Milvus
Zilliz
Star44.4KBook a DemoTry Managed Milvus
< Docs

revoke_privileges()

Revokes a privilege previously granted to a role on a specific object. Use this method to restrict a role’s access to a particular resource.

This method is deprecated. For the latest equivalent, refer to revoke_privilege().

Request Syntax

client.revoke_privilege(
    role_name: str,
    object_type: str,
    privilege: str,
    object_name: str,
    db_name: str = "",
    timeout: float = None
)

PARAMETERS:

  • role_name (str) –

    [REQUIRED]

    The name of the role to revoke privileges from.

  • object_type (str) –

    [REQUIRED]

    The type of the object from which the privilege is being revoked.

    Possible values:

    • Global: System-wide objects, allowing the user to perform actions that affect all collections, users, or system-wide settings. When object_type is set to Global, set object_name to the wildcard (*), indicating all objects of the specified type.

    • Collection: Collection-specific objects, allowing the user to perform actions such as creating indexes, loading data, inserting or deleting data, and querying data within a specific collection.

    • User: Objects related to user management, allowing the user to manage credentials and roles for database users, such as updating user credentials or viewing user details.

  • privilege (str) –

[REQUIRED]

The name of the privilege to revoke. 

For details, refer to the **Privilege name** column in the table on page [Users and Roles](https://milvus.io/docs/users_and_roles.md).

  • object_name (str) –

    [REQUIRED]

    The name of the object to control access for. For example, if the object type is Collection, the object name is the name of a collection. If the object type is User, the object name is the name of a database user.

    When object_type is set to Global, set object_name to the wildcard (*), indicating all objects of the specified type. For details, refer to the Relevant API column in the table on page Users and Roles.

  • db_name (str) –

    The name of a database.

    This parameter is optional. Setting this parameter restricts the privilege revocation within the specified database.

  • timeout (float) –

    The timeout duration for this operation.

    Setting this to None indicates that this operation times out when any response arrives or any error occurs.

RETURN TYPE:

None

EXCEPTIONS:

  • BaseException

    This exception will be raised when this operation fails.

Example

from pymilvus import MilvusClient

# 1. Create a milvus client
client = MilvusClient(
    uri="http://localhost:19530",
    token="root:Milvus"
)

read_only_privileges = [
  # DescribeCollection permission on all collections
  {"object_type": "Global", "object_name": "*", "privilege": "DescribeCollection"},
  # ShowCollections permission on all collections
  {"object_type": "Global", "object_name": "*", "privilege": "ShowCollections"},
  # Search permission on the specified `quick_setup` collection
  {"object_type": "Collection", "object_name": "quick_setup", "privilege": "Search"},
  # Query permission on all collections
  {"object_type": "Collection", "object_name": "*", "privilege": "Query"}
] 

# 2. Create a role
client.create_role(role_name="read_only")

# 3. Grant privileges
for item in read_only_privileges:
    client.grant_privilege(
        role_name="read_only",
        object_type=item["object_type"],
        privilege=item["privilege"],
        object_name=item["object_name"]
    )
    
# 4. Revoke privilege
client.revoke_privilege(
    role_name="read_only",
    object_type="Global",
    privilege="DescribeCollection",
    object_name="*"
)

Try Managed Milvus for Free

Zilliz Cloud is hassle-free, powered by Milvus and 10x faster.

Get Started
Feedback

Was this page helpful?