User Management

This page explains the procedures for various user management tasks under TigerGraph’s authorization model.

Create a user

Syntax

CREATE USER
gsql

Required privilege

WRITE_USER

Procedure

  1. From the GSQL shell, run the CREATE USER command:

    GSQL > CREATE USER
    gsql

  2. Enter the user information in the prompts that follow:

    Example: Create user
    User Name : frank
New Password : ************
Re-enter Password : ************
The user "frank" is created.

View roles of a user

Syntax

SHOW USER
gsql

Required privilege

READ_USER for displaying roles of other users

Procedure

  1. From the GSQL shell, run the SHOW USER command:

    GSQL > SHOW USER
    gsql

If the user running the command has the READ_USER privilege, role information on all users will be displayed. Otherwise, only the current user’s roles will be displayed.

View privileges of a user

Syntax

SHOW PRIVILEGE ON USER <username> (, <username>)*
gsql

Required privilege

READ_USER

Procedure

  1. From the GSQL shell, run the SHOW PRIVILEGE ON USER command :

    GSQL > SHOW PRIVILEGE ON USER tigergraph
    gsql

The above command will show the privileges of user tigergraph:

User: "tigergraph"
  - Global Privileges:
    READ_SCHEMA
    WRITE_SCHEMA
    READ_LOADINGJOB
    EXECUTE_LOADINGJOB
    WRITE_LOADINGJOB
    READ_QUERY
    WRITE_QUERY
    READ_DATA
    WRITE_DATA
    WRITE_DATASOURCE
    READ_ROLE
    WRITE_ROLE
    READ_USER
    WRITE_USER
    READ_PROXYGROUP
    WRITE_PROXYGROUP
    READ_FILE
    WRITE_FILE
    DROP_GRAPH
    EXPORT_GRAPH
    CLEAR_GRAPHSTORE
    DROP_ALL
    ACCESS_TAG
text

Grant a role to a user

Syntax

GRANT ROLE <role_name1> (, role_name2)* [ON GRAPH <graph_name>]
        TO <username1> (, <username2>)*
gsql

Required privilege

WRITE_ROLE

Procedure

  1. Start the GSQL shell and make sure you are using the correct graph

    $ gsql
GSQL > USE GRAPH example_graph

  2. From the GSQL shell, run the GRANT ROLE command. You can grant multiple roles to multiple users:

    GSQL > GRANT ROLE role1 , role2 ON GRAPH example_graph
        TO user1, use2
    gsql

The above command will grant roles role1 and role2 on graph example_graph to users user1 and user2.

Revoke a role from a user

Syntax

REVOKE ROLE <roleName1> (, <roleName2)* [ON GRAPH <graphName>]
        FROM <userName1> (, <userName2>)*
gsql

Required privilege

WRITE_ROLE

Procedure

  1. Start the GSQL shell and make sure you are using the correct graph

    $ gsql
GSQL > USE GRAPH example_graph

  2. From the GSQL shell, run the REVOKE_ROLE command. You can revoke multiple roles from multiple users at the same time:

    GSQL > REVOKE ROLE role1, role2 ON GRAPH example_graph
        FROM user1, user2
    gsql

The above command will revoke roles role1 and role2 on graph example_graph from users user1 and user2.

Change a user’s password

Syntax

ALTER PASSWORD <username>
gsql

Required privilege

WRITE_USER for changing the password of a user other than the current user

Procedure

  1. From the GSQL shell, run the following command. Replace username with the user whose password you want to change

    GSQL > ALTER PASSWORD username
    gsql

  2. Enter the new password in the prompt that follows.

Drop a user

Syntax

DROP USER <user1> (,<user2>)*
gsql

Required privilege

WRITE_USER

Procedure

  1. From the GSQL shell, run the DROP USER command. You can drop multiple users in the same command.

    GSQL > DROP USER user1, user2
    gsql

  2. GSQL will confirm that the users you entered have been dropped