You can log into NebulaGraph Dashboard Enterprise Edition with different types of accounts. Different accounts have different permissions. This article introduces account types, roles, and permissions.
You need to configure the related protocols before using LDAP accounts or OAuth2.0 accounts. For details, see Single sign-on.
Once you log into Dashboard Enterprise Edition using the initialized account name
nebula and password
nebula, you can create different types of accounts: LDAP accounts, OAuth2.0 accounts and general accounts.
Dashboard Enterprise Edition enables you to log into it with your enterprise account by accessing LDAP (Lightweight Directory Access Protocol).
The feature is still in beta. It will continue to be optimized.
Dashboard Enterprise Edition enables you to use access_token to authorize the third-party applications to access the protected information based on OAuth2.0.
Dashboard Enterprise Edition enables you to create local accounts.
You can set different roles for your accounts. Roles are different in permissions. There are two types of account roles in Dashboard Enterprise Edition: system roles (
user) and cluster roles (
The relationship between system roles and cluster roles and their descriptions are as follows.
|admin||1. Create accounts.
2. Modify the role of an existing account.
3. Perform platform settings, system-level alert settings.
4. Delete accounts.
|1. There can be multiple
4. Displayed in the cluster member list by default. An
|user||1. Has read-only permissions for the system dimension.
2. After an
3. Can create clusters and become the
|1. General role.
2. There can be multiple
||1. Scale clusters.
2. Set cluster alerts.
3. Manage cluster nodes.
4. Manage cluster services.
|1. The cluster operator.
2. There can be multiple
||1. Have all the permissions of
2. Unbind and delete clusters.
3. Add and remove accounts with
4. Transfer the
|1. The cluster owner.
2. There can only be one
admin roles can create other accounts. The steps are as follows:
- At the top navigation bar of the Dashboard Enterprise Edition page, click Authority, and click Create.
Select one method and input information to create an account, and click OK.
- Invite (LDAP or OAuth2.0 accounts): Set the invitee's account type, enterprise email and role. After the invitee clicks the Accept button in the email to activate the account, the invitee needs to click Login to automatically jump to the Dashboard Enterprise Edition login page. The invitee can log into Dashboard with his/her enterprise email account and password.
Automatic registration is also supported after LDAP is enabled. When you enter an unregistered account in LDAP mode on the login page, the Dashboard automatically registers the account, but the role permission is
- Create Account (general accounts): Set the login name, password, and role for the new account. For information about roles, see the above content.
The created accounts are displayed on the Authority page.
You can view the username, account type, role, associated cluster, and create time of accounts.
- Account Type: Includes ldap, oauth2.0 and platform. platform is a general account.
- Role: Displays the role of an account, including admin and user. For more information about roles, see the above content.
- Associated Clusters: Displays all the clusters that can be operated by an account. If the cluster was created by the account, the associated cluster has the
- You can search for accounts in the search box, and filter accounts by selecting an associated cluster.
- In the Action column on the Authority page, click to edit account information.
- In the Action column on the Authority page, click to delete an account.