All Products
Search

This Product

    Vector Retrieval Service for Milvus:Manage users and roles

    Document Center

    Vector Retrieval Service for Milvus:Manage users and roles

    Last Updated:Sep 22, 2025

    Milvus uses Role-Based Access Control (RBAC) for fine-grained permission management. Administrators can create roles, assign privileges to them, and then grant these roles to users. This approach simplifies permission management: instead of modifying privileges for each user, an administrator only needs to adjust the role's privileges, ensuring efficient and secure access control.

    Prerequisites

    • You have installed the PyMilvus library on your local client and updated it to the latest version.

      If you have not installed the PyMilvus library or need to update it, run the following command.

      pip install --upgrade pymilvus

    • You have created a Milvus instance. For more information, see Create a Milvus instance.

    • You have connected to your Milvus instance. The following example shows how to create a Milvus client.

      from pymilvus import MilvusClient, Role

client = MilvusClient(
    uri="http://c-xxxx.milvus.aliyuncs.com:19530",  # The public endpoint of your Milvus instance.
    token="<yourUsername>:<yourPassword>",  # The username and password for your Milvus instance.
    db_name="default"  # The name of the database to connect to. This example uses the default database.
)

    Create a user

    # Create a new user named "user_milvus".
client.create_user(user_name="user_milvus", password="<yourPassword>")

    You can also perform the following operations:

    • Update a user password

      client.update_password(
    user_name="user_milvus",
    old_password="<yourPassword>",
    new_password="<yourNewPassword>"
)

    • List all users

      client.list_users()

    • List the roles of a user

      client.describe_user(user_name="user_milvus")

    • List all roles

      client.list_roles()

    Create a role

    client.create_role(role_name="role_milvus")  # Define the name for the new role. This example uses role_milvus.

    Grant privileges to a role

    read_only_privileges = [
  {"object_type": "Global", "object_name": "*", "privilege": "DescribeCollection"},
  {"object_type": "Global", "object_name": "*", "privilege": "ShowCollections"},
  {"object_type": "Collection", "object_name": "*", "privilege": "Search"},
  {"object_type": "Collection", "object_name": "*", "privilege": "Query"},
] 

for item in read_only_privileges:
    client.grant_privilege(
        role_name="role_milvus",
        object_type=item["object_type"],
        privilege=item["privilege"],
        object_name=item["object_name"]
    )

    Grant a role to a user

    client.grant_role(user_name="user_milvus", role_name="role_milvus")

    Revoke a role from a user

    client.revoke_role(user_name="user_milvus", role_name="role_milvus")