Main Page » XQuery » Functions » User Functions

User Functions

This module contains functions for creating and administering database users. The User Management article provides more information on database users and permissions.

Conventions

All functions and errors in this module are assigned to the http://basex.org/modules/user namespace, which is statically bound to the user prefix.

Read Operations

`user:current`

Signature	user:current() as xs:string
Summary	Returns the name of the currently logged-in user.
Examples	`user:current()` Always returns `admin` if the standalone mode or the GUI is used.

`user:list`

Signature	user:list() as xs:string*
Summary	Returns the names of all registered users who are visible to the current user.
Examples	`user:list()` Only returns `admin` after a fresh installation.

`user:list-details`

Signature

user:list-details(
  $name  as xs:string  := ()
) as element(user)*

Summary Returns an element sequence, containing all registered users who are visible to the current user. In addition to the SHOW USERS command, encoded password strings and database permissions will be output. A user $name can be specified to filter the results in advance.

Errors

unknown The specified user does not exist.

Examples

<user name="admin" permission="admin">
  <password algorithm="digest">
    <hash>304bdfb0383c16f070a897fc1eb25cb4</hash>
  </password>
  <password algorithm="salted-sha256">
    <salt>871602799292195</salt>
    <hash>a065ca66fa3d6da5762c227587f1c8258c6dc08ee867e44a605a72da115dcb41</hash>
  </password>
</user>

After a fresh installation, returns user:list-details() output similar to the following one.

`user:exists`

Signature

user:exists(
  $name  as xs:string
) as xs:boolean

Summary Checks if a user with the specified $name exists.

Errors

name The specified username is invalid.

Examples

user:exists('admin')

Always yield true.

`user:check`

Signature

user:check(
  $name      as xs:string,
  $password  as xs:string
) as empty-sequence()

Summary Checks if the specified user and password is correct. Raises errors otherwise.

Errors

`name`	The specified username is invalid.
`password`	The specified password is wrong.
`unknown`	The specified user does not exist.

Examples

user:check('admin', '')

Raises an error if the password of the admin user is a non-empty string.

`user:info`

Signature	user:info( $name as xs:string := () ) as element(info)
Summary	Returns an `info` element, which may contain application-specific data. If a user `$name` is supplied, a user-specific element is returned. By default, the returned element has no contents. It can be modified via `user:update-info`.
Examples	`user:info()` Returns `<info/>` after a fresh installation.

Updates

Important note: All functions in this section are updating functions: they will not be immediately executed, but queued on the Pending Update List, which will be processed after the actual query has been evaluated. This means that the order in which the functions are specified in the query usually does not reflect the order in which the code will be evaluated.

`user:create`

Signature

user:create(
  $name         as xs:string,
  $password     as xs:string,
  $permissions  as xs:string*     := (),
  $patterns     as xs:string*     := (),,
  $info         as element(info)  := ()
) as empty-sequence()

Summary

Creates a new user with the specified $name, $password, and $permissions:

Local permissions are granted with non-empty glob $patterns.
An $info element with application-specific information can be supplied.
The default global permission (none) can be overwritten with an empty pattern or by omitting the last argument.
Existing users will be overwritten.

Errors

`admin`	The "admin" user cannot be modified.
`logged-in`	The specified user is currently logged in.
`name`	The specified username is invalid.
`permission`	The specified permission is invalid.
`update`	The operation can only be performed once per user or database pattern.

Examples

user:create('John', '7e$j#!1', 'admin')

Creates a new user 'John' with admin permissions.

user:create('Jack', 'top!secret', 'read', 'index*')

Creates a new user 'Jack' with read permissions for databases starting with the letters 'index'.

`user:grant`

Signature

user:grant(
  $name         as xs:string,
  $permissions  as xs:string*,
  $patterns     as xs:string*  := ()
) as empty-sequence()

Summary Grants global or local $permissions to a user with the specified $name. Local permissions are granted with non-empty glob $patterns.

Errors

`admin`	The "admin" user cannot be modified.
`local`	A local permission can only be 'none', 'read' or 'write'.
`logged-in`	The specified user is currently logged in.
`name`	The specified username is invalid.
`pattern`	The specified database name is invalid.
`permission`	The specified permission is invalid.
`unknown`	The specified user does not exist.
`update`	The operation can only be performed once per user or database pattern.

Examples

user:grant('John', 'create')

Grants create permissions to the user 'John'.

user:grant('John', ('read','write'), ('index','unit'))

Allows John to read all databases starting with the letters 'index', and to write to all databases starting with 'unit'.

`user:drop`

Signature

user:drop(
  $name      as xs:string,
  $patterns  as xs:string*  := ()
) as empty-sequence()

Summary Drops a user with the specified $name. If non-empty glob $patterns are specified, only the database patterns will be removed.

Errors

`admin`	The "admin" user cannot be modified.
`conflict`	A user cannot be both altered and dropped.
`logged-in`	The specified user is currently logged in.
`name`	The specified username is invalid.
`pattern`	The specified database name is invalid.
`unknown`	The specified user does not exist.
`update`	The operation can only be performed once per user or database pattern.

Examples

user:drop('John')

Drops the user 'John'.

user:grant('John', 'unit*')

Removes the 'unit*' database pattern. If John accesses any of these database, his global permission will be checked again.

`user:alter`

Signature

user:alter(
  $name     as xs:string,
  $newname  as xs:string
) as empty-sequence()

Summary Renames a user with the specified $name to $newname.

Errors

`admin`	The "admin" user cannot be modified.
`conflict`	A user cannot be both altered and dropped.
`logged-in`	The specified user is currently logged in.
`name`	The specified username is invalid.
`unknown`	The specified user does not exist.
`update`	The operation can only be performed once per user or database pattern.

Examples

user:alter('John', 'Jack')

Renames the user 'John' to 'Jack'.

`user:password`

Signature

user:password(
  $name      as xs:string,
  $password  as xs:string
) as empty-sequence()

Summary Changes the password of a user with the specified $name.

Errors

`name`	The specified username is invalid.
`unknown`	The specified user does not exist.
`update`	The operation can only be performed once per user or database pattern.

Examples

user:password('John', '')

Assigns user 'John' an empty password string.

`user:update-info`

Signature

Signature	user:update-info( $info as element(info), $name as xs:string := () ) as empty-sequence()
Summary	Assigns the specified `$info` element to the user management or, if `$name` is supplied, to a specific user. This function can be used to manage application-specific data (groups, enhanced user info, etc.).
Examples	`user:update-info(element info { for $group in ('editor', 'author', 'writer') return element group { $group } })` Stores initial groups information. `user:update-info(<info group='editor'/>, 'john')` Adds a group to a specific user.

user:update-info(
  $info  as element(info),
  $name  as xs:string      := ()
) as empty-sequence()

Summary Assigns the specified $info element to the user management or, if $name is supplied, to a specific user. This function can be used to manage application-specific data (groups, enhanced user info, etc.).

Examples

user:update-info(element info {
  for $group in ('editor', 'author', 'writer')
  return element group { $group }
})

Stores initial groups information.

user:update-info(<info group='editor'/>, 'john')

Adds a group to a specific user.

Errors

Code	Description
`admin`	The "admin" user cannot be modified.
`conflict`	A user cannot be both altered and dropped.
`equal`	Name of old and new user is equal.
`local`	A local permission can only be 'none', 'read' or 'write'.
`logged-in`	The specified user is currently logged in.
`name`	The specified username is invalid.
`password`	The specified password is wrong.
`pattern`	The specified database name is invalid.
`permission`	The specified permission is invalid.
`unknown`	The specified user does not exist.
`update`	The operation can only be performed once per user or database pattern.

Changelog

Version 8.6

Added: user:check, user:info, user:update-info.
Updated: user:create, user:info, user:update-info: $name parameter added.
Updated: user:list, user:list-details: If called by non-admins, will only return the current user.

Version 8.4

Updated: user:create, user:grant, user:drop: extended support for database patterns.

Version 8.1

Added: user:current.

Version 8.0

Added: New module added.

⚡Generated with XQuery