AI

Enable RBAC in Milvus

RBAC, or Role-Based Access Control, is a method of access control that is widely adopted to manage the user permissions and restrict the access to resources based on predefined roles.

In Milvus, RBAC allows us to define and assign the roles to the users or groups of users and then specify the permissions associated with each role. This enables a fine-grained control over who can perform certain operations within the Milvus system.

RBAC is a handy feature, especially in databases such as Milvus, as it allows you to create fine-tuned permissions such as administrator, read-only user, data curator, etc.

Each role can have a set of permissions associated with it which determines the actions that a user with that role can perform. For example, an administrator might have a permission to create and delete the collections, while a read-only user may only have permission to perform the read operations.

This post walks you through enabling and configuring the RBAC security in Milvus using the PyMilvus SDK.

Requirements:

To interact with the Milvus cluster and configure new roles and users, ensure that you have the following requirements met:

  1. A running Milvus server with enabled authentication
  2. Python 3.10 and above
  3. Installed PyMilvus SDK

Once fulfilled, we can proceed and discuss how to configure and enable RBAC on Milvus.

Step 1: Create a User

The first step is creating a user that you wish to assign with various privileges. We can do this using the create_user() method in the PyMilvus SDK.

from pymilvus import (

connections,

utility

)

_HOST = '127.0.0.1'

_PORT = '19530'

def create_connection():

print(f"\nCreate connection...")

connections.connect(host=_HOST, port=_PORT)

utility.create_user("linuxhint", "password", using="default")

The previous code starts by importing the required methods. In this case, we need the connections and the utility modules.

We then connect to the Milvus server using the defined hostname and port. Finally, we use the utility.create_user() method to create a new user with the specified username and password on the server.

Step 2: Create a Role

The next step is to create a role. A role allows us to define what permissions does any user that is assigned to that role can inherit.

We can do this using the create_role() method as shown in the following example:

role = Role("administrator", using=_CONNECTION)

role.create()

In this case, the given code creates a new administrator role.

Step 3: Grant the Privileges

Like with all roles, we need to grant the role that we created with some permissions. This depicts what actions that role can perform.

role.grant("Collection", "*", "Search")

role.grant("Collection", "*", "Insert")

role.grant("Collection", "*", "Delete")

role.grant("Index", "*", "Create")

In this case, we grant the permission to search, insert, and delete the collections on the server and also the permission to create new collection indexes.

Step 4: Bind the Role to the User

The final step is to bind the administrator’s role to the Linuxhint user. This forces the Linuxhint user to inherit the permissions of that role. We can do this using the add_users() method as follows:

role.add_user("administrators", "linuxhint")

This should set up the permissions of the administrator’s role to the Linuxhint user.

Conclusion

In this post, we explored the main steps that you should take when configuring the role-based access control in your Milvus cluster using various methods that are provided by the utility module of the PyMilvus SDK.

About the author

John Otieno

My name is John and am a fellow geek like you. I am passionate about all things computers from Hardware, Operating systems to Programming. My dream is to share my knowledge with the world and help out fellow geeks. Follow my content by subscribing to LinuxHint mailing list