Sedna LogoBackground Top
 
Home  |  Getting Started  |  Documentation  |  Demo  |  Download  |  Support 

[next] [tail] [up]

3.1 Database Users

Database user names are global across a database (and not per all Sedna databases). Database users interact with database objects. Every database object has its owner - the user that created it. Every user and role (we will discuss roles in the Section 3.2) has its creator.

In order to bootstrap the database, a freshly created database always contains one predefined DBA user with name "SYSTEM" and password "MANAGER". To start your work with the database, you first have to connect as this initial user, then you can create more users and change default password (if you care for preventing unauthorized access to your database).

There are following kinds of Sedna database objects:

  • Standalone document
  • Collection of documents
  • Value based index
  • Full-text index
  • Module
  • Trigger
  • Metadata document

There are two types of Sedna database users:

  • Database administrator (DBA user). Formally, DBA user is a user that has the ”DBA” role.
  • Ordinary user (below we call ”user”)

DBA user:

  • has all possible privileges on any object in the database;
  • can remove any object in the database;
  • can remove any user of the database;
  • can grant/revoke any privilege to/from any user of the database;
  • can grant ”DBA” role to a user, thus making that user also a DBA user (not recommended, as the database with multiple DBA users is hard to administrate). Any DBA user can also revoke the ”DBA” role from any DBA user.

An ordinary user:

  • can act according to the privileges that he has;
  • can grant and revoke any privileges on the database object that he owns to any user;
  • can remove database objects that he owns and drop users that he has created.

Every user has its name and password.

To create a user use CREATE USER statement:

CREATE USER "user-name" WITH PASSWORD "user-password"

For example, the following statement:

CREATE USER "Alice" WITH PASSWORD "mypass"

creates user Alice identified with mypass password.

To remove an existing user, use DROP USER statement:

DROP USER "user-name"

For example, the following statement removes user Alice:

DROP USER "Alice"

A user can drop only a user he has created. DBA user can drop any user of the database.

To change user password use ALTER USER statement. A user can change a password for himself or for a user he has created. DBA user can change a password for any user of the database.

ALTER USER "user-name" WITH PASSWORD "new-password"

This statement changes the password of the user user-name to the new-password.

[next] [front] [up]