Difference between revisions of "User Management"
Line 7: | Line 7: | ||
For example, all users who have the <code>WRITE</code> permission assigned | For example, all users who have the <code>WRITE</code> permission assigned | ||
will also be able to execute commands requiring <code>READ</code> permission. | will also be able to execute commands requiring <code>READ</code> permission. | ||
− | Next, local permissions can be assigned to databases | + | Next, local permissions exist, which can be assigned to single databases. |
− | + | Local permission have a higher priority and override global permissions. | |
+ | |||
+ | All global permissions are stored in the [[Configuration#Configuration Files|.basexperm]] file; | ||
+ | local permissions are stored in the database meta data ([[Storage Layout|inf.basex]]). | ||
[[File:perms.png|none|thumb|403px|Permissions hierarchy]] | [[File:perms.png|none|thumb|403px|Permissions hierarchy]] |
Revision as of 03:00, 6 April 2012
This article is part of the Advanced User's Guide. The user management defines which permissions are required by a user to perform a specific database command.
In the permission hierarchy below, the existing permissions are illustrated.
A higher permission includes all lower permissions.
For example, all users who have the WRITE
permission assigned
will also be able to execute commands requiring READ
permission.
Next, local permissions exist, which can be assigned to single databases.
Local permission have a higher priority and override global permissions.
All global permissions are stored in the .basexperm file; local permissions are stored in the database meta data (inf.basex).
User names must follow the valid names constraints.
Commands
Admin permissions are needed to execute all of the following commands:
Creating user 'test' (password will be entered on command line):
> CREATE USER test
Change user 'test' password (password will be entered on command line):
> ALTER USER test
As global permissions, you can set 'none', 'read', 'write', 'create' and 'admin':
Grant all permissions to user 'test':
> GRANT admin TO test
Valid local permissions are 'none', 'read' and 'write':
Granting write permission on database 'factbook' to user 'test':
> GRANT write ON factbook TO test
Note: Local permissions overwrite global permissions. As a consequence, the 'test' user will only be allowed to access (i.e., read and write) the 'factbook' database. If no local permissions are set, the global rights are inherited.
Showing global permissions:
> SHOW USERS
Showing local permissions on database 'factbook':
> SHOW USERS ON factbook
Dropping of user 'test':
> DROP USER test