User Management
This page explains the procedures for various user management tasks under TigerGraph's authorization model.

Create a user

Syntax
1
CREATE USER
Copied!
Required privilege
WRITE_USER
Procedure
  1. 1.
    From the GSQL shell, run the CREATE USER command:
    1
    GSQL > CREATE USER
    Copied!
  2. 2.
    Enter the user information in the prompts that follow:
    Example: Create user
    1
    User Name : frank
    2
    New Password : ************
    3
    Re-enter Password : ************
    4
    The user "frank" is created.
    Copied!

View roles of a user

Syntax
1
SHOW USER
Copied!
Required privilege
READ_USER for displaying roles of other users
Procedure
  1. 1.
    From the GSQL shell, run the SHOW USER command:
    1
    GSQL > SHOW USER
    Copied!
If the user running the command has the READ_USER privilege, role information on all users will be displayed. Otherwise, only the current user's roles will be displayed.

View privileges of a user

Syntax
1
SHOW PRIVILEGE ON USER <username> (, <username>)*
Copied!
Required privilege
READ_USER
Procedure
  1. 1.
    From the GSQL shell, run the SHOW PRIVILEGE ON USER command :
    1
    GSQL > SHOW PRIVILEGE ON USER tigergraph
    Copied!
The above command will show the privileges of user tigergraph:
1
User: "tigergraph"
2
- Global Privileges:
3
READ_SCHEMA
4
WRITE_SCHEMA
5
READ_LOADINGJOB
6
EXECUTE_LOADINGJOB
7
WRITE_LOADINGJOB
8
READ_QUERY
9
WRITE_QUERY
10
READ_DATA
11
WRITE_DATA
12
WRITE_DATASOURCE
13
READ_ROLE
14
WRITE_ROLE
15
READ_USER
16
WRITE_USER
17
READ_PROXYGROUP
18
WRITE_PROXYGROUP
19
READ_FILE
20
WRITE_FILE
21
DROP_GRAPH
22
EXPORT_GRAPH
23
CLEAR_GRAPHSTORE
24
DROP_ALL
25
ACCESS_TAG
Copied!

Grant a role to a user

Syntax
1
GRANT ROLE <role_name1> (, role_name2)* [ON GRAPH <graph_name>]
2
TO <username1> (, <username2>)*
Copied!
Required privilege
WRITE_ROLE
Procedure
  1. 1.
    Start the GSQL shell and make sure you are using the correct graph
    1
    $ gsql
    2
    GSQL > USE GRAPH example_graph
    Copied!
  2. 2.
    From the GSQL shell, run the GRANT ROLE command. You can grant multiple roles to multiple users:
    1
    GSQL > GRANT ROLE role1 , role2 ON GRAPH example_graph
    2
    TO user1, use2
    Copied!
The above command will grant roles role1 and role2 on graph example_graph to users user1 and user2.

Revoke a role from a user

Syntax
1
REVOKE ROLE <roleName1> (, <roleName2)* [ON GRAPH <graphName>]
2
FROM <userName1> (, <userName2>)*
Copied!
Required privilege
WRITE_ROLE
Procedure
  1. 1.
    Start the GSQL shell and make sure you are using the correct graph
    1
    $ gsql
    2
    GSQL > USE GRAPH example_graph
    Copied!
  2. 2.
    From the GSQL shell, run the REVOKE_ROLE command. You can revoke multiple roles from multiple users at the same time:
    1
    GSQL > REVOKE ROLE role1, role2 ON GRAPH example_graph
    2
    FROM user1, user2
    Copied!
The above command will revoke roles role1 and role2 on graph example_graph from users user1 and user2.

Change a user's password

Syntax
1
ALTER PASSWORD <username>
Copied!
Required privilege
WRITE_USER for changing the password of a user other than the current user
Procedure
  1. 1.
    From the GSQL shell, run the following command. Replace username with the user whose password you want to change
    1
    GSQL > ALTER PASSWORD username
    Copied!
  2. 2.
    Enter the new password in the prompt that follows.

Drop a user

Syntax
1
DROP USER <user1> (,<user2>)*
Copied!
Required privilege
WRITE_USER
Procedure
  1. 1.
    From the GSQL shell, run the DROP USER command. You can drop multiple users in the same command.
    1
    GSQL > DROP USER user1, user2
    Copied!
  2. 2.
    GSQL will confirm that the users you entered have been dropped
Last modified 4mo ago