Revision as of 14:20, 20 July 2022

This XQuery Module contains functions for creating and administering database users. The User Management article gives more information on database users and permissions.

Conventions

All functions and errors in this module are assigned to the http://basex.org/modules/user namespace, which is statically bound to the user prefix.

Read Operations

user:current

Signatures	`user:current() as xs:string`
Summary	Returns the name of the currently logged in user.
Examples	If the GUI or the standalone mode is used, `user:current()` always returns `admin`.

user:list

Signatures	`user:list() as xs:string*`
Summary	Returns the names of all registered users that are visible to the current user.
Examples	After a fresh installation, `user:list()` will only return `admin`.

user:list-details

Signatures	`user:list-details() as element(user)` `user:list-details($name as xs:string) as element(user)`
Summary	Returns an element sequence, containing all registered users that are visible to the current user. In addition to the `SHOW USERS` command, encoded password strings and database permissions will be output. A user `$name` can be specified to filter the results in advance.
Examples	After a fresh installation, `user:list-details()` returns output similar to the following one: <syntaxhighlight lang="xml"> <user name="admin" permission="admin"> <password algorithm="digest"> <hash>304bdfb0383c16f070a897fc1eb25cb4</hash> </password> <password algorithm="salted-sha256"> <salt>871602799292195</salt> <hash>a065ca66fa3d6da5762c227587f1c8258c6dc08ee867e44a605a72da115dcb41</hash> </password> </user> </syntaxhighlight>
Errors	`unknown`: The specified user name is unknown.

user:exists

Signatures	`user:exists($name as xs:string) as xs:boolean`
Summary	Checks if a user with the specified `$name` exists.
Examples	`user:exists('admin')` will always yield true.
Errors	`name`: The specified user name is invalid.

user:check

Signatures	`user:check($name as xs:string, $password as xs:string) as empty-sequence()`
Summary	Checks if the specified user and password is correct. Raises errors otherwise.
Examples	`user:check('admin', 'admin')` will raise an error if the admin password was changed.
Errors	`name`: The specified user name is invalid. `unknown`: The specified user does not exist. `password`: The specified password is wrong.

user:info

Signatures	`user:info() as element(info)` `user:info($name as xs:string) as element(info)`
Summary	Returns an `info` element, which may contain application-specific data. If a user `$name` is supplied, a user-specific element is returned. By default, the returned element has no contents. It can be modified via `user:update-info`.
Examples	After a fresh installation, `user:info()` returns `<info/>`.

Updates

Important note: All functions in this section are updating functions: they will not be immediately executed, but queued on the Pending Update List, which will be processed after the actual query has been evaluated. This means that the order in which the functions are specified in the query does usually not reflect the order in which the code will be evaluated.

user:create

Signatures	`user:create($name as xs:string, $password as xs:string) as empty-sequence()` `user:create($name as xs:string, $password as xs:string, $permissions as xs:string) as empty-sequence()` `user:create($name as xs:string, $password as xs:string, $permissions as xs:string, $patterns as xs:string) as empty-sequence()` `user:create($name as xs:string, $password as xs:string, $permissions as xs:string, $patterns as xs:string*, $info as element(info)) as empty-sequence()`
Summary	Creates a new user with the specified `$name`, `$password`, and `$permissions`: Local permissions are granted with non-empty glob `$patterns`. An `$info` element with application-specific information can be supplied. The default global permission (none) can be overwritten with an empty pattern or by omitting the last argument. Existing users will be overwritten.
Examples	`user:create('John', '7e$j#!1', 'admin')` creates a new user 'John' with admin permissions. `user:create('Jack', 'top!secret', 'read', 'index*')` creates a new user 'Jack' with read permissions for databases starting with the letters 'index'.
Errors	`name`: The specified user name is invalid. `permission`: The specified permission is invalid. `admin`: The "admin" user cannot be modified. `logged-in`: The specified user is currently logged in. `update`: The operation can only be performed once per user or database pattern.

user:grant

Signatures	`user:grant($name as xs:string, $permissions as xs:string) as empty-sequence()` `user:grant($name as xs:string, $permissions as xs:string, $patterns as xs:string*) as empty-sequence()`
Summary	Grants global or local `$permissions` to a user with the specified `$name`. Local permissions are granted with non-empty glob `$patterns`.
Examples	`user:grant('John', 'create')` grants create permissions to the user 'John'. `user:grant('John', ('read','write'), ('index','unit'))` allows John to read all databases starting with the letters 'index', and to write to all databases starting with 'unit'.
Errors	`unknown`: The specified user name is unknown. `name`: The specified user name is invalid. `pattern`: The specified database pattern is invalid. `permission`: The specified permission is invalid. `admin`: The "admin" user cannot be modified. `local`: A local permission can only be 'none', 'read' or 'write'. `logged-in`: The specified user is currently logged in. `update`: The operation can only be performed once per user or database pattern.

user:drop

Signatures	`user:drop($name as xs:string) as empty-sequence()` `user:drop($name as xs:string, $patterns as xs:string*) as empty-sequence()`
Summary	Drops a user with the specified `$name`. If non-empty glob `$patterns` are specified, only the database patterns will be removed.
Examples	`user:drop('John')` drops the user 'John'. `user:grant('John', 'unit')` removes the 'unit' database pattern. If John accesses any of these database, his global permission will be checked again.
Errors	`unknown`: The specified user name is unknown. `name`: The specified user name is invalid. `pattern`: The specified database pattern is invalid. `admin`: The "admin" user cannot be modified. `logged-in`: The specified user is currently logged in. `update`: The operation can only be performed once per user or database pattern. `conflict`: A user cannot be both altered and dropped.

user:alter

Signatures	`user:alter($name as xs:string, $newname as xs:string) as empty-sequence()`
Summary	Renames a user with the specified `$name` to `$newname`.
Examples	`user:alter('John', 'Jack')` renames the user 'John' to 'Jack'.
Errors	`unknown`: The specified user name is unknown. `name`: The specified user name is invalid. `admin`: The "admin" user cannot be modified. `logged-in`: The specified user is currently logged in. `update`: The operation can only be performed once per user or database pattern. `conflict`: A user cannot be both altered and dropped.

user:password

Signatures	`user:password($name as xs:string, $password as xs:string) as empty-sequence()`
Summary	Changes the `password` of a user with the specified `$name`.
Examples	`user:password('John', )` assigns user 'John' an empty password string.
Errors	`unknown`: The specified user name is unknown. `name`: The specified user name is invalid. `update`: The operation can only be performed once per user or database pattern.

user:update-info

Signatures user:update-info($info as element(info)) as empty-sequence()
user:update-info($info as element(info), $name as xs:string) as empty-sequence()

Summary Assigns the specified $info element to the user management or, if $name is supplied, to a specific user. This function can be used to manage application-specific data (groups, enhanced user info, etc.).

Examples

Store initial groups information:

<syntaxhighlight lang="xquery"> user:update-info(element info {

 for $group in ('editor', 'author', 'writer')
 return element group { $group }

}) </syntaxhighlight>

Add a group to a specific user:

<syntaxhighlight lang="xquery"> user:update-info(<info group='editor'/>, 'john') </syntaxhighlight>

Errors

Code	Description
`admin`	The "admin" user cannot be modified.
`conflict`	A user cannot be both altered and dropped.
`equal`	Name of old and new user is equal.
`local`	A local permission can only be 'none', 'read' or 'write'.
`logged-in`	The specified user is currently logged in.
`name`	The specified user name is invalid.
`password`	The specified password is wrong.
`pattern`	The specified database name is invalid.
`permission`	The specified permission is invalid.
`unknown`	The specified user does not exist.
`update`	The operation can only be performed once per user or database pattern.

Changelog

Version 8.6

Updated: user:create, user:info, user:update-info: $name parameter added.

Version 8.6

Added: user:check, user:info, user:update-info.
Updated: user:list, user:list-details: If called by non-admins, will only return the current user.

Version 8.4

Updated: user:create, user:grant, user:drop: extended support for database patterns.

Version 8.1

Added: user:current.

The Module was introduced with Version 8.0.

Difference between revisions of "User Module"

Revision as of 14:20, 20 July 2022

Contents

Conventions

Read Operations

user:current

user:list

user:list-details

user:exists

user:check

user:info

Updates

user:create

user:grant

user:drop

user:alter

user:password

user:update-info

Errors

Changelog

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools

@@ Line 10: / Line 10: @@
 {| width='100%'
-|-
+|- valign="top"
 | width='120' | '''Signatures'''
 |{{Func|user:current||xs:string}}<br/>
-|-
+|- valign="top"
 | '''Summary'''
 |Returns the name of the currently logged in user.
-|-
+|- valign="top"
 | '''Examples'''
 |
@@ Line 25: / Line 25: @@
 {| width='100%'
-|-
+|- valign="top"
 | width='120' | '''Signatures'''
 |{{Func|user:list||xs:string*}}<br/>
-|-
+|- valign="top"
 | '''Summary'''
 |Returns the names of all registered users that are visible to the current user.
-|-
+|- valign="top"
 | '''Examples'''
 |
@@ Line 40: / Line 40: @@
 {| width='100%'
-|-
+|- valign="top"
 | width='120' | '''Signatures'''
 |{{Func|user:list-details||element(user)*}}<br/>{{Func|user:list-details|$name as xs:string|element(user)*}}<br/>
-|-
+|- valign="top"
 | '''Summary'''
 |Returns an element sequence, containing all registered users that are visible to the current user.<br/>In addition to the {{Command|SHOW USERS}} command, encoded password strings and database permissions will be output. A user {{Code|$name}} can be specified to filter the results in advance.
-|-
+|- valign="top"
 | '''Examples'''
 |
@@ Line 61: / Line 61: @@
 </user>
 </syntaxhighlight>
-|-
+|- valign="top"
 | '''Errors'''
 |{{Error|unknown|#Errors}} The specified user name is unknown.
@@ Line 69: / Line 69: @@
 {| width='100%'
-|-
+|- valign="top"
 | width='120' | '''Signatures'''
 |{{Func|user:exists|$name as xs:string|xs:boolean}}<br/>
-|-
+|- valign="top"
 | '''Summary'''
 |Checks if a user with the specified {{Code|$name}} exists.
-|-
+|- valign="top"
 | '''Examples'''
 |
 * {{Code|user:exists('admin')}} will always yield true.
-|-
+|- valign="top"
 | '''Errors'''
 |{{Error|name|#Errors}} The specified user name is invalid.
@@ Line 87: / Line 87: @@
 {| width='100%'
-|-
+|- valign="top"
 | width='120' | '''Signatures'''
 |{{Func|user:check|$name as xs:string, $password as xs:string|empty-sequence()}}<br/>
-|-
+|- valign="top"
 | '''Summary'''
 |Checks if the specified user and password is correct. Raises errors otherwise.
-|-
+|- valign="top"
 | '''Examples'''
 |
 * {{Code|user:check('admin', 'admin')}} will raise an error if the admin password was changed.
-|-
+|- valign="top"
 | '''Errors'''
 |{{Error|name|#Errors}} The specified user name is invalid.<br/>{{Error|unknown|#Errors}} The specified user does not exist.<br/>{{Error|password|#Errors}} The specified password is wrong.<br/>
@@ Line 105: / Line 105: @@
 {| width='100%'
-|-
+|- valign="top"
 | width='120' | '''Signatures'''
 |{{Func|user:info||element(info)}}<br/>{{Func|user:info|$name as xs:string|element(info)}}
-|-
+|- valign="top"
 | '''Summary'''
 |Returns an <code>info</code> element, which may contain application-specific data. If a user {{Code|$name}} is supplied, a user-specific element is returned. By default, the returned element has no contents. It can be modified via {{Function||user:update-info}}.
-|-
+|- valign="top"
 | '''Examples'''
 |
@@ Line 124: / Line 124: @@
 {| width='100%'
-|-
+|- valign="top"
 | width='120' | '''Signatures'''
 |{{Func|user:create|$name as xs:string, $password as xs:string|empty-sequence()}}<br/>{{Func|user:create|$name as xs:string, $password as xs:string, $permissions as xs:string*|empty-sequence()}}<br/>{{Func|user:create|$name as xs:string, $password as xs:string, $permissions as xs:string*, $patterns as xs:string*|empty-sequence()}}<br/>{{Func|user:create|$name as xs:string, $password as xs:string, $permissions as xs:string*, $patterns as xs:string*, $info as element(info)|empty-sequence()}}
-|-
+|- valign="top"
 | '''Summary'''
 |Creates a new user with the specified {{Code|$name}}, {{Code|$password}}, and {{Code|$permissions}}:
@@ Line 134: / Line 134: @@
 * The default global permission (''none'') can be overwritten with an empty pattern or by omitting the last argument.
 * Existing users will be overwritten.
-|-
+|- valign="top"
 | '''Examples'''
 |
 * {{Code|user:create('John', '7e$j#!1', 'admin')}} creates a new user 'John' with admin permissions.
 * {{Code|user:create('Jack', 'top!secret', 'read', 'index*')}} creates a new user 'Jack' with read permissions for databases starting with the letters 'index'.
-|-
+|- valign="top"
 | '''Errors'''
 |{{Error|name|#Errors}} The specified user name is invalid.<br/>{{Error|permission|#Errors}} The specified permission is invalid.<br/>{{Error|admin|#Errors}} The "admin" user cannot be modified.<br/>{{Error|logged-in|#Errors}} The specified user is currently logged in.<br/>{{Error|update|#Errors}} The operation can only be performed once per user or database pattern.
@@ Line 147: / Line 147: @@
 {| width='100%'
-|-
+|- valign="top"
 | width='120' | '''Signatures'''
 |{{Func|user:grant|$name as xs:string, $permissions as xs:string*|empty-sequence()}}<br/>{{Func|user:grant|$name as xs:string, $permissions as xs:string*, $patterns as xs:string*|empty-sequence()}}
-|-
+|- valign="top"
 | '''Summary'''
 |Grants global or local {{Code|$permissions}} to a user with the specified {{Code|$name}}. Local permissions are granted with non-empty glob {{Code|$patterns}}.
-|-
+|- valign="top"
 | '''Examples'''
 |
 * {{Code|user:grant('John', 'create')}} grants create permissions to the user 'John'.
 * {{Code|user:grant('John', ('read','write'), ('index*','unit*'))}} allows John to read all databases starting with the letters 'index', and to write to all databases starting with 'unit'.
-|-
+|- valign="top"
 | '''Errors'''
 |{{Error|unknown|#Errors}} The specified user name is unknown.<br/>{{Error|name|#Errors}} The specified user name is invalid.<br/>{{Error|pattern|#Errors}} The specified database pattern is invalid.<br/>{{Error|permission|#Errors}} The specified permission is invalid.<br/>{{Error|admin|#Errors}} The "admin" user cannot be modified.<br/>{{Error|local|#Errors}} A local permission can only be 'none', 'read' or 'write'.<br/>{{Error|logged-in|#Errors}} The specified user is currently logged in.<br/>{{Error|update|#Errors}} The operation can only be performed once per user or database pattern.
@@ Line 166: / Line 166: @@
 {| width='100%'
-|-
+|- valign="top"
 | width='120' | '''Signatures'''
 |{{Func|user:drop|$name as xs:string|empty-sequence()}}<br/>{{Func|user:drop|$name as xs:string, $patterns as xs:string*|empty-sequence()}}
-|-
+|- valign="top"
 | '''Summary'''
 |Drops a user with the specified {{Code|$name}}. If non-empty glob {{Code|$patterns}} are specified, only the database patterns will be removed.
-|-
+|- valign="top"
 | '''Examples'''
 |
 * {{Code|user:drop('John')}} drops the user 'John'.
 * {{Code|user:grant('John', 'unit*')}} removes the 'unit*' database pattern. If John accesses any of these database, his global permission will be checked again.
-|-
+|- valign="top"
 | '''Errors'''
 |{{Error|unknown|#Errors}} The specified user name is unknown.<br/>{{Error|name|#Errors}} The specified user name is invalid.<br/>{{Error|pattern|#Errors}} The specified database pattern is invalid.<br/>{{Error|admin|#Errors}} The "admin" user cannot be modified.<br/>{{Error|logged-in|#Errors}} The specified user is currently logged in.<br/>{{Error|update|#Errors}} The operation can only be performed once per user or database pattern.<br/>{{Error|conflict|#Errors}} A user cannot be both altered and dropped.
@@ Line 185: / Line 185: @@
 {| width='100%'
-|-
+|- valign="top"
 | width='120' | '''Signatures'''
 |{{Func|user:alter|$name as xs:string, $newname as xs:string|empty-sequence()}}
-|-
+|- valign="top"
 | '''Summary'''
 |Renames a user with the specified {{Code|$name}} to {{Code|$newname}}.
-|-
+|- valign="top"
 | '''Examples'''
 |
 * {{Code|user:alter('John', 'Jack')}} renames the user 'John' to 'Jack'.
-|-
+|- valign="top"
 | '''Errors'''
 |{{Error|unknown|#Errors}} The specified user name is unknown.<br/>{{Error|name|#Errors}} The specified user name is invalid.<br/>{{Error|admin|#Errors}} The "admin" user cannot be modified.<br/>{{Error|logged-in|#Errors}} The specified user is currently logged in.<br/>{{Error|update|#Errors}} The operation can only be performed once per user or database pattern.<br/>{{Error|conflict|#Errors}} A user cannot be both altered and dropped.
@@ Line 203: / Line 203: @@
 {| width='100%'
-|-
+|- valign="top"
 | width='120' | '''Signatures'''
 |{{Func|user:password|$name as xs:string, $password as xs:string|empty-sequence()}}
-|-
+|- valign="top"
 | '''Summary'''
 |Changes the {{Code|password}} of a user with the specified {{Code|$name}}.
-|-
+|- valign="top"
 | '''Examples'''
 |
 * {{Code|user:password('John', '')}} assigns user 'John' an empty password string.
-|-
+|- valign="top"
 | '''Errors'''
 |{{Error|unknown|#Errors}} The specified user name is unknown.<br/>{{Error|name|#Errors}} The specified user name is invalid.<br/>{{Error|update|#Errors}} The operation can only be performed once per user or database pattern.
@@ Line 221: / Line 221: @@
 {| width='100%'
-|-
+|- valign="top"
 | width='120' | '''Signatures'''
 |{{Func|user:update-info|$info as element(info)|empty-sequence()}}<br/>{{Func|user:update-info|$info as element(info), $name as xs:string|empty-sequence()}}
-|-
+|- valign="top"
 | '''Summary'''
 |Assigns the specified {{Code|$info}} element to the user management or, if {{Code|$name}} is supplied, to a specific user. This function can be used to manage application-specific data (groups, enhanced user info, etc.).
-|-
+|- valign="top"
 | '''Examples'''
 |
@@ Line 248: / Line 248: @@
 ! width="110"|Code
 |Description
-|-
+|- valign="top"
 |{{Code|admin}}
 |The "admin" user cannot be modified.
-|-
+|- valign="top"
 |{{Code|conflict}}
 |A user cannot be both altered and dropped.
-|-
+|- valign="top"
 |{{Code|equal}}
 |Name of old and new user is equal.
-|-
+|- valign="top"
 |{{Code|local}}
 |A local permission can only be 'none', 'read' or 'write'.
-|-
+|- valign="top"
 |{{Code|logged-in}}
 |The specified user is currently logged in.
-|-
+|- valign="top"
 |{{Code|name}}
 |The specified user name is invalid.
-|-
+|- valign="top"
 |{{Code|password}}
 |The specified password is wrong.
-|-
+|- valign="top"
 |{{Code|pattern}}
 |The specified database name is invalid.
-|-
+|- valign="top"
 |{{Code|permission}}
 |The specified permission is invalid.
-|-
+|- valign="top"
 |{{Code|unknown}}
 |The specified user does not exist.
-|-
+|- valign="top"
 |{{Code|update}}
 |The operation can only be performed once per user or database pattern.