Difference between revisions of "User Management"

From BaseX Documentation
Jump to navigation Jump to search
m (regex wrong)
Line 12: Line 12:
[[File:perms.png|none|thumb|200px|Permissions hierarchy]]
[[File:perms.png|none|thumb|200px|Permissions hierarchy]]
Valid user names may contain letters, numbers,
User names must follow the [[Valid Names|valid names constraints]].
underslashes and dashes (defined by the regular expression <code>[-_a-zA-Z0-9]+</code>).

Revision as of 17:32, 10 March 2012

This article is part of the Advanced User's Guide. The user management defines which permissions are required by a user to perform a specific database command.

In the permission hierarchy below, the existing permissions are illustrated. A higher permission includes all lower permissions. For example, all users who have the WRITE permission assigned will also be able to execute commands requiring READ permission. Next, local permissions can be assigned to databases, which override global user settings.

Permissions hierarchy

User names must follow the valid names constraints.


Admin permissions are needed to execute all of the following commands:

Creating user 'test' (password will be entered on command line):


Change user 'test' password (password will be entered on command line):


As global permissions, you can set 'none', 'read', 'write', 'create' and 'admin':

Grant all permissions to user 'test':

> GRANT admin TO test

Valid local permissions are 'none', 'read' and 'write':

Granting write permission on database 'factbook' to user 'test':

> GRANT write ON factbook TO test

Note: Local permissions overwrite global permissions. As a consequence, the 'test' user will only be allowed to access (i.e., read and write) the 'factbook' database. If no local permissions are set, the global rights are inherited.

Showing global permissions:


Showing local permissions on database 'factbook':

> SHOW USERS ON factbook

Dropping of user 'test':

> DROP USER test