Creating, modifying, and managing users within TigerGraph's RBAC system.
User Management
TigerGraph uses a Role-Based Access Control (RBAC) model. Managing users involves creating identities, assigning passwords, and monitoring login activity.
1. Creating Users
You can create users via the GSQL shell in either interactive or non-interactive mode.
Interactive Mode
Simply run the command and follow the prompts for password entry:
gsqlterminalGSQL > CREATE USER user1 User Name : user1 New Password : *** Re-enter Password : ***
Non-Interactive Mode
Useful for automation and CI/CD pipelines:
gsqlterminalGSQL > CREATE USER -u user1 -p mypassword
2. Username Rules
- Modern (v3.9.3+): Usernames can contain most Unicode characters (including Chinese/Kanji) except for whitespace and control characters.
- Classic: Usernames must match
[a-zA-Z_][a-zA-Z0-9]*or be a valid email address.
[!NOTE] If a username contains special characters or starts with a digit, it must be enclosed in backquotes (e.g.,
`123user`) when used in GSQL commands.
3. Password Management
Users can change their own passwords, while administrators (with WRITE_USER privilege) can change passwords for any user.
gsqlterminal# Change own password GSQL > ALTER PASSWORD # Admin changing another user's password GSQL > ALTER PASSWORD user1
4. Monitoring Users
Use SHOW USER to view role assignments and security metadata:
- LastSuccessLogin: Timestamp of last successful entry.
- FailedAttempts: Count of consecutive failed logins.
- NextValidLogin: If a user is locked out, this shows when they can try again.
gsqlterminalGSQL > SHOW USER user1
5. Removing Users
Dropping a user immediately revokes all their active sessions and role assignments.
gsqlterminalGSQL > DROP USER user1, user2