List of Privileges

This page provides a complete list of privileges in TigerGraph’s Role-based Access Control system.

Any privilege marked “Global only” can only be granted to a global role. It cannot be granted to a local role (See Global role vs local role).
Local roles are deprecated and will be dropped in a later version.

Table of Privileges

Privilege Name Commands Associated Global Only

Privilege Name	Commands Associated	Global Only
`READ_SCHEMA`	`ls` `show vertex <vName>` `show edge <eName>` `show graph <gName>` `show job (<schema_changeJobName>`	No
`WRITE_SCHEMA`	`create schema_change job <scjName>` `run schema_change job <scjName>` `drop schema_change job <scjName>` `create vertex <vName>` `drop vertex <vName>` `create edge <eName>` `drop edge <eName>` `create graph <gName>` `create global schema_change job <gscjName>` `run global schema_change job <gscjName>` `drop global schema_change job <gscjName>`	No
`READ_LOADINGJOB`	`show job <loadingJobName>` `show data_source <dsName>`	No
`EXECUTE_LOADINGJOB`	`run loading job <ljName>` `show loading status <jobId>` `abort loading job <ljName>` `resume loading job <ljName>`	No
`WRITE_LOADINGJOB`	`create loading job <ljName>` `drop loading job <ljName>`	No
`READ_QUERY`	`show query <qName>`	No
`WRITE_QUERY`	`create query <qName>` `install query <qName>` `drop query <qName>`	No
`CREATE_DATA`	Running queries that insert vertices or edges in the allowed scope. For details see Data CRUD privileges.	No
`READ_DATA`	Running queries that read vertex or edge information in the allowed scope. For details see Data CRUD privileges.	No
`UPDATE_DATA`	Running queries that update vertex or edge information in the allowed scope. For details see Data CRUD privileges.	No
`DELETE_DATA`	Running queries that delete vertices or edges in the allowed scope. For details see Data CRUD privileges.	No
`WRITE_DATASOURCE`	`create data_source <dsName>` `grant data_source <dsName>` `revoke data_source <dsName>` `drop data_source <dsName>`	No
`READ_ROLE`	`show role` `show privilege on role <rName>`	No
`WRITE_ROLE`	`create role <rName>` `grant role <rName>` `revoke role <rName>` `drop role <rName>` `grant privilege <pName> on graph <gName> to <rName>` `revoke privilege <pName> on graph <gName> from <rName>`	No
`READ_USER`	`show user` `show privilege on user <uName>` `show secret`	No
`WRITE_USER`	`create user <uName>` `drop user <uName>` `alter password`	Yes
`READ_PROXYGROUP`	`show group`	No
`WRITE_PROXYGROUP`	`create group <pgName> proxy <rule>` `drop group <pgName>`	Yes
`READ_FILE`	`get <fileName> to <path-to-file>`	Yes
`WRITE_FILE`	`put <fileName> from <path-to-file>`	Yes
`DROP_GRAPH`	`drop graph <gName>`	Yes
`EXPORT_GRAPH`	`export graph <gName>`	Yes
`CLEAR_GRAPHSTORE`	`clear graph store`	Yes
`ACCESS_TAG`	Operations with schema change jobs involving tags Operations with loading jobs involving tags Operations with queries involving tags	No
`APP_ACCESS_DATA`	Accessing data through TigerGraph Suite applications including GraphStudio and TigerGraph Insights. This privilege only allows you to access the information through TigerGraph Suite applications if you already have access to the data in GSQL. It only pertains to the applications and does not have meaning in GSQL itself.
`DROP_ALL`	`drop all`	Yes

READ_SCHEMA

ls
show vertex <vName>
show edge <eName>
show graph <gName>
show job (<schema_changeJobName>

WRITE_SCHEMA

create schema_change job <scjName>
run schema_change job <scjName>
drop schema_change job <scjName>
create vertex <vName>
drop vertex <vName>
create edge <eName>
drop edge <eName>
create graph <gName>
create global schema_change job <gscjName>
run global schema_change job <gscjName>
drop global schema_change job <gscjName>

READ_LOADINGJOB

show job <loadingJobName>
show data_source <dsName>

EXECUTE_LOADINGJOB

run loading job <ljName>
show loading status <jobId>
abort loading job <ljName>
resume loading job <ljName>

WRITE_LOADINGJOB

create loading job <ljName>
drop loading job <ljName>

READ_QUERY

show query <qName>

WRITE_QUERY

create query <qName>
install query <qName>
drop query <qName>

CREATE_DATA

Running queries that insert vertices or edges in the allowed scope. For details see Data CRUD privileges.

READ_DATA

Running queries that read vertex or edge information in the allowed scope. For details see Data CRUD privileges.

UPDATE_DATA

Running queries that update vertex or edge information in the allowed scope. For details see Data CRUD privileges.

DELETE_DATA

Running queries that delete vertices or edges in the allowed scope. For details see Data CRUD privileges.

WRITE_DATASOURCE

create data_source <dsName>
grant data_source <dsName>
revoke data_source <dsName>
drop data_source <dsName>

READ_ROLE

show role
show privilege on role <rName>

WRITE_ROLE

create role <rName>
grant role <rName>
revoke role <rName>
drop role <rName>
grant privilege <pName> on graph <gName> to <rName>
revoke privilege <pName> on graph <gName> from <rName>

READ_USER

show user
show privilege on user <uName>
show secret

WRITE_USER

create user <uName>
drop user <uName>
alter password

Yes

READ_PROXYGROUP

show group

WRITE_PROXYGROUP

create group <pgName> proxy <rule>
drop group <pgName>

Yes

READ_FILE

get <fileName> to <path-to-file>

Yes

WRITE_FILE

put <fileName> from <path-to-file>

Yes

DROP_GRAPH

drop graph <gName>

Yes

EXPORT_GRAPH

export graph <gName>

Yes

CLEAR_GRAPHSTORE

clear graph store

Yes

ACCESS_TAG

Operations with schema change jobs involving tags
Operations with loading jobs involving tags
Operations with queries involving tags

APP_ACCESS_DATA

Accessing data through TigerGraph Suite applications including GraphStudio and TigerGraph Insights.

This privilege only allows you to access the information through TigerGraph Suite applications if you already have access to the data in GSQL. It only pertains to the applications and does not have meaning in GSQL itself.

DROP_ALL

drop all

Yes