3.2
TigerGraph Get TigerGraph

List of Privileges

This page provides a complete list of privileges in TigerGraph's Role-based Access Control system.

  • Any privilege marked “on global only” can only be granted to a global role. It cannot be granted to a local role (See Global role vs local role).

  • The command IMPORT GRAPH <gName> needs multiple privileges, .e.g WRITE_SCHEMA, WRITE_LOADING_JOB, WRITE_QUERY and so on.

  • To run the command CREATE SECRET on a graph, the user must have at least one of the access database privileges: READ_DATA, WRITE_DATA and EXECUTE_LOADINGJOB on that graph. Thus the built-in queryreader role and above can create secrets on a graph, but the observer role cannot.

Table of Privileges

Privilege Name

Commands Associated

Global Only

READ_SCHEMA

ls

show vertex <vName>

show edge <eName>

show graph <gName>

show job (<schema_changeJobName>

No

WRITE_SCHEMA

create schema_change job <scjName>

run schema_change job <scjName>

drop schema_change job <scjName>

create vertex <vName>

drop vertex <vName>

create edge <eName>

drop edge <eName>

create graph <gName>

create global schema_change job <gscjName>

run global schema_change job <gscjName>

drop global schema_change job <gscjName>

No

READ_LOADINGJOB

show job <loadingJobName>

show data_source <dsName>

No

EXECUTE_LOADINGJOB

run loading job <ljName>

show loading status <jobId>

abort loading job <ljName>

resume loading job <ljName>

No

WRITE_LOADINGJOB

create loading job <ljName>

drop loading job <ljName>

No

READ_QUERY

show query <qName>

No

WRITE_QUERY

create query <qName>

install query <qName>

drop query <qName>

No

READ_DATA

run Read_Only_Query <qName>

No

WRITE_DATA

run Query_With_Update <qName>

(including create, delete, update in its own or any sub-query)

No

WRITE_DATASOURCE

create data_source <dsName>

grant data_source <dsName>

revoke data_source <dsName>

drop data_source <dsName>

No

READ_ROLE

show role

show privilege on role <rName>

No

WRITE_ROLE

create role <rName>

grant role <rName>

revoke role <rName>

drop role <rName>

grant privilege <pName> on graph <gName> to <rName>

revoke privilege <pName> on graph <gName> from <rName>

No

READ_USER

show user

show privilege on user <uName>

show secret

No

WRITE_USER

create user <uName>

drop user <uName>

alter password

Yes

READ_PROXYGROUP

show group

No

WRITE_PROXYGROUP

create group <pgName> proxy <rule>

drop group <pgName>

Yes

READ_FILE

get <fileName> to <path-to-file>

Yes

WRITE_FILE

put <fileName> from <path-to-file>

Yes

DROP_GRAPH

drop graph <gName>

Yes

EXPORT_GRAPH

export graph <gName>

Yes

CLEAR_GRAPHSTORE

clear graph store

Yes

DROP ALL

drop all

Yes

ACCESS_TAG

create/drop/run schema_change jobs involving tags

create/drop/install/run queries involving tags

create/drop/run loading jobs involving tags

NO

PreviousVertex-level Access Control FunctionsNextGraphStudio UI Guide

Last updated