Bureaucrats, editor, reviewer, Administrators
13,550
edits
Changes
Jump to navigation
Jump to search
no edit summary
This article is part of the [[Advanced User's Guide]]. The user management defines which permissions are required by a user to perform a database command or XQuery expression.
Permissions are mostly relevant in the client/server architecture, as the [[Standalone ModeGUI]] and the [[GUICommand-Line Client]] is run with admin permissions.There are a few exceptions such as the [[XQuery Module#xquery:eval|xquery:eval]] function: Its execution scope can also be limited by specifying a permission.
Please take care of usual security measures: ensure that your password will not end up in your bash history, avoid sending passwords via ordinary REST requests, etc.
==XQuery==
The available user functions are listed in the [[User Module]]:
'''Create user 'test' with no permissions:'''
The permission file {{Code|users.xml}} is stored in the database directory. This file can be manually edited; it will be parsed once when BaseX is started.
Salted SHA256 hashes are used for authentication (the current timestamp will be used as salt). Additionally, digest hashes are used in the client/server architecture and the [[Clients|Language Bindings]], and in the [[Web Application|HTTP Context]] if the [[Options#AUTHMETHOD{{Option|AUTHMETHOD]] }} is set to {{Code|Digest}}.
=Changelog=
Revised in Version 8.0.
