User & Role Management

This guide covers user and role management, including authentication, authorization, and RBAC operations.

User Operations

Create User

Create a new user:

await client.createUser({
  username: 'newuser',
  password: 'securepassword',
});

Update User

Update user password:

await client.updateUser({
  username: 'newuser',
  password: 'newpassword',
});

Delete User

Delete a user:

await client.deleteUser({
  username: 'newuser',
});

List Users

List all users:

const result = await client.listUsers();

console.log('Users:', result.usernames);

Describe User

Get user information:

const user = await client.describeUser({
  username: 'newuser',
});

console.log('User info:', user);

Role Operations

Create Role

Create a new role:

await client.createRole({
  roleName: 'admin',
});

Drop Role

Delete a role:

await client.dropRole({
  roleName: 'admin',
});

List Roles

List all roles:

const result = await client.listRoles();

console.log('Roles:', result.results);

Describe Role

Get role information:

const role = await client.describeRole({
  roleName: 'admin',
});

console.log('Role info:', role);

Has Role

Check if a role exists:

const hasRole = await client.hasRole({
  roleName: 'admin',
});

console.log('Role exists:', hasRole.hasRole);

User-Role Relationships

Add User to Role

Assign a user to a role:

await client.addUserToRole({
  username: 'newuser',
  roleName: 'admin',
});

Remove User from Role

Remove a user from a role:

await client.removeUserFromRole({
  username: 'newuser',
  roleName: 'admin',
});

Privilege Management

Grant Privilege

Grant privileges to a role:

await client.grantPrivilege({
  roleName: 'admin',
  object: 'Collection',
  objectName: 'my_collection',
  privilegeName: 'Load',
});

Revoke Privilege

Revoke privileges from a role:

await client.revokePrivilege({
  roleName: 'admin',
  object: 'Collection',
  objectName: 'my_collection',
  privilegeName: 'Load',
});

Select Grant

Get granted privileges:

const grants = await client.selectGrant({
  roleName: 'admin',
  object: 'Collection',
  objectName: 'my_collection',
});

console.log('Grants:', grants.entities);

List Grants

List all grants for a role:

const grants = await client.listGrants({
  roleName: 'admin',
});

console.log('Grants:', grants.entities);

Privilege Groups

Create Privilege Group

Create a privilege group:

await client.createPrivilegeGroup({
  groupName: 'readonly_group',
});

Drop Privilege Group

Delete a privilege group:

await client.dropPrivilegeGroup({
  groupName: 'readonly_group',
});

List Privilege Groups

List all privilege groups:

const groups = await client.listPrivilegeGroups();

console.log('Groups:', groups.group_names);

Add Privileges to Group

Add privileges to a group:

await client.addPrivilegesToGroup({
  groupName: 'readonly_group',
  privileges: [
    {
      object: 'Collection',
      objectName: '*',
      privilegeName: 'DescribeCollection',
    },
  ],
});

Remove Privileges from Group

Remove privileges from a group:

await client.removePrivilegesFromGroup({
  groupName: 'readonly_group',
  privileges: [
    {
      object: 'Collection',
      objectName: '*',
      privilegeName: 'DescribeCollection',
    },
  ],
});

RBAC v2

Grant Privilege v2

Grant privileges using RBAC v2:

await client.grantPrivilegeV2({
  roleName: 'admin',
  privileges: [
    {
      object: 'Collection',
      objectName: '*',
      privilegeName: 'Load',
    },
  ],
});

Revoke Privilege v2

Revoke privileges using RBAC v2:

await client.revokePrivilegeV2({
  roleName: 'admin',
  privileges: [
    {
      object: 'Collection',
      objectName: '*',
      privilegeName: 'Load',
    },
  ],
});

Backup RBAC

Backup RBAC configuration:

const backup = await client.backupRBAC();

console.log('Backup:', backup);

Restore RBAC

Restore RBAC configuration:

await client.restoreRBAC({
  backup: backupData,
});

Drop All Roles

Drop all roles (use with caution):

const results = await client.dropAllRoles();

console.log('Dropped roles:', results);

Privilege Objects

Supported privilege objects:

Collection
Partition
Index
Database
Global

Privilege Names

Common privilege names:

Create
Drop
Describe
Show
Load
Release
Insert
Delete
Update
Search
Query
Flush
Compact

Best Practices

Principle of least privilege: Grant only necessary privileges
Use roles: Group users into roles for easier management
Regular audits: Review user and role assignments regularly
Secure passwords: Enforce strong password policies
Backup RBAC: Regularly backup RBAC configuration

Next Steps

Learn about Client Configuration
Explore Best Practices