Cluster Credentials (SDK)
In addition to managing cluster credentials on web UI, Zilliz Cloud extends its functionality by offering SDKs for credential management. This integration enhances flexibility and provides more customization options than the web UI alone.
In the backend, there are three built-in role options:
-
db_admin
: Full control over the cluster and associated resources. -
db_rw
: Permission to read, write, and manage collections and indexes within the cluster. -
db_ro
: Viewing rights for most cluster resources, but no creation, modification, or deletion capabilities.
Explore Manage Cluster Roles (Console) for details.
List cluster roles and users
You can list all built-in roles and users in a cluster as follows:
- Python
- Java
- NodeJS
from pymilvus import MilvusClient
CLUSTER_ENDPOINT = "YOUR_CLUSTER_ENDPOINT"
TOKEN = "YOUR_CLUSTER_TOKEN"
# 1. Set up a Milvus client
client = MilvusClient(
uri=CLUSTER_ENDPOINT,
token=TOKEN
)
# 2. List roles and users
roles = client.list_roles()
print(roles)
# Output
#
# ["db_admin", "db_ro", "db_rw"]
users = client.list_users()
print(users)
# Output
#
# ["db_admin"]
import io.milvus.v2.client.ConnectConfig;
import io.milvus.v2.client.MilvusClientV2;
String CLUSTER_ENDPOINT = "YOUR_CLUSTER_ENDPOINT";
String TOKEN = "YOUR_CLUSTER_TOKEN";
// 1. Connect to Milvus server
ConnectConfig connectConfig = ConnectConfig.builder()
.uri(CLUSTER_ENDPOINT)
.token(TOKEN)
.secure(true)
.build();
MilvusClientV2 client = new MilvusClientV2(connectConfig);
// 2. List all users and roles
List<String> roleNames = client.listRoles();
System.out.println(roleNames);
// Output
//
// ["db_admin", "db_ro", "db_rw"]
List<String> userNames = client.listUsers();
System.out.println(userNames);
// Output
//
// ["db_admin"]
const { MilvusClient, DataType, sleep } = require("@zilliz/milvus2-sdk-node")
const address = "YOUR_CLUSTER_ENDPOINT"
const token = "YOUR_CLUSTER_TOKEN"
async function main() {
// 1. Connect to the cluster
const client = new MilvusClient({address, token})
// 2. List roles and users
var res = await client.listRoles()
console.log(res.results.map(r => r.role.name))
// Output
//
// ["db_admin", "db_ro", "db_rw"]
res = await client.listUsers()
console.log(res.usernames)
// Output
//
// ["db_admin"]
Create a cluster user
To create a cluster user, use the following code snippet:
- Python
- Java
- NodeJS
# 3. Create a user
if 'user1' not in users:
client.create_user(
user_name="user1",
password="p@ssw0rd!"
)
users = client.list_users()
print(users)
# Output
#
# ["db_admin", "user1"]
import io.milvus.v2.service.rbac.request.DropUserReq;
import io.milvus.v2.service.rbac.request.CreateUserReq;
// 3. Create a user
CreateUserReq createUserReq = CreateUserReq.builder()
.userName("user1")
.password("p@ssw0rd!")
.build();
client.createUser(createUserReq);
userNames = client.listUsers();
System.out.println(userNames);
// Output
//
// ["db_admin", "user1"]
// 3. Create a user
if (!res.usernames.includes("user1")) {
await client.createUser({
username: "user1",
password: "p@ssw0rd!"
})
}
res = await client.listUsers()
console.log(res.usernames)
// Output
//
// ["db_admin", "user1"]
Having created a cluster user, you can now connect to the cluster using its username and password. See Connect to Cluster to explore further details.See Authenticate User Access and Enable RBAC for details.
Update a user credential
To update a user's password, use the code below:
- Python
- Java
- NodeJS
# 4. Update a user credentials
client.update_password(
user_name="user1",
old_password="p@ssw0rd!",
new_password="p@ssw0rd123!"
)
import io.milvus.v2.service.rbac.request.UpdatePasswordReq;
// 4. Update user password
UpdatePasswordReq updatePasswordReq = UpdatePasswordReq.builder()
.userName("user1")
.password("p@ssw0rd!")
.newPassword("p@ssw0rd123!")
.build();
client.updatePassword(updatePasswordReq);
// 4. Update a user credentials
await client.updateUser({
username: "user1",
oldPassword: "p@ssw0rd!",
newPassword: "p@ssw0rd123!"
})
Describe a role
Before assigning a role to a user, you are advised to view the privileges that a role has. Zilliz Cloud has three preset roles, namely db_ro
, db_admin
, and db_rw
with different privileges.
The following code snippet lists the db_ro
role in detail.
- Python
- Java
- NodeJS
# 5. Describe the role
res = client.describe_role(role_name="db_ro")
print(res)
# Output
#
# {
# "role": "db_ro",
# "privileges": [
# {
# "object_type": "Collection",
# "object_name": "*",
# "db_name": "default",
# "role_name": "db_ro",
# "privilege": "GetLoadState"
# },
# {
# "object_type": "Collection",
# "object_name": "*",
# "db_name": "default",
# "role_name": "db_ro",
# "privilege": "GetLoadingProgress"
# },
# {
# "object_type": "Collection",
# "object_name": "*",
# "db_name": "default",
# "role_name": "db_ro",
# "privilege": "HasPartition"
# },
# "(10 more items hidden)"
# ]
# }
import io.milvus.v2.service.rbac.request.DescribeRoleReq;
// 5. Describe the role
DescribeRoleReq describeRoleReq = DescribeRoleReq.builder()
.roleName("db_ro")
.build();
DescribeRoleResp describeRoleResp = client.describeRole(describeRoleReq);
System.out.println(JSONObject.toJSON(describeRoleResp));
// Output:
// {"grantInfos": [
// {
// "dbName": "default",
// "objectName": "*",
// "grantor": "",
// "privilege": "GetLoadState",
// "objectType": "Collection"
// },
// {
// "dbName": "default",
// "objectName": "*",
// "grantor": "",
// "privilege": "GetLoadingProgress",
// "objectType": "Collection"
// },
// {
// "dbName": "default",
// "objectName": "*",
// "grantor": "",
// "privilege": "HasPartition",
// "objectType": "Collection"
// },
// "(10 elements are hidden)"
// ]}
// 5. Describe the role
var res = await client.describeRole({
roleName: "db_ro"
})
console.log(res.results)
// Output
//
// [ { users: [], role: { name: 'db_ro' } } ]
//
Assign a role to a cluster user
To assign the db_ro
role to user1
:
- Python
- Java
- NodeJS
# 6. Assign a role to a user
client.grant_role(
user_name="user1",
role_name="db_ro"
)
# 7. Describe a user
user_info = client.describe_user(
user_name="user1"
)
print(user_info)
# Output
#
# {
# "user_name": "user1",
# "roles": "(\"db_ro\")"
# }
import io.milvus.v2.service.rbac.request.GrantRoleReq;
// 6. Assign a role to a user
GrantRoleReq grantRoleReq = GrantRoleReq.builder()
.userName("user1")
.roleName("db_ro")
.build();
client.grantRole(grantRoleReq);
// 7. Describe the user
DescribeUserReq describeUserReq = DescribeUserReq.builder()
.userName("user1")
.build();
DescribeUserResp describeUserResp = client.describeUser(describeUserReq);
System.out.println(JSONObject.toJSON(describeUserResp));
// Output:
// {"roles": ["db_ro"]}
// 6. Assign a role to a user
await client.grantRole({
username: "user1",
roleName: "db_ro"
})
// 7. Describe a user
res = await client.describeUser({
username: "user1"
})
console.log(res.results)
// Output
//
// [ { roles: [ [Object] ], user: { name: 'user1' } } ]
//
Revoke a role from a user
To revoke a role from a user:
- Python
- Java
- NodeJS
# 8. Revoke a role from a user
client.revoke_role(
user_name="user1",
role_name="db_ro"
)
import io.milvus.v2.service.rbac.request.RevokeRoleReq;
// 8. Revoke a role from a user
RevokeRoleReq revokeRoleReq = RevokeRoleReq.builder()
.userName("user1")
.roleName("db_ro")
.build();
client.revokeRole(revokeRoleReq);
// 8. Revoke a role from a user
await client.revokeRole({
username: "user1",
roleName: "db_ro"
})
Drop a user
If a user is no longer needed, drop it as follows:
- Python
- Java
- NodeJS
# 9. Drop a user
client.drop_user(
user_name="user1"
)
import io.milvus.v2.service.rbac.request.DropUserReq;
// 9. Drop the user
DropUserReq dropUserReq = DropUserReq.builder()
.userName("user1")
.build();
client.dropUser(dropUserReq);
userNames = client.listUsers();
System.out.println(userNames);
// Output:
// ["db_admin"]
// 9. Drop a user
await client.dropUser({
username: "user1"
})