EyeDB access rights are managed at two levels:
system level, for global operations (for instance, adding a user, creating a database...)
database level, for database specific operations (for instance, reading objects with a query, inserting objects...)
Each EyeDB user has therefore:
a set of system access rights, controling the authorization to perform the following system operations:
creating a database
adding a user
deleting any user
setting password for any user
a set of database access rights, controling the authorization to perform the following operations on a given database:
read from this database
write to this database
execute any method in this database
delete this database
Note that a system access right is not attached to a particular database, whilst a database access right is attached to a particular database.
Table 4.1, “System access rights and corresponding authorized operations” presents the different system access rights defined by EyeDB and the corresponding authorized operations.
Table 4.1. System access rights and corresponding authorized operations
System Access Right | Authorized operation |
---|---|
no | no authorized system operation |
dbcreate | can create a database |
adduser | can add any user |
deleteuser | can delete any user |
setuserpasswd | can set the password of any user |
admin | can create a database and add a user |
superuser | all operations |
Table 4.2, “Database access rights and corresponding authorized operations” presents the different database access rights defined by EyeDB and the corresponding authorized operations.
Table 4.2. Database access rights and corresponding authorized operations
Database Access Right | Authorized operation |
---|---|
no | no database access |
read | have read access on this database |
write | have write access on this database |
exec | have execute access on this database |
admin | have read/write/execute access on this database and can delete this database |
Setting system access rights for a EyeDB user is done using the eyedbadmin command:
eyedbadmin
user sysaccess
{user
} {
[ dbcreate | adduser | deleteuser | setuserpasswd | admin | superuser | no ]
}
Command arguments are:
{user
}
EyeDB user name
{ [ dbcreate | adduser | deleteuser | setuserpasswd | admin | superuser | no ] }
system access right
Example 4.5. eyedbadmin user sysaccess
## List user system access rightseyedbadmin user list eric
name : "eric" [unix user] sysaccess : NO_SYSACCESS_MODE ## Set user system access rightseyedbadmin user sysaccess eric dbcreate
eyedbadmin user list eric
name : "eric" [unix user] sysaccess : DB_CREATE_SYSACCESS_MODE
Setting database access rights for a EyeDB user is done using the eyedbadmin command:
eyedbadmin
user dbaccess
{user
} {database
} {access
}
Command arguments are:
{user
}
EyeDB user name
{database
}
database name
{access
}
database access right, that can be one of the following values:
[ r | rw | rx | rwx | admin | no ]
Example 4.6. eyedbadmin user dbaccess
## List user database access rightseyedbadmin user list eric
name : "eric" [unix user] sysaccess : NO_SYSACCESS_MODE ## Set user database access rights for database test2eyedbadmin user dbaccess eric test2 rw
eyedbadmin user list eric
name : "eric" [unix user] sysaccess : DB_CREATE_SYSACCESS_MODE dbaccess : (dbname : "test2", access : READ_WRITE_DBACCESS_MODE) ## Set user database access rights for database test3eyedbadmin user dbaccess eric test3 admin
eyedbadmin user list eric
name : "eric" [unix user] sysaccess : DB_CREATE_SYSACCESS_MODE dbaccess : (dbname : "test2", access : READ_WRITE_DBACCESS_MODE) (dbname : "test3", access : ADMIN_DBACCESS_MODE)