From 58ede228a4272500fb640dee897f52c3ea26ffe2 Mon Sep 17 00:00:00 2001 From: Guy Korland Date: Wed, 4 Dec 2024 15:59:22 +0200 Subject: [PATCH] Create acl.md (#89) * Create acl.md --- .wordlist.txt | 8 ++- commands/acl.md | 135 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 142 insertions(+), 1 deletion(-) create mode 100644 commands/acl.md diff --git a/.wordlist.txt b/.wordlist.txt index f9e8c1f..93e8975 100644 --- a/.wordlist.txt +++ b/.wordlist.txt @@ -1,3 +1,4 @@ +ACL AOF AST Aldis @@ -16,6 +17,7 @@ ColumnType Costanza Cypher DateTime +DELUSER Ducati FOF FOREACH @@ -25,6 +27,7 @@ FalkorDB's FalkorDBQAChain Gadepally Geospatial +GETUSER GPL GrAPL GraphBLAS @@ -77,6 +80,7 @@ RedisGraph RedisInsight Roi Rueian +SETUSER SDK SDKs SLOWLOG @@ -85,6 +89,7 @@ SSPLv SSpaths Sceat Stopwords +Subcommands TF TTY UNIQIE @@ -220,6 +225,7 @@ startNode stopwords str strList +subcommands sublist subqueries subquery @@ -292,4 +298,4 @@ urlencoded userName www yourQuery -yourSourceName \ No newline at end of file +yourSourceName diff --git a/commands/acl.md b/commands/acl.md new file mode 100644 index 0000000..02b28a7 --- /dev/null +++ b/commands/acl.md @@ -0,0 +1,135 @@ +--- +title: "ACL" +nav_order: 100 +description: > + Managing Access Control Lists, enabling administrators to control user permissions at a granular level +parent: "Commands" +--- + +# ACL + +The ACL command in FalkorDB provides tools for managing Access Control Lists, +enabling administrators to control user permissions at a granular level. +This command is crucial for maintaining secure access to your FalkorDB instances. + +Usage: `ACL [SUBCOMMAND] [arg1] [arg2] ...` + +## Subcommands + +### ACL HELP + +Returns a list of all available `ACL` subcommands and their syntax. + +Usage: `ACL HELP` + +#### Example + +``` +> ACL HELP +``` + +#### Output + +``` +1) "GETUSER" +2) "SETUSER" +3) "DELUSER" +4) "LIST" +... +``` + +### ACL SETUSER + +Defines or updates a user's permissions. + +Usage: `ACL SETUSER [rule1] [rule2] ...` + +#### Rules + + * on / off: Enables or disables the user account. + * nopass: Allows access without a password. + * password:: Sets a password for the user. + * ~: Restricts access to graphs matching the given pattern. + * +: Grants permission to execute specific commands. + * -: Denies permission to execute specific commands. + +#### Example + +``` +> ACL SETUSER john on >password123 +GRAPH.LIST +GRAPH.RO_QUERY ~* +``` + +### ACL GETUSER + +Retrieves details about a specific user, including permissions and settings. +Syntax + +Usage: `ACL GETUSER ` + +#### Example + +``` +> ACL GETUSER john +``` + +#### Output + +``` +1) "on" +2) ">password123" +3) "+GRAPH.LIST" +4) "+GRAPH.RO_QUERY" +5) "~*" +``` + +### ACL DELUSER + +Deletes a user from the ACL. + +Usage: `ACL DELUSER ` + +#### Example + +``` +> ACL DELUSER john +``` + +### ACL LIST + +Lists all users currently configured in the ACL. + +Usage: `ACL LIST` + +#### Example + +``` +> ACL LIST +``` + +#### Output + +``` +1) "admin" +2) "john" +3) "guest" +``` + +### ACL LOG + +Displays a log of recent ACL-related events, such as user authentication attempts or rule changes. + +Usage: `ACL LOG [count]` + + * count: (Optional) Limits the number of entries in the log. + +#### Example + +``` +> ACL LOG 10 +``` + +## Notes + + The ACL command is available only to users with administrative privileges. + Be cautious when using the nopass rule, as it may compromise security. + Use specific patterns and commands to enforce the principle of least privilege.