box.space._user
-
box.space.
_user
¶ _user
is a system space where user-names and password hashes are stored.Tuples in this space contain the following fields:
- a numeric id of the tuple (“id”)
- a numeric id of the tuple’s creator
- a name
- a type: ‘user’ or ‘role’
- (optional) a password hash
- (optional) an array of previous authentication data
- (optional) a timestamp of the last password update
There are five special tuples in the
_user
space: ‘guest’, ‘admin’, ‘public’, ‘replication’, and ‘super’.Name ID Type Description guest 0 user Default user when connecting remotely. Usually, an untrusted user with few privileges. admin 1 user Default user when using Tarantool as a console. Usually, an administrative user with all privileges. public 2 role Pre-defined role, automatically granted to new users when they are created with box.schema.user.create(user-name)
. Therefore a convenient way to grant ‘read’ on space ‘t’ to every user that will ever exist is withbox.schema.role.grant('public','read','space','t')
.replication 3 role Pre-defined role, which the ‘admin’ user can grant to users who need to use replication features. super 31 role Pre-defined role, which the ‘admin’ user can grant to users who need all privileges on all objects. The ‘super’ role has these privileges on ‘universe’: read, write, execute, create, drop, alter. To select a tuple from the
_user
space, usebox.space._user:select()
. In the example below,select
is executed for a user with id = 0. This is the ‘guest’ user that has no password.tarantool> box.space._user:select{0} --- - - [0, 1, 'guest', 'user'] ...
Warning
To change tuples in the
_user
space, do not use ordinarybox.space
functions for insert, update, or delete. The_user
space is special, so there are special functions that have appropriate error checking.To create a new user, use box.schema.user.create():
box.schema.user.create(*user-name*) box.schema.user.create(*user-name*, {if_not_exists = true}) box.schema.user.create(*user-name*, {password = *password*})
To change the user’s password, use box.schema.user.passwd():
-- To change the current user's password box.schema.user.passwd(*password*) -- To change a different user's password -- (usually only 'admin' can do it) box.schema.user.passwd(*user-name*, *password*)
To drop a user, use box.schema.user.drop():
box.schema.user.drop(*user-name*)
To check whether a user exists, use box.schema.user.exists(), which returns
true
orfalse
:box.schema.user.exists(*user-name*)
To find what privileges a user has, use box.schema.user.info():
box.schema.user.info(*user-name*)
Note
The maximum number of users is 32.
Example:
Here is a session which creates a new user with a strong password, selects a tuple in the
_user
space, and then drops the user.tarantool> box.schema.user.create('JeanMartin', {password = 'Iwtso_6_os$$'}) --- ... tarantool> box.space._user.index.name:select{'JeanMartin'} --- - - [17, 1, 'JeanMartin', 'user', {'chap-sha1': 't3xjUpQdrt857O+YRvGbMY5py8Q='}] ... tarantool> box.schema.user.drop('JeanMartin') --- ...
The system space view for
_user
is_vuser
.