As the database administrator, you often need to control certain functionalities and data within the Milvus system by assigning specific roles to the users or groups.
Roles then allow you to define the granular permissions for different users and groups based on responsibilities and groups.
Requirements:
- Access to a Milvus server
- Python 3.10 and above
- Installed PyMilvus SDK
PyMilvus Role() Method
In Milvus, the Role() is a constructor method that allows us to define a new role in the Milvus cluster.
The method parameters are expressed as follows:
The “name” parameter determines the name of the role to create. The “using” parameters specify the alias of the Milvus connection to be attached to.
The method returns a new role object.
PyMilvus Grant() Method
Once we defined a new role, we need to allocate the various privileges to that role. This determines what actions do the users that are assigned to that role can perform.
The method syntax is as follows:
The parameters are as explained in the following:
Object – This refers to the operation objects that the privilege applies to—for example, a Collection, an Index, a Partition, etc. Keep in mind that the value of this parameter is case-sensitive.
Object_name – It specifies the object’s name to which the role is granted the specified privilege.
Privilege – It defines the actual name of the privilege to be granted to the role. Similarly, the actual value of this parameter is case-sensitive.
The following table describes the supported objects and the privileges that you can assign to them:
| Object name | Privilege name |
| Collection | CreateIndex |
| Collection | DropIndex |
| Collection | IndexDetail |
| Collection | Load |
| Collection | Release |
| Collection | Insert |
| Collection | Delete |
| Collection | Search |
| Collection | Flush |
| Collection | Query |
| Collection | GetStatistics |
| Collection | Compaction |
| Collection | Alias |
| Collection | Import |
| Collection | LoadBalance |
| Global | *(All) |
| Global | CreateCollection |
| Global | DropCollection |
| Global | DescribeCollection |
| Global | ShowCollections |
| Global | CreateOwnership |
| Global | DropOwnership |
| Global | SelectOwnership |
| Global | ManageOwnership |
| Global | CreateResourceGroup |
| Global | DropResourceGroup |
| Global | DescribeResourceGroup |
| Global | ListResourceGroups |
| Global | TransferNode |
| Global | TransferReplica |
| Global | RenameCollection |
| Global | CreateDatabase |
| Global | ListDatabases |
| User | UpdateUser |
| User | SelectUser |
For example, suppose we wish to allow the admin user to create an index on a collection called “films”. We can run the code as follows:
from pymilvus.orm.role import Role
connections.connect()
role = Role("admin")
role.grant("Collection", "films", "CreateIndex")
The previous code should allow any admin user to create the indexes on the “films” collection.
PyMilvus Add_User() Method
Unfortunately, we cannot use the role() method by itself. Hence, we pair it with the add_user() method which associates a user with a given role. After this, the user can access the privileges that are assigned to that role.
The method syntax is as follows:
Example Usage:
Let us explore a basic example that demonstrates how to combine the role() method and the add_user() method to add a new role and assign a new user to it.
from pymilvus.orm.role import Role
connections.connect()
role = Role(name=admin)
role.add_user("linuxhint")
users = role.get_users()
print(f"users added to the role: {users}")
The previous code creates a new role called “admin” and assigns the role to the “linuxhint” user.
PyMilvus List_Grants() Method
The list_grants() method allows you to list all privileges that are granted to the current role. The method syntax is as follows:
The method returns a “GrantInfo” object that comprises a list of “GrantItem” objects.
Example:
from pymilvus.orm.role import Role
connections.connect()
role = Role("admin")
print(role.list_grants())
This should print the privileges that are assigned to the admin role.
Conclusion
This post covered the basics of working with roles and role privileges in Milvus using the PyMilvus SDK. You can explore the docs and source code for a more detailed implementation.
