create_role

The create_role operator creates a specified role. Available only in the Enterprise Edition.

SciDB security mode must be correctly configured before this or any security operator can be used.  See the Security section of the SciDB Administration Guide.

Synopsis

create_role( 'roleName' )

Inputs

roleName: The name of the role to create, enclosed in single quotes.  The criteria for valid role names are the same as for valid usernames.  See create_user.

Summary

  • A role is a binding between a set of users (the role membership) and a set of access rights (the role permissions).
  • Each role may contain one or more users.
  • Each role may contain access rights to one or more namespaces.
  • The namespace access rights are: Create, List, Read, Update, and Delete.
  • The create_role operator lets you create specified roles to which you can add users and access rights.
  • Creating roles requires operator privileges.  However, the special roles admin and operator can only be created by the scidbadmin user.


When you create a user account, SciDB automatically creates a role of the same name containing that user as the lone member of the role.

Example

iquery --auth-file <root_login_authentication_file> "create_user('John', 'John_Password'); -- Create user John with password John_Password"
iquery --auth-file <root_login_authentication_file> "create_role('Engineering'); -- Create a new role called Engineering"
iquery --auth-file <root_login_authentication_file> "add_user_to_role('John', 'Engineering'); -- Add John to the role Engineering"
iquery --auth-file <root_login_authentication_file> "drop_user_from_role('John', 'Engineering');  -- Remove John from the role Engineering"
iquery --auth-file <root_login_authentication_file> "drop_role('Engineering');  -- Remove the role Engineering"
iquery --auth-file <root_login_authentication_file> "drop_user('John');  -- Remove the user John"