Bureaucrats, editor, reviewer, Administrators
13,550
edits
Changes
Jump to navigation
Jump to search
All global Local permissions are stored in the file [[Configuration#Configuration Files|applied to databases.basexperm]],They have a higher precedenceand local override global permissions are encoded in the database meta data ([[Storage Layout|inf.basex]]).
As global permissions, you can set 'none', 'read', 'Grant local write', 'create' and 'admin': '''Grant all permissions to user 'test': '''
<code>> GRANT admin TO test</code> Valid local permissions are 'none', 'read' and 'write': '''Granting write permission on database 'factbook' to user 'test': ''' <code>> GRANT write ON factbook unit* TO test</code>
no edit summary
This article is part of the [[Advanced User's Guide]].
The user management defines which permissions are required
by a user to perform a specific [[Commands|database command]]or XQuery expression.
Permissions are only mostly relevant in the client/server architecture: , as the [[Standalone Mode]] and the [[GUI]] is run with admin permissions.There are a few exceptions such as the [[XQuery Module#xquery:eval|xquery:eval]] function:its execution scope can also be limited by specifying a permission. With {{Version|8.0}}, the user management has been reworked: * Permissions can be manually edited, as they are now stored as XML.* The permission file has been moved from the home directory to the database directory. It was renamed from {{Code|.basexperm}} to {{Code|users.xml}}.* Local permissions are now defined for database glob patterns. Both local and global permissions are stored in the same file.* A new [[User Module]] was introduced to allow user management via XQuery. ==Rules==
In the permission hierarchy below, the existing permissions are illustrated.
A higher permission includes all lower permissions.
For example, all users who have the <code>WRITEwrite</code> permission assignedwill also be able to execute commands requiring <code>READread</code> permission.Next, local permissions exist, which can be assigned to single databases.Local permission have a higher priority and override global permissions.
[[File:perms.png|none|thumb|403px|Permissions hierarchy]]
User names must follow the [[Valid Names|valid names constraints]], and the database patterns must follow the [[Commands#Glob_Syntax|Glob Syntax]].
==Commands==
Admin permissions are needed required to execute all of the following commands: '''Creating Create user 'test' (password will be entered on command line). By default, the user will have no permissions ('none'):
<code>> CREATE USER test</code>
'''Change password of user 'test' password (password will be entered on command line)to '71x343sd#':
<code>> ALTER USER PASSWORD test71x343sd#</code>
Note: Local permissions overwrite global permissions.
As a consequence, the 'test' user will only be allowed toaccess (i.e., read and write) database starting with the letters 'factbookunit' database.If no local permissions are set, the global rights areinherited.
'''Showing Show global permissions:'''
<code>> SHOW USERS</code>
'''Showing local permissions on database Show detailed information about user 'factbooktest'via XQuery:'''
<code>> SHOW USERS ON factbookXQUERY user:list-details()[@name = 'test']</code>
'''Dropping Drop of user 'test'via XQuery:'''
<code>> DROP USER XQUERY user:drop('test')</code>
[[Category:Server]]
[[Category:Internals]]
=Changelog=
Revised in Version 8.0.
