create_user

Owned by Jason Kinchen
Jul 24, 2024
2 min read

The create_user operator creates a username. Available only in the Enterprise Edition.

SciDB security mode must be correctly configured before this or any security operator can be used.  See the Security section of the SciDB Administration Guide.

Synopsis

create_user ( 'username', 'hashKeyOfPassword' );

Inputs

  • userName: The name of the user to create, enclosed in single quotes.
  • hashKeyOfPassword:  The result of the following algorithm, enclosed in single quotes:  base64(sha512(password)).

Summary

  • Creates a new database user account.
  • Requires operator privileges.
  • As a side effect, automatically creates a role with the same name as the new user.  The new user is the lone member of the role.


Invoking this operator directly is not recommended. Instead, create new users by running the utility script described in User Accounts.

Valid Usernames

To be valid, a username:

  • must not be empty
  • must begin with an alphabetic character
  • must not contain whitespace or control characters
  • must be 7-bit ASCII (UTF-8 is  not supported)
  • may contain underscores (_, ASCII 0x5F) or hyphens (-, ASCII 0x2D), but no other punctuation
  • must not end with punctuation
  • must be shorter than 256 bytes

Example

  1. Create the root authentication file in the home directory by copying the following text to ~/admin.auth

    [security_password]
user-name      = scidbadmin
user-password  = Paradigm4

  2. Change the permissions on the authentication file to 600

    $ chmod 600 ~/admin.auth

  3. List the users to show that 'John' is not a SciDB user.

    $ iquery --auth-file ~/admin.auth -aq "project(list('users'), name);"


    The output is:

    {No} name
{0} 'scidbadmin'

  4. Choose 'John_Password' as the password and create the hash of the password 

    $ PWHASH=$(echo -n "John_Password" | openssl dgst -sha512 -binary | base64 --wrap 0)

  5. Create the user 'John' using the password previously created

    $ iquery --auth-file ~/admin.auth -aq "create_user('John', '"$PWHASH"');"


    The output is:

    Query was executed successfully

  6. List the users to show that 'John' is a new SciDB user.

    $ iquery --auth-file ~/admin.auth -aq "project(list('users'), name);"


    The output is:

    {No} name
{0} 'scidbadmin'
{1} 'John'

  7. Create an authentication file for 'John' in the home directory by copying the following text to ~/john.auth

    [security_password]
user-name      = John
user-password  = John_Password

  8. Change the permissions on the 'John' authentication file to 600

    $ chmod 600 ~/john.auth

  9. Login using the admin.auth authentication file and show that the user is currently scidbadmin

    $ iquery --auth-file ~/admin.auth -aq "show_user();"


    The output is:

    {i} name
{0} 'scidbadmin'

  10. Login using the 'John' authentication file and show that the user is currently John

    $ iquery --auth-file ~/john.auth -aq "show_user();"


    The output is:

    {i} name
{0} 'John'

  11. Remove the user 'John'

    $ iquery --auth-file ~/admin.auth -aq "drop_user('John');"


    The output is:

    Query was executed successfully

  12. List the users to show that 'John' is not a SciDB user.

    $ iquery --auth-file ~/admin.auth -aq "project(list('users'), name);"


    The output is:

    {No} name
{0} 'scidbadmin'

See User Accounts for more information.