Skip to main content
Version: User Guides (Cloud)

Cluster Credentials (SDK)

In addition to managing cluster credentials on web UI, Zilliz Cloud extends its functionality by offering SDKs for credential management. This integration enhances flexibility and provides more customization options than the web UI alone.

In the backend, there are three built-in role options:

  • db_admin: Full control over the cluster and associated resources.

  • db_rw: Permission to read, write, and manage collections and indexes within the cluster.

  • db_ro: Viewing rights for most cluster resources, but no creation, modification, or deletion capabilities.

Explore Manage Cluster Roles (Console) for details.

List cluster roles and users

You can list all built-in roles and users in a cluster as follows:

from pymilvus import MilvusClient

CLUSTER_ENDPOINT = "YOUR_CLUSTER_ENDPOINT"
TOKEN = "YOUR_CLUSTER_TOKEN"

# 1. Set up a Milvus client
client = MilvusClient(
uri=CLUSTER_ENDPOINT,
token=TOKEN
)

# 2. List roles and users
roles = client.list_roles()

print(roles)

# Output
#
# ["db_admin", "db_ro", "db_rw"]

users = client.list_users()

print(users)

# Output
#
# ["db_admin"]

Create a cluster user

To create a cluster user, use the following code snippet:

# 3. Create a user

if 'user1' not in users:
client.create_user(
user_name="user1",
password="p@ssw0rd!"
)

users = client.list_users()

print(users)

# Output
#
# ["db_admin", "user1"]

Having created a cluster user, you can now connect to the cluster using its username and password. See Connect to Cluster to explore further details.See Authenticate User Access and Enable RBAC for details.

Update a user credential

To update a user's password, use the code below:

# 4. Update a user credentials

client.update_password(
user_name="user1",
old_password="p@ssw0rd!",
new_password="p@ssw0rd123!"
)

Describe a role

Before assigning a role to a user, you are advised to view the privileges that a role has. Zilliz Cloud has three preset roles, namely db_ro, db_admin, and db_rw with different privileges.

The following code snippet lists the db_ro role in detail.

# 5. Describe the role
res = client.describe_role(role_name="db_ro")

print(res)

# Output
#
# {
# "role": "db_ro",
# "privileges": [
# {
# "object_type": "Collection",
# "object_name": "*",
# "db_name": "default",
# "role_name": "db_ro",
# "privilege": "GetLoadState"
# },
# {
# "object_type": "Collection",
# "object_name": "*",
# "db_name": "default",
# "role_name": "db_ro",
# "privilege": "GetLoadingProgress"
# },
# {
# "object_type": "Collection",
# "object_name": "*",
# "db_name": "default",
# "role_name": "db_ro",
# "privilege": "HasPartition"
# },
# "(10 more items hidden)"
# ]
# }

Assign a role to a cluster user

To assign the db_ro role to user1:

# 6. Assign a role to a user

client.grant_role(
user_name="user1",
role_name="db_ro"
)

# 7. Describe a user

user_info = client.describe_user(
user_name="user1"
)

print(user_info)

# Output
#
# {
# "user_name": "user1",
# "roles": "(\"db_ro\")"
# }

Revoke a role from a user

To revoke a role from a user:

# 8. Revoke a role from a user

client.revoke_role(
user_name="user1",
role_name="db_ro"
)

Drop a user

If a user is no longer needed, drop it as follows:

# 9. Drop a user

client.drop_user(
user_name="user1"
)