box.space._user | Tarantool

box.space._user

box.space._user

_user is a system space where user names and password hashes are stored. Learn more about Tarantool’s access control system from the Access control topic.

Tuples in this space contain the following fields:

  • a numeric id of the tuple (“id”)
  • a numeric id of the tuple’s creator
  • a name
  • a type: ‘user’ or ‘role’
  • (optional) a password hash
  • (optional) an array of previous authentication data
  • (optional) a timestamp of the last password update

There are five special tuples in the _user space: ‘guest’, ‘admin’, ‘public’, ‘replication’, and ‘super’.

Name ID Type Description
guest 0 user Default user when connecting remotely. Usually, an untrusted user with few privileges.
admin 1 user Default user when using Tarantool as a console. Usually, an administrative user with all privileges.
public 2 role Pre-defined role, automatically granted to new users when they are created with box.schema.user.create(user-name). Therefore a convenient way to grant ‘read’ on space ‘t’ to every user that will ever exist is with box.schema.role.grant('public','read','space','t').
replication 3 role Pre-defined role, which the ‘admin’ user can grant to users who need to use replication features.
super 31 role Pre-defined role, which the ‘admin’ user can grant to users who need all privileges on all objects. The ‘super’ role has these privileges on ‘universe’: read, write, execute, create, drop, alter.

To select a tuple from the _user space, use box.space._user:select(). In the example below, select is executed for a user with id = 0. This is the ‘guest’ user that has no password.

tarantool> box.space._user:select{0}
---
- - [0, 1, 'guest', 'user']
...

Warning

To change tuples in the _user space, do not use ordinary box.space functions for insert, update, or delete. Learn more from Managing users.

The system space view for _user is _vuser.

Found what you were looking for?
Feedback