Skip to main content
Version: User Guides (Cloud)

Privileges

A privilege refers to the permission of specific operations on certain Zilliz Cloud resources such as clusters, databases, and collections. Privileges are assigned to roles, which are then granted to users, defining the operations users can perform on the resources. An example of a privilege could be the permission to insert data into a collection named collection_01.

A privilege group is a combination of individual privileges. You can create a privilege group of commonly used privileges to simplify the role granting process. For ease-of-use, Zilliz Cloud provides a total of 9 built-in privilege groups on the collection, database, and cluster level.

The following figure illustrates the different granting process of privileges and a privilege group.

SsW6w8kaNhz4iQbEMYmcbUzsnOc

This topic details the built-in privilege groups and privileges that are available in Zilliz Cloud.

Built-in privilege groups

Zilliz Cloud offers a total of 9 built-in privilege groups on the collection, database, and cluster level that you can directly select when creating roles.

📘Notes

The three levels of built-in privilege groups do not have a cascading relationship. Setting a privilege group at the cluster level does not automatically set permissions for all databases and collections under that instance. Privileges at the database and collection levels need to be set manually.

Collection level privilege groups

  • COLL_RO: includes privileges to read collection data

  • COLL_RW: includes privileges to read and write collection data

  • COLL_ADMIN: includes privileges to read and write collection data and manage collections.

The table below lists the specific privileges included in the three built-in privilege groups at the collection level:

Privilege

CollectionReadOnly

CollectionReadWrite

CollectionAdmin

Query

✔️

✔️

✔️

Search

✔️

✔️

✔️

IndexDetail

✔️

✔️

✔️

GetFlushState

✔️

✔️

✔️

GetLoadState

✔️

✔️

✔️

GetLoadingProgress

✔️

✔️

✔️

HasPartition

✔️

✔️

✔️

ShowPartitions

✔️

✔️

✔️

ListAliases

✔️

✔️

✔️

DescribeCollection

✔️

✔️

✔️

DescribeAlias

✔️

✔️

✔️

GetStatistics

✔️

✔️

✔️

CreateIndex

✔️

✔️

DropIndex

✔️

✔️

CreatePartition

✔️

✔️

DropPartition

✔️

✔️

Load

✔️

✔️

Release

✔️

✔️

Insert

✔️

✔️

Delete

✔️

✔️

Upsert

✔️

✔️

Import

✔️

✔️

Flush

✔️

✔️

Compaction

✔️

✔️

LoadBalance

✔️

✔️

CreateAlias

✔️

DropAlias

✔️

Database level privilege groups

  • DB_RO: includes privileges to read database data

  • DB_RW: includes privileges to read and write database data

  • DB_Admin: includes privileges to read and write database data and manage databases.

The table below lists the specific privileges included in the three built-in privilege groups at the database level:

Privilege

DatabaseReadOnly

DatabaseReadWrite

DatabaseAdmin

ShowCollections

✔️

✔️

✔️

DescribeDatabase

✔️

✔️

✔️

CreateCollection

✔️

DropCollection

✔️

AlterDatabase

✔️

✔️

Cluster level privilege groups

  • Cluster_RO: includes privileges to read instnace data

  • Cluster_RW: includes privileges to read and write instance data

  • Cluster_Admin: includes privileges to read and write instance data and manage instances.

The table below lists the specific privileges included in the three built-in privilege groups at the instance level:

Privilege

ClusterReadOnly

ClusterReadWrite

ClusterAdmin

ListDatabases

✔️

✔️

✔️

RenameCollection

✔️

CreateOwnership

✔️

UpdateUser

✔️

DropOwnership

✔️

SelectOwnership

✔️

✔️

✔️

ManageOwnership

✔️

SelectUser

✔️

✔️

✔️

BackupRBAC

✔️

RestoreRBAC

✔️

CreateResourceGroup

✔️

DropResourceGroup

✔️

UpdateResourceGroups

✔️

✔️

DescribeResourceGroup

✔️

✔️

✔️

ListResourceGroups

✔️

✔️

✔️

TransferNode

✔️

✔️

TransferReplica

✔️

✔️

CreateDatabase

✔️

DropDatabase

✔️

FlushAll

✔️

✔️

CreatePrivilegeGroup

✔️

DropPrivilegeGroup

✔️

ListPrivilegeGroups

✔️

OperatePrivilegeGroup

✔️

All privileges

The followings are all the privileges available on Zilliz Cloud.

If you need to create your own privilege group with the privileges listed below or create custom roles with privileges, please contact us.

Database privileges

Privilege

Description

ListDatabases

View all databases in the current instance

DescribeDatabase

View the details of a database

CreateDatabase

Create a database

DropDatabase

Drop a database

AlterDatabase

Modify the properties of a database

Collection privileges

Privilege

Description

GetFlushState

Check the status of the collection flush operation

GetLoadState

Check the load status of a collection

GetLoadingProgress

Check the loading progress of a collection

ShowCollections

View all collections with collection privileges

ListAliases

View all aliases of a collection

DescribeCollection

View the details of a collection

DescribeAlias

View the details of an alias

GetStatistics

Obtain the statistics of a collection (eg. The number of entities in a collection)

CreateCollection

Create a collection

DropCollection

Drop a collection

Load

Load a collection

Release

Release a collection

Flush

Persist all entities in a collection to a sealed segment. Any entity inserted after the flush operation will be stored in a new segment.

Compaction

Manually trigger compaction

RenameCollection

Rename a collection

CreateAlias

Create an alias for a collection

DropAlias

Drop the alias of a collection

FlushAll

Flush all collections in a database

Partition privileges

Privilege

Description

HasPartition

Check whether a partition exists

ShowPartitions

View all partitions in a collection

CreatePartition

Create a partition

DropPartition

Drop a partition

Index privileges

Privilege

Description

IndexDetail

View the details of an index

CreateIndex

Create an index

DropIndex

Drop an index

Resource management privileges

Privilege

Description

LoadBalance

Achieve load balance

CreateResourceGroup

Create a resource group

DropResourceGroup

Drop a resource group

UpdateResourceGroups

Update a resource group

DescribeResourceGroup

View the details of a resource group

ListResourceGroups

View all resource groups of the current instance

TransferNode

Transfer nodes between resource groups

TransferReplica

Transfer replicas between resource groups

BackupRBAC

Create a backup for all RBAC related operations in the current instance

RestoreRBAC

Restore a backup of all RBAC related operations in the current instance

Entity privileges

Privilege

Description

Query

Conduct a query

Search

Conduct a search

Insert

Insert entities

Delete

Delete entities

Upsert

Upsert entities

Import

Bulk insert or import entities

RBAC privileges

Privilege

Description

CreateOwnership

Create a user or a role

UpdateUser

Update the password of a user

DropOwnership

Drop a user password or a role

SelectOwnership

View all users that are granted a specific role

ManageOwnership

Manage a user or a role or grant a role to a user

SelectUser

View all roles granted to a user

CreatePrivilegeGroup

Create a privilege group

DropPrivilegeGroup

Drop a privilege group

ListPrivilegeGroups

View all privilege groups in the current instance

OperatePrivilegeGroup

Add privileges to or remove privileges from a privilege group