A role is a predefined set of permissions that determines what actions and operations does a user or group can perform within the Milvus system.
As the database administrator, you often need to control certain functionalities and data within the Milvus system by assigning specific roles to users or groups.
Roles then allow you to define the granular permissions for different users and groups based on responsibilities and groups.
Requirements:
- Access to a Milvus server
- Python 3.10 and above
- Installed PyMilvus SDK
PyMilvus Role() Method
In Milvus, the Role() is a constructor method that allows us to define a new role in the Milvus cluster.
The method parameters are expressed as follows:
The name parameter determines the name of the role to create. The “using” parameters specify the alias of the Milvus connection to be attached to.
The method returns a new role object.
PyMilvus Grant() Method
Once we defined a new role, we need to allocate the various privileges to that role. This defines what actions do the users that are assigned to that role can perform.
The method syntax is as follows:
The parameters are as explained as follows:
Object – This refers to the type of operation object to which the privilege applies. For example, a Collection, an Index, a Partition, etc. Keep in mind that the value of this parameter is case-sensitive.
Object_name – It specifies the name of the object to which the role is granted the specified privilege.
Privilege – It defines the actual name of the privilege to be granted to the role. Similarly, the actual value of this parameter is case-sensitive.
The following table describes the supported objects and the privileges that you can assign to them:
Object name | Privilege name |
---|---|
Collection | CreateIndex |
Collection | DropIndex |
Collection | IndexDetail |
Collection | Load |
Collection | Release |
Collection | Insert |
Collection | Delete |
Collection | Search |
Collection | Flush |
Collection | Query |
Collection | GetStatistics |
Collection | Compaction |
Collection | Alias |
Collection | Import |
Collection | LoadBalance |
Global | *(All) |
Global | CreateCollection |
Global | DropCollection |
Global | DescribeCollection |
Global | ShowCollections |
Global | CreateOwnership |
Global | DropOwnership |
Global | SelectOwnership |
Global | ManageOwnership |
Global | CreateResourceGroup |
Global | DropResourceGroup |
Global | DescribeResourceGroup |
Global | ListResourceGroups |
Global | TransferNode |
Global | TransferReplica |
Global | RenameCollection |
Global | CreateDatabase |
Global | ListDatabases |
User | UpdateUser |
User | SelectUser |
For example, suppose we wish to allow the admin user to create an index on a collection called “films”. We can run the code as follows:
from pymilvus.orm.role import Role
connections.connect()
role = Role("admin")
role.grant("Collection", "films", "CreateIndex")
The previous code should allow any user that is assigned with the admin role to create the indexes on the “films” collection.
PyMilvus Add_User() Method
Unfortunately, we cannot use the role() method by itself. Hence, we pair it with the add_user() method which associates a given user with a given role. After this, the user can access the privileges that are assigned to that role.
The method syntax is as follows:
The username defines an already existing user on the server.
Example Usage:
Let us explore a basic example that demonstrates how to combine the role() method and the add_user() method to add a new role and assign a new user to it.
from pymilvus.orm.role import Role
connections.connect()
role = Role(name=admin)
role.add_user("linuxhint")
users = role.get_users()
print(f"users added to the role: {users}")
The previous code creates a new role called “admin” and assigns the role to the “linuxhint” user.
It is good to keep in mind that the ability to create new users requires you to enable the authentication for your Milvus cluster.
Conclusion
We learned how we can combine the role() and the add_user() methods in the PyMilvus SDK to create new roles and users in the cluster.