRANT ROLE

Users with the GOD role or the ADMIN role can run GRANT ROLE to assign a built-in role in a graph space to a user. For more information about Nebula Graph built-in roles, see Roles and privileges.

  • Syntax

    GRANT ROLE <role_type> ON <space_name> TO <user_name>;
    
  • Example

    nebula> GRANT ROLE USER ON basketballplayer TO user1;
    

REVOKE ROLE

Users with the GOD role or the ADMIN role can run REVOKE ROLE to revoke the built-in role of a user in a graph space. For more information about Nebula Graph built-in roles, see Roles and privileges.

  • Syntax

    REVOKE ROLE <role_type> ON <space_name> FROM <user_name>;
    
  • Example

    nebula> REVOKE ROLE USER ON basketballplayer FROM user1;
    

DESCRIBE USER

Users can run DESCRIBE USER to list the roles for a specified user.

  • Syntax

    DESCRIBE USER <user_name>;
    DESC USER <user_name>;
    
  • Example

    nebula> DESCRIBE USER user1;
    +---------+--------------------+
    | role    | space              |
    +---------+--------------------+
    | "ADMIN" | "basketballplayer" |
    +---------+--------------------+
    

SHOW ROLES

Users can run SHOW ROLES to list the roles in a graph space.

  • Syntax

    SHOW ROLES IN <space_name>;
    
  • Example

    nebula> SHOW ROLES IN basketballplayer;
    +---------+-----------+
    | Account | Role Type |
    +---------+-----------+
    | "user1" | "ADMIN"   |
    +---------+-----------+
    

CHANGE PASSWORD

Users can run CHANGE PASSWORD to set a new password for a user. The old password is needed when setting a new one.

  • Syntax

    CHANGE PASSWORD <user_name> FROM '<old_password>' TO '<new_password>';
    
  • Example

    nebula> CHANGE PASSWORD user1 FROM 'nebula' TO 'nebula123';
    

ALTER USER

The root user with the GOD role can run ALTER USER to set a new password for a user. The old password is not needed when setting a new one.

  • Syntax

    ALTER USER <user_name> WITH PASSWORD '<password>';
    
  • Example

    nebula> ALTER USER user1 WITH PASSWORD 'nebula';
    

DROP USER

The root user with the GOD role can run DROP USER to remove a user.

Note

Removing a user does not close the current session of the user, and the user role still takes effect in the session until the session is closed.

  • Syntax

    DROP USER [IF EXISTS] <user_name>;
    
  • Example

    nebula> DROP USER user1;
    

SHOW USERS

The root user with the GOD role can run SHOW USERS to list all the users.

  • Syntax

    SHOW USERS;
    
  • Example

    nebula> SHOW USERS;
    +-----------+
    | Account   |
    +-----------+
    | "test1"   |
    | "test2"   |
    | "test3"   |
    +-----------+
    

Last update: January 14, 2022
Back to top