User Management
This page explains the procedures for various user management tasks under TigerGraph’s role-based access control(RBAC) model.
To see user management tasks under the Access Control List (ACL) model, see ACL Management.
View privileges of a user
Users with the READ_USER
privilege in a scope can view the RBAC privileges of the users in that scope.
Procedure
-
From the GSQL shell, run the
SHOW PRIVILEGE ON USER
command :GSQL > SHOW PRIVILEGE ON USER tigergraph
gsql
The above command will show the privileges of user tigergraph
:
User: "tigergraph" - Global Privileges: READ_SCHEMA WRITE_SCHEMA READ_LOADINGJOB EXECUTE_LOADINGJOB WRITE_LOADINGJOB READ_QUERY WRITE_QUERY READ_DATA WRITE_DATA WRITE_DATASOURCE READ_ROLE WRITE_ROLE READ_USER WRITE_USER READ_PROXYGROUP WRITE_PROXYGROUP READ_FILE WRITE_FILE DROP_GRAPH EXPORT_GRAPH CLEAR_GRAPHSTORE DROP_ALL ACCESS_TAG
text
To view ACL privileges of a user, see View ACL privileges of a user.
Grant a role to a user/proxy group
Syntax
GRANT ROLE <role_name1> (, role_name2)* [ON GRAPH <graph_name>]
TO <username1>|<proxy_group_name1> (, <username2> | <proxy_group_name>2)*
gsql
Procedure
-
Start the GSQL shell and make sure you are using the correct graph
$ gsql GSQL > USE GRAPH example_graph
-
From the GSQL shell, run the
GRANT ROLE
command. You can grant multiple roles to multiple users:GSQL > GRANT ROLE role1 , role2 ON GRAPH example_graph TO user1, user2
gsql
The above command will grant roles role1
and role2
on graph example_graph
to users user1
and user2
.
Revoke a role from a user
Syntax
REVOKE ROLE <roleName1> (, <roleName2)* [ON GRAPH <graphName>]
FROM <userName1> (, <userName2>)*
gsql
Procedure
-
Start the GSQL shell and make sure you are using the correct graph
$ gsql GSQL > USE GRAPH example_graph
-
From the GSQL shell, run the
REVOKE_ROLE
command. You can revoke multiple roles from multiple users at the same time:GSQL > REVOKE ROLE role1, role2 ON GRAPH example_graph FROM user1, user2
gsql
The above command will revoke roles role1
and role2
on graph example_graph
from users user1
and user2
.
Change a user’s password
Users can change their own passwords used for login without needing any privilege.
Users with the WRITE_USER
privilege can change the passwords of other users.
Procedure
-
From the GSQL shell, run the following command. Replace
username
with the user whose password you want to changeGSQL > ALTER PASSWORD username
gsql -
Enter the new password in the prompt that follows.
To see how to change a user’s ACL password, see Change ACL password |