box.space._user | Tarantool
Submodule box.space box.space._user

box.space._user

box.space._user

_user is a system space where user-names and password hashes are stored.

Tuples in this space contain the following fields:

  • a numeric id of the tuple (“id”)
  • a numeric id of the tuple’s creator
  • a name
  • a type: ‘user’ or ‘role’
  • (optional) a password hash
  • (optional) an array of previous authentication data
  • (optional) a timestamp of the last password update

There are five special tuples in the _user space: ‘guest’, ‘admin’, ‘public’, ‘replication’, and ‘super’.

Name ID Type Description
guest 0 user Default user when connecting remotely. Usually, an untrusted user with few privileges.
admin 1 user Default user when using Tarantool as a console. Usually, an administrative user with all privileges.
public 2 role Pre-defined role, automatically granted to new users when they are created with box.schema.user.create(user-name). Therefore a convenient way to grant ‘read’ on space ‘t’ to every user that will ever exist is with box.schema.role.grant('public','read','space','t').
replication 3 role Pre-defined role, which the ‘admin’ user can grant to users who need to use replication features.
super 31 role Pre-defined role, which the ‘admin’ user can grant to users who need all privileges on all objects. The ‘super’ role has these privileges on ‘universe’: read, write, execute, create, drop, alter.

To select a tuple from the _user space, use box.space._user:select(). In the example below, select is executed for a user with id = 0. This is the ‘guest’ user that has no password.

tarantool> box.space._user:select{0}
---
- - [0, 1, 'guest', 'user']
...

Warning

To change tuples in the _user space, do not use ordinary box.space functions for insert, update, or delete. The _user space is special, so there are special functions that have appropriate error checking.

To create a new user, use box.schema.user.create():

box.schema.user.create(*user-name*)
box.schema.user.create(*user-name*, {if_not_exists = true})
box.schema.user.create(*user-name*, {password = *password*})

To change the user’s password, use box.schema.user.passwd():

-- To change the current user's password
box.schema.user.passwd(*password*)

-- To change a different user's password
-- (usually only 'admin' can do it)
box.schema.user.passwd(*user-name*, *password*)

To drop a user, use box.schema.user.drop():

box.schema.user.drop(*user-name*)

To check whether a user exists, use box.schema.user.exists(), which returns true or false:

box.schema.user.exists(*user-name*)

To find what privileges a user has, use box.schema.user.info():

box.schema.user.info(*user-name*)

Note

The maximum number of users is 32.

Example:

Here is a session which creates a new user with a strong password, selects a tuple in the _user space, and then drops the user.

tarantool> box.schema.user.create('JeanMartin', {password = 'Iwtso_6_os$$'})
---
...
tarantool> box.space._user.index.name:select{'JeanMartin'}
---
- - [17, 1, 'JeanMartin', 'user', {'chap-sha1': 't3xjUpQdrt857O+YRvGbMY5py8Q='}]
...
tarantool> box.schema.user.drop('JeanMartin')
---
...

The system space view for _user is _vuser.

Found what you were looking for?
Feedback