Bureaucrats, editor, reviewer, Administrators
13,551
edits
Changes
Jump to navigation
Jump to search
The permission file is located in the '''database directory'''; it is called {{Code|users.xml}}. This file can be manually edited; it will be parsed when BaseX is started.
Both local and global permissions are stored in the same file. '''Glob patterns''' are used for local database permissions. '''Salted sha256''' hashes are used for authentication (the current timestamp will be used as salt). Additionally, '''digest''' hashes are used in the client/server architecture and the [[Clients|Language Bindings]], and in the [[Web Application|HTTP Context]] if the [[Options#AUTHMETHOD|AUTHMETHOD]] is set to {{Code|Digest}}.
Admin permissions are required to execute all of the following commands:=Commands=
'''Show detailed information about user 'test' via XQuery:'''
'''Drop of <code>user :list-details()[@name = 'test' via XQuery:''']</code>
<code>> XQUERY '''Drop user'test':drop('test')</code> '
==XQuery==<code>user:drop('test')</code>
The [[User Module]] allows you to organize users via '''XQuery'''. An example:=Storage=
'''Create user 'test' with no permissions:The permission file {{Code|users.xml}} is stored in the database directory. This file can be manually edited; it will be parsed once when BaseX is started.
<code>db:createSalted SHA256 hashes are used for authentication ('test'the current timestamp will be used as salt). Additionally, 'top-secret')<digest hashes are used in the client/code>server architecture and the [[Clients|Language Bindings]], and in the [[Web Application|HTTP Context]] if the [[Options#AUTHMETHOD|AUTHMETHOD]] is set to {{Code|Digest}}.
→XQuery
Permissions are mostly relevant in the client/server architecture, as the [[Standalone Mode]] and the [[GUI]] is run with admin permissions.
There are a few exceptions such as the [[XQuery Module#xquery:eval|xquery:eval]] function: Its execution scope can also be limited by specifying a permission.
Please take care of usual security measures: ensure that your password will not end up in your bash history, avoid sending passwords via ordinary REST requests, etc.
User names must follow the [[Valid Names|valid names constraints]], and the database patterns must follow the [[Commands#Glob_Syntax|Glob Syntax]].
==CommandsOperations== For all operations, admin permissions are required:
'''Create user 'test' (password will be entered on command line). By default, the user will have no permissions ('none'):
<code>> SHOW USERS</code>
==XQuery== The available user functions are listed in the [[User Module]]: '''Create user 'test' with no permissions:''' <code>> XQUERY userdb:list-detailscreate()[@name = 'test'], 'top-secret')</code> '''Show detailed information about user 'test':'''
=Changelog=
Revised in Version 8.0.
