/
create_role

create_role

Owned by Jason Kinchen
Feb 16, 2021

The create_role operator creates a specified role. Available only in the Enterprise Edition.

SciDB security mode must be correctly configured before this or any security operator can be used.  See the /wiki/spaces/SD/pages/242909404 section of the /wiki/spaces/SD/pages/241041535.

Synopsis

create_role( 'roleName' )

Inputs

roleName: The name of the role to create, enclosed in single quotes.  The criteria for valid role names are the same as for valid usernames.  See create_user.

Summary

  • A role is a binding between a set of users (the role membership) and a set of access rights (the role permissions).
  • Each role may contain one or more users.
  • Each role may contain access rights to one or more namespaces.
  • The namespace access rights are: Create, List, Read, Update, and Delete.
  • The create_role operator lets you create specified roles to which you can add users and access rights.
  • Creating roles requires operator privileges.  However, the special roles admin and operator can only be created by the scidbadmin user.


When you create a user account, SciDB automatically creates a role of the same name containing that user as the lone member of the role.

Example

iquery --auth-file <root_login_authentication_file> "create_user('John', 'John_Password'); -- Create user John with password John_Password"
iquery --auth-file <root_login_authentication_file> "create_role('Engineering'); -- Create a new role called Engineering"
iquery --auth-file <root_login_authentication_file> "add_user_to_role('John', 'Engineering'); -- Add John to the role Engineering"
iquery --auth-file <root_login_authentication_file> "drop_user_from_role('John', 'Engineering');  -- Remove John from the role Engineering"
iquery --auth-file <root_login_authentication_file> "drop_role('Engineering');  -- Remove the role Engineering"
iquery --auth-file <root_login_authentication_file> "drop_user('John');  -- Remove the user John"