Manage Cluster User (SDK)
In Zilliz Cloud, you can create cluster users and assign them cluster roles to define the privileges, achieving data security.
This guide will walk you through how to create a cluster user, grant a role to a user, revoke a role from a user, and finally drop a user. For details about cluster roles, refer to Manage Cluster Roles (Console).
Create a user
The following example shows how to create a user with the username user_1
and the password P@ssw0rd
. The username and password for the user must follow these rules:
-
Username: Must start with a letter and can only include uppercase or lowercase letters, numbers, and underscores.
-
Password: Must be 8-64 characters long and must include three of the following: uppercase letters, lowercase letters, numbers, and special characters.
- Python
- Java
- NodeJS
- cURL
from pymilvus import MilvusClient
client = MilvusClient(
uri="YOUR_CLUSTER_ENDPOINT",
token="YOUR_CLUSTER_TOKEN"
)
client.create_user(user_name="user_1", password="P@ssw0rd")
import io.milvus.v2.client.ConnectConfig;
import io.milvus.v2.client.MilvusClientV2;
import io.milvus.v2.service.rbac.request.CreateUserReq;
ConnectConfig connectConfig = ConnectConfig.builder()
.uri("YOUR_CLUSTER_ENDPOINT")
.token("YOUR_CLUSTER_TOKEN")
.build();
MilvusClientV2 client = new MilvusClientV2(connectConfig);
CreateUserReq createUserReq = CreateUserReq.builder()
.userName("user_1")
.password("P@ssw0rd")
.build();
client.createUser(createUserReq);
const { MilvusClient, DataType } = require("@zilliz/milvus2-sdk-node")
const address = "YOUR_CLUSTER_ENDPOINT";
const token = "YOUR_CLUSTER_TOKEN";
const client = new MilvusClient({address, token});
await milvusClient.createUser({
username: 'user_1',
password: 'P@ssw0rd',
});
export CLUSTER_ENDPOINT="YOUR_CLUSTER_ENDPOINT"
export TOKEN="YOUR_CLUSTER_TOKEN"
curl --request POST \
--url "${CLUSTER_ENDPOINT}/v2/vectordb/users/create" \
--header "Authorization: Bearer ${TOKEN}" \
--header "Content-Type: application/json" \
-d '{
"userName": "user_1",
"password": "P@ssw0rd"
}'
List users
After creating several users, you can list and view all existing users.
- Python
- Java
- NodeJS
- cURL
from pymilvus import MilvusClient
client.list_users()
List<String> resp = client.listUsers();
const { MilvusClient, DataType } = require("@zilliz/milvus2-sdk-node")
await milvusClient.listUsers();
curl --request POST \
--url "${CLUSTER_ENDPOINT}/v2/vectordb/users/list" \
--header "Authorization: Bearer ${TOKEN}" \
--header "Content-Type: application/json" \
-d '{}'
Below is an example output. root
is the default user automatically generated. user_1
is the new user that is just created.
['root', 'user_1']
Grant a role to a user
The following example demonstrates how to grant the role role_a
to the user user_1
.
- Python
- Java
- NodeJS
- cURL
from pymilvus import MilvusClient
client = MilvusClient(
uri="YOUR_CLUSTER_ENDPOINT",
token="YOUR_CLUSTER_TOKEN"
)
client.grant_role(user_name="user_1", role_name="role_a")
import io.milvus.v2.client.ConnectConfig;
import io.milvus.v2.client.MilvusClientV2;
import io.milvus.v2.service.rbac.request.GrantRoleReq;
String CLUSTER_ENDPOINT = "YOUR_CLUSTER_ENDPOINT";
String TOKEN = "YOUR_CLUSTER_TOKEN";
ConnectConfig connectConfig = ConnectConfig.builder()
.uri(CLUSTER_ENDPOINT)
.token(TOKEN)
.build();
MilvusClientV2 client = new MilvusClientV2(connectConfig);
GrantRoleReq grantRoleReq = GrantRoleReq.builder()
.roleName("role_a")
.userName("user_1")
.build();
client.grantRole(grantRoleReq);
const { MilvusClient, DataType } = require("@zilliz/milvus2-sdk-node")
const address = "YOUR_CLUSTER_ENDPOINT";
const token = "YOUR_CLUSTER_TOKEN";
const client = new MilvusClient({address, token});
milvusClient.grantRole({
username: 'user_1',
roleName: 'role_a'
})
export CLUSTER_ENDPOINT="YOUR_CLUSTER_ENDPOINT"
export TOKEN="YOUR_CLUSTER_TOKEN"
curl --request POST \
--url "${CLUSTER_ENDPOINT}/v2/vectordb/users/grant_role" \
--header "Authorization: Bearer ${TOKEN}" \
--header "Content-Type: application/json" \
-d '{
"roleName": "role_a",
"userName": "user_1"
}'
Describe user
Once you grant a role to a user, you can check if the grant operation is successful via the describe_user()
method.
The following example demonstrates how to check the role(s) of the user user_1
.
- Python
- Java
- NodeJS
- cURL
from pymilvus import MilvusClient
client.describe_user(user_name="user_1")
import io.milvus.v2.service.rbac.request.DescribeUserReq;
import io.milvus.v2.service.rbac.response.DescribeUserResp;
DescribeUserReq describeUserReq = DescribeUserReq.builder()
.userName("user_1")
.build();
DescribeUserResp describeUserResp = client.describeUser(describeUserReq);
const { MilvusClient, DataType } = require("@zilliz/milvus2-sdk-node")
milvusClient.describeUser({username: 'user_1'})
curl --request POST \
--url "${CLUSTER_ENDPOINT}/v2/vectordb/users/describe" \
--header "Authorization: Bearer ${TOKEN}" \
--header "Content-Type: application/json" \
-d '{
"userName": "user_1"
}'
Below is an example output.
{'user_name': 'user_1', 'roles': 'role_a'}
Revoke a role
You can also revoke a role that has been assigned to a user.
The following example demonstrates how to revoke the role role_a
assigned to the user user_1
.
- Python
- Java
- NodeJS
- cURL
from pymilvus import MilvusClient
client.revoke_role(
user_name='user_1',
role_name='role_a'
)
import io.milvus.v2.service.rbac.request.RevokeRoleReq;
client.revokeRole(RevokeRoleReq.builder()
.userName("user_1")
.roleName("role_a")
.build());
const { MilvusClient, DataType } = require("@zilliz/milvus2-sdk-node")
curl --request POST \
--url "${CLUSTER_ENDPOINT}/v2/vectordb/users/revoke_role" \
--header "Authorization: Bearer ${TOKEN}" \
--header "Content-Type: application/json" \
-d '{
"userName": "user_1",
"roleName": "role_a"
}'
Drop user
The following example demonstrates how to drop the user user_1
.
The root
user cannot be dropped.
- Python
- Java
- NodeJS
- cURL
from pymilvus import MilvusClient
client = MilvusClient(
uri="YOUR_CLUSTER_ENDPOINT",
token="YOUR_CLUSTER_TOKEN"
)
# create a user
client.drop_user(user_name="user_1")
import io.milvus.v2.client.ConnectConfig
import io.milvus.v2.client.MilvusClientV2
import io.milvus.v2.service.rbac.request.DropUserReq
ConnectConfig connectConfig = ConnectConfig.builder()
.uri("YOUR_CLUSTER_ENDPOINT")
.token("YOUR_CLUSTER_TOKEN")
.build();
MilvusClientV2 client = new MilvusClientV2(connectConfig);
DropUserReq dropUserReq = DropUserReq.builder()
.userName("user_1")
.build();
client.dropUser(dropUserReq);
const { MilvusClient, DataType } = require("@zilliz/milvus2-sdk-node")
const address = "YOUR_CLUSTER_ENDPOINT";
const token = "YOUR_CLUSTER_TOKEN";
const client = new MilvusClient({address, token});
milvusClient.deleteUser({
username: 'user_1'
})
export CLUSTER_ENDPOINT="YOUR_CLUSTER_ENDPOINT"
export TOKEN="YOUR_CLUSTER_TOKEN"
curl --request POST \
--url "${CLUSTER_ENDPOINT}/v2/vectordb/users/drop" \
--header "Authorization: Bearer ${TOKEN}" \
--header "Content-Type: application/json" \
-d '{
"userName": "user_1"
}'
Once the user is dropped, you can list all existing users to check if the drop operation is successful.
- Python
- Java
- NodeJS
- cURL
from pymilvus import MilvusClient
client.list_users()
import io.milvus.v2.service.rbac.request.listUsersReq
List<String> resp = client.listUsers();
const { MilvusClient, DataType } = require("@zilliz/milvus2-sdk-node")
milvusClient.listUsers()
curl --request POST \
--url "${CLUSTER_ENDPOINT}/v2/vectordb/users/list" \
--header "Authorization: Bearer ${TOKEN}" \
--header "Content-Type: application/json" \
-d '{}'
Below is an example output. There is no user_1
in the list. The drop operation is successful.
['root']