box.space._user
-
box.space._user¶ _useris a system space where user names and password hashes are stored. Learn more about Tarantool’s access control system from the Access control topic.Tuples in this space contain the following fields:
- a numeric id of the tuple (“id”)
- a numeric id of the tuple’s creator
- a name
- a type: ‘user’ or ‘role’
- (optional) a password hash
- (optional) an array of previous authentication data
- (optional) a timestamp of the last password update
There are five special tuples in the
_userspace: ‘guest’, ‘admin’, ‘public’, ‘replication’, and ‘super’.Name ID Type Description guest 0 user Default user when connecting remotely. Usually, an untrusted user with few privileges. admin 1 user Default user when using Tarantool as a console. Usually, an administrative user with all privileges. public 2 role Pre-defined role, automatically granted to new users when they are created with box.schema.user.create(user-name). Therefore a convenient way to grant ‘read’ on space ‘t’ to every user that will ever exist is withbox.schema.role.grant('public','read','space','t').replication 3 role Pre-defined role, which the ‘admin’ user can grant to users who need to use replication features. super 31 role Pre-defined role, which the ‘admin’ user can grant to users who need all privileges on all objects. The ‘super’ role has these privileges on ‘universe’: read, write, execute, create, drop, alter. To select a tuple from the
_userspace, usebox.space._user:select(). In the example below,selectis executed for a user with id = 0. This is the ‘guest’ user that has no password.tarantool> box.space._user:select{0} --- - - [0, 1, 'guest', 'user'] ...
Warning
To change tuples in the
_userspace, do not use ordinarybox.spacefunctions for insert, update, or delete. Learn more from Managing users.The system space view for
_useris_vuser.