1.创建用户
export CLUSTER_ENDPOINT="http://localhost:19530"
export TOKEN="root:Milvus"curl --request POST \
--url "${CLUSTER_ENDPOINT}/v2/vectordb/users/create" \
--header "Authorization: Bearer ${TOKEN}" \
--header "Content-Type: application/json" \
-d '{"userName": "hxl","password": "hxl123456"
}'
2.创建角色
export CLUSTER_ENDPOINT="http://localhost:19530"
export TOKEN="root:Milvus"
curl --request POST \
--url "${CLUSTER_ENDPOINT}/v2/vectordb/roles/create" \
--header "Authorization: Bearer ${TOKEN}" \
--header "Content-Type: application/json" \
-d '{"roleName": "role_bigdata"
}'
3.角色赋予权限组
库1 CollectionAdmin
export CLUSTER_ENDPOINT="http://localhost:19530"
export TOKEN="root:Milvus"
curl --request POST \
--url "${CLUSTER_ENDPOINT}/v2/vectordb/roles/grant_privilege_v2" \
--header "Authorization: Bearer ${TOKEN}" \
--header "Content-Type: application/json" \
-d '{"roleName": "role_bigdata","privilege": "CollectionAdmin","collectionName": "*","dbName":"db_test01"
}'
库2 CollectionAdmin
curl --request POST \
--url "${CLUSTER_ENDPOINT}/v2/vectordb/roles/grant_privilege_v2" \
--header "Authorization: Bearer ${TOKEN}" \
--header "Content-Type: application/json" \
-d '{"roleName": "role_bigdata","privilege": "CollectionAdmin","collectionName": "*","dbName":"db_test02"
}'
库1 DatabaseAdmin
export CLUSTER_ENDPOINT="http://localhost:19530"
export TOKEN="root:Milvus"
curl --request POST \
--url "${CLUSTER_ENDPOINT}/v2/vectordb/roles/grant_privilege_v2" \
--header "Authorization: Bearer ${TOKEN}" \
--header "Content-Type: application/json" \
-d '{"roleName": "role_bigdata","privilege": "DatabaseAdmin","collectionName": "*","dbName":"db_test01"
}'
库2 DatabaseAdmin
curl --request POST \
--url "${CLUSTER_ENDPOINT}/v2/vectordb/roles/grant_privilege_v2" \
--header "Authorization: Bearer ${TOKEN}" \
--header "Content-Type: application/json" \
-d '{"roleName": "role_bigdata","privilege": "DatabaseAdmin","collectionName": "*","dbName":"db_test02"
}'
集群只读权限
ClusterReadOnly
curl --request POST \
--url "${CLUSTER_ENDPOINT}/v2/vectordb/roles/grant_privilege_v2" \
--header "Authorization: Bearer ${TOKEN}" \
--header "Content-Type: application/json" \
-d '{"roleName": "role_bigdata","privilege": "ClusterReadOnly","collectionName": "*","dbName":"*"
}'
4.查看role具有那些权限
curl --request POST \
--url "${CLUSTER_ENDPOINT}/v2/vectordb/roles/describe" \
--header "Authorization: Bearer ${TOKEN}" \
--header "Content-Type: application/json" \
-d '{"roleName": "role_bigdata"
}'
这里没有列出具体到那个库的权限
[root@localhost milvus]# curl --request POST \
> --url "${CLUSTER_ENDPOINT}/v2/vectordb/roles/describe" \
> --header "Authorization: Bearer ${TOKEN}" \
> --header "Content-Type: application/json" \
> -d '{
> "roleName": "role_bigdata"
> }'
{"code":0,"data":[{"dbName":"*","grantor":"root","objectName":"*","objectType":"Global","privilege":"ClusterReadOnly"}]}
4.角色赋予用户
export CLUSTER_ENDPOINT="http://localhost:19530"
export TOKEN="root:Milvus"curl --request POST \
--url "${CLUSTER_ENDPOINT}/v2/vectordb/users/grant_role" \
--header "Authorization: Bearer ${TOKEN}" \
--header "Content-Type: application/json" \
-d '{"roleName": "role_bigdata","userName": "hxl"
}'