Doc new GRAPH.ACL commands #203
Description
GRAPH.ACL
GRAPH.PASSWORD
FalkorDB Access Management Commands
FalkorDB introduces two administrative commands, GRAPH.ACL and GRAPH.PASSWORD, designed to enhance access control and password management.
These commands allow administrators to securely define user permissions, roles, and authentication policies at the graph level.
GRAPH.ACL
Overview
The GRAPH.ACL command manages user accounts and permissions for graph access.
It provides runtime control to create, modify, delete, and audit users with fine-grained privileges.
Syntax
GRAPH.ACL [SUBCOMMAND] [ARGUMENTS...]
Subcommands
-
"GETUSER"
-
"SETUSER"
-
"DELUSER"
-
"LIST"
GRAPH.ACL SETUSER
Creates or updates users with specific rules and access privileges.
GRAPH.ACL SETUSER <username> [rule1] [rule2] ...
Supported Rules:
on / off Enable or disable user login
nopass Allow access without password
Example:
GRAPH.ACL SETUSER john on >mySecret123 +GRAPH.QUERY +GRAPH.RO_QUERY ~sales*
This creates user john with:
- Active status
- Password
mySecret123 - Access limited to graphs starting with
sales - Permission for read-only and query execution
GRAPH.ACL GETUSER
Retrieves configuration for a specific user.
GRAPH.ACL GETUSER <username>
Example:
GRAPH.ACL GETUSER john
"on"
">mySecret123"
"+GRAPH.QUERY"
"+GRAPH.RO_QUERY"
"~sales*"
GRAPH.ACL DELUSER
Deletes a user from the system.
GRAPH.ACL DELUSER <username>
Example:
GRAPH.ACL DELUSER john
GRAPH.ACL LIST
Lists all existing users.
GRAPH.ACL LIST
GRAPH.PASSWORD
Description
The GRAPH.PASSWORD command securely sets or updates user passwords within FalkorDB.
It complements GRAPH.ACL by allowing password changes without altering user privileges.
Usage Patterns
The behavior of GRAPH.PASSWORD depends on the user context and argument count:
1. Change Own Password (Single Argument)
If a regular user wants to change their own password:
GRAPH.PASSWORD <new_password>
This command updates the password only for the currently authenticated user.
Example:
GRAPH.PASSWORD S3cureMyPass!
OK