milvus创建一个用户管理多个库
1.创建用户
export CLUSTER_ENDPOINT="http://localhost:19530"
export TOKEN="root:Milvus"
curl --request POST \
--url "${CLUSTER_ENDPOINT}/v2/vectordb/users/create" \
--header "Authorization: Bearer ${TOKEN}" \
--header "Content-Type: application/json" \
-d '{
"userName": "hxl",
"password": "hxl123456"
}'
2.创建角色
export CLUSTER_ENDPOINT="http://localhost:19530"
export TOKEN="root:Milvus"
curl --request POST \
--url "${CLUSTER_ENDPOINT}/v2/vectordb/roles/create" \
--header "Authorization: Bearer ${TOKEN}" \
--header "Content-Type: application/json" \
-d '{
"roleName": "role_bigdata"
}'
3.角色赋予权限组
库1 CollectionAdmin
export CLUSTER_ENDPOINT="http://localhost:19530"
export TOKEN="root:Milvus"
curl --request POST \
--url "${CLUSTER_ENDPOINT}/v2/vectordb/roles/grant_privilege_v2" \
--header "Authorization: Bearer ${TOKEN}" \
--header "Content-Type: application/json" \
-d '{
"roleName": "role_bigdata",
"privilege": "CollectionAdmin",
"collectionName": "*",
"dbName":"db_test01"
}'
库2 CollectionAdmin
curl --request POST \
--url "${CLUSTER_ENDPOINT}/v2/vectordb/roles/grant_privilege_v2" \
--header "Authorization: Bearer ${TOKEN}" \
--header "Content-Type: application/json" \
-d '{
"roleName": "role_bigdata",
"privilege": "CollectionAdmin",
"collectionName": "*",
"dbName":"db_test02"
}'
库1 DatabaseAdmin
export CLUSTER_ENDPOINT="http://localhost:19530"
export TOKEN="root:Milvus"
curl --request POST \
--url "${CLUSTER_ENDPOINT}/v2/vectordb/roles/grant_privilege_v2" \
--header "Authorization: Bearer ${TOKEN}" \
--header "Content-Type: application/json" \
-d '{
"roleName": "role_bigdata",
"privilege": "DatabaseAdmin",
"collectionName": "*",
"dbName":"db_test01"
}'
库2 DatabaseAdmin
curl --request POST \
--url "${CLUSTER_ENDPOINT}/v2/vectordb/roles/grant_privilege_v2" \
--header "Authorization: Bearer ${TOKEN}" \
--header "Content-Type: application/json" \
-d '{
"roleName": "role_bigdata",
"privilege": "DatabaseAdmin",
"collectionName": "*",
"dbName":"db_test02"
}'
集群只读权限
ClusterReadOnly
curl --request POST \
--url "${CLUSTER_ENDPOINT}/v2/vectordb/roles/grant_privilege_v2" \
--header "Authorization: Bearer ${TOKEN}" \
--header "Content-Type: application/json" \
-d '{
"roleName": "role_bigdata",
"privilege": "ClusterReadOnly",
"collectionName": "*",
"dbName":"*"
}'
4.查看role具有那些权限
curl --request POST \
--url "${CLUSTER_ENDPOINT}/v2/vectordb/roles/describe" \
--header "Authorization: Bearer ${TOKEN}" \
--header "Content-Type: application/json" \
-d '{
"roleName": "role_bigdata"
}'
这里没有列出具体到那个库的权限
[root@localhost milvus]# curl --request POST \
> --url "${CLUSTER_ENDPOINT}/v2/vectordb/roles/describe" \
> --header "Authorization: Bearer ${TOKEN}" \
> --header "Content-Type: application/json" \
> -d '{
> "roleName": "role_bigdata"
> }'
{"code":0,"data":[{"dbName":"*","grantor":"root","objectName":"*","objectType":"Global","privilege":"ClusterReadOnly"}]}
4.角色赋予用户
export CLUSTER_ENDPOINT="http://localhost:19530"
export TOKEN="root:Milvus"
curl --request POST \
--url "${CLUSTER_ENDPOINT}/v2/vectordb/users/grant_role" \
--header "Authorization: Bearer ${TOKEN}" \
--header "Content-Type: application/json" \
-d '{
"roleName": "role_bigdata",
"userName": "hxl"
}'
删除角色
删除角色比较麻烦,需要将角色里的权限全部移除后才能删除角色
##ClusterReadOnly
curl --request POST \
--url "${CLUSTER_ENDPOINT}/v2/vectordb/roles/revoke_privilege_v2" \
--header "Authorization: Bearer ${TOKEN}" \
--header "Content-Type: application/json" \
-d '{
"roleName": "role_bigdata",
"privilege": "ClusterReadOnly",
"collectionName": "*",
"dbName":"*"
}'
##CollectionAdmin
curl --request POST \
--url "${CLUSTER_ENDPOINT}/v2/vectordb/roles/revoke_privilege_v2" \
--header "Authorization: Bearer ${TOKEN}" \
--header "Content-Type: application/json" \
-d '{
"roleName": "role_bigdata",
"privilege": "CollectionAdmin",
"collectionName": "*",
"dbName":"db_test01"
}'
curl --request POST \
--url "${CLUSTER_ENDPOINT}/v2/vectordb/roles/revoke_privilege_v2" \
--header "Authorization: Bearer ${TOKEN}" \
--header "Content-Type: application/json" \
-d '{
"roleName": "role_bigdata",
"privilege": "CollectionAdmin",
"collectionName": "*",
"dbName":"db_test02"
}'
##DatabaseAdmin
curl --request POST \
--url "${CLUSTER_ENDPOINT}/v2/vectordb/roles/revoke_privilege_v2" \
--header "Authorization: Bearer ${TOKEN}" \
--header "Content-Type: application/json" \
-d '{
"roleName": "role_bigdata",
"privilege": "DatabaseAdmin",
"collectionName": "*",
"dbName":"db_test01"
}'
curl --request POST \
--url "${CLUSTER_ENDPOINT}/v2/vectordb/roles/revoke_privilege_v2" \
--header "Authorization: Bearer ${TOKEN}" \
--header "Content-Type: application/json" \
-d '{
"roleName": "role_bigdata",
"privilege": "DatabaseAdmin",
"collectionName": "*",
"dbName":"db_test02"
}'
##最后删除
curl --request POST \
--url "${CLUSTER_ENDPOINT}/v2/vectordb/roles/drop" \
--header "Authorization: Bearer ${TOKEN}" \
--header "Content-Type: application/json" \
-d '{
"roleName": "role_bigdata"
}'
浙公网安备 33010602011771号