Difference between revisions of "User Management"

From BaseX Documentation
Jump to navigation Jump to search
Line 1: Line 1:
==User==
+
In the client/server architecture of BaseX, users need certain permissions to perform [[Commands|database commands]].
 +
 
 +
In the permission hierarchy below, the existing permissions are illustrated.
 +
A higher permission includes all lower permissions.
 +
For example, all users who have the <code>WRITE</code> permission assigned
 +
will also be able to execute commands requiring <code>READ<code> permission.
 +
 
 +
[[File:perms.png|none|thumb|200px|Permissions hierarchy]]
 +
 
 +
==Commands==
  
 
Admin permissions are needed to execute one of the following processes.
 
Admin permissions are needed to execute one of the following processes.
Line 30: Line 39:
 
===Dropping of user 'test'===  
 
===Dropping of user 'test'===  
 
<code>&gt; DROP USER test</code>  
 
<code>&gt; DROP USER test</code>  
 
==Permissions==
 
 
In the permission hierarchy the higher permission contains all underlying rights.
 
For example if you have the permission 'write' you also have the permission 'read'.
 
 
[[File:perms.png|none|thumb|200px|Permissions hierarchy]]
 
 
==Command Permissions==
 
 
In this table you can see an overview about the BaseX commands and the
 
permission you need to execute the command. Without the needed permission
 
an error is thrown and the command will not be executed.
 
 
{| class="wikitable sortable"
 
!Command
 
!Description
 
!Needed Permission
 
|-
 
|close
 
|Closes currently opened database.
 
|None
 
|-
 
|exit
 
|Exits BaseX.
 
|None
 
|-
 
|get
 
|Returns a property value.
 
|None
 
|-
 
|help
 
|Shows the help texts.
 
|None
 
|-
 
|password
 
|Changes password of currently logged-in user.
 
|None
 
|-
 
|set
 
|Sets a property value.
 
|None
 
|-
 
|xquery
 
|Executes a xquery function without database access.
 
|None
 
|-
 
|info
 
|Shows information about the currently opened database.
 
|Read
 
|-
 
|list
 
|Shows all available databases.
 
|Read
 
|-
 
|open
 
|Opens a database.
 
|Read
 
|-
 
|xquery
 
|Executes a read-only xquery function with database access.
 
|Read
 
|-
 
|add
 
|Adds documents to the currently opened database.
 
|Write
 
|-
 
|create index
 
|Creates the specified index.
 
|Write
 
|-
 
|delete
 
|Deletes documents from the currently opened database.
 
|Write
 
|-
 
|drop index
 
|Drops the specified index.
 
|Write
 
|-
 
|optimize
 
|Optimizes the database structure and renews the indexes.
 
|Write
 
|-
 
|xquery
 
|Executes a xquery update function.
 
|Write
 
|-
 
|alter db
 
|Renames a database.
 
|Create
 
|-
 
|create db
 
|Creates a database.
 
|Create
 
|-
 
|drop db
 
|Drops a database.
 
|Create
 
|-
 
|export
 
|Exports the database content.
 
|Create
 
|-
 
|alter user
 
|Changes the password of an user.
 
|Admin
 
|-
 
|create users
 
|Creates a new user.
 
|Admin
 
|-
 
|drop user
 
|Drops an user.
 
|Admin
 
|-
 
|grant
 
|Assigns permissions to users.
 
|Admin
 
|-
 
|kill
 
|Kills an user session on the server.
 
|Admin
 
|-
 
|show
 
|Shows different server information.
 
|Admin
 
|}
 
  
 
[[Category:Server]]
 
[[Category:Server]]

Revision as of 01:46, 6 May 2011

In the client/server architecture of BaseX, users need certain permissions to perform database commands.

In the permission hierarchy below, the existing permissions are illustrated. A higher permission includes all lower permissions. For example, all users who have the WRITE permission assigned will also be able to execute commands requiring READ permission.

Permissions hierarchy

Commands

Admin permissions are needed to execute one of the following processes.

Creating user 'test' with password 'test'

> CREATE USER test test

As global permissions, you can set 'none', 'read', 'write', 'create' and 'admin':

Revoking all global permissions from user 'test'

> GRANT none TO test

Valid local permissions are 'none', 'read' and 'write':

Granting write permission on database 'factbook' to user 'test'

> GRANT write ON factbook TO test

Note: Local permissions overwrite global permissions. As a consequence, the 'test' user will only be allowed to access (i.e., read and write) the 'factbook' database. If no local permissions are set, the global rights are inherited.

Showing global permissions

> SHOW USERS

Showing local permissions on database 'factbook'

> SHOW USERS ON factbook

Dropping of user 'test'

> DROP USER test