Bureaucrats, editor, reviewer, Administrators
13,550
edits
Changes
Jump to navigation
Jump to search
With {{Version|8.0}}, the user management has been reworkedPlease take care of usual security measures: * Permissions can be manually editedensure that your password will not end up in your bash history, as they are now stored as XML.* The permission file has been moved from the home directory to the database directory. It was renamed from {{Code|.basexperm}} to {{Code|users.xml}}.* Local permissions are now defined for database glob patterns. Both local and global permissions are stored in the same file.* A new [[User Module]] was introduced to allow user management avoid sending passwords via XQueryordinary REST requests, etc.
Admin For all operations, admin permissions are required to execute all of the following commands: =Commands=
'''Show detailed information about user 'test' via XQuery:'''
'''Drop of user 'test' via XQuery:'''=Storage=
<code>>The permission file {{Code|users.xml}} is stored in the database directory. This file can be manually edited; XQUERY user:drop('test')</code> it will be parsed once when BaseX is started.
→XQuery
This article is part of the [[Advanced User's Guide]].The user management defines which permissions are requiredby a user to perform a database command or XQuery expression.
Permissions are mostly relevant in the client/server architecture, as the[[Standalone Mode]] and the [[GUI]] is run with admin permissions.There are a few exceptions such as the [[XQuery Module#xquery:eval|xquery:eval]] function:its Its execution scope can also be limited by specifying a permission.
==Rules==
User names must follow the [[Valid Names|valid names constraints]], and the database patterns must follow the [[Commands#Glob_Syntax|Glob Syntax]].
==CommandsOperations==
'''Create user 'test' (password will be entered on command line). By default, the user will have no permissions ('none'):
<code>> SHOW USERS</code>
==XQuery== The available user functions are listed in the [[User Module]]: '''Create user 'test' with no permissions:''' <code>db:create('test', 'top-secret')</code> '''Show detailed information about user 'test':''' <code>> XQUERY user:list-details()[@name = 'test']</code> '''Drop user 'test':''' <code>user:drop('test')</code>
Salted SHA256 hashes are used for authentication (the current timestamp will be used as salt). Additionally, digest hashes are used in the client/server architecture and the [[Category:ServerClients|Language Bindings]], and in the [[Category:InternalsWeb Application|HTTP Context]]if the [[Options#AUTHMETHOD|AUTHMETHOD]] is set to {{Code|Digest}}.
=Changelog=
Revised in Version 8.0.
