Server User List
The <users> configuration element lists the users that are allowed to access the ObjectDB Server and specifies their specific settings (username, password, permissions, quota).
The default configuration file contains the following <users> element:
<users> <user username="admin" password="admin" ip="127.0.0.1" admin="true"> <dir path="/" permissions="access,modify,create,delete" /> </user> <user username="$default" password="$$$###"> <dir path="/$user/" permissions="access|modify|create|delete"> <quota directories="5" files="20" disk-space="5mb" /> </dir> </user> <user username="user1" password="user1" /> </users>
The <user> elements
<user username="admin" password="admin" ip="127.0.0.1" admin="true"> ... </user> <user username="$default" password="$$$###"> ... </user> <user username="user1" password="user1" />
Every user is represented by a single <user> element:
- The required username and password attributes specify a username and a password that have to be provided when the user connects to the server.
- The optional ip attribute, if specified, restricts the user to connect to the server only from the specified IP addresses. For instance, "127.0.0.1" (which represents the local machine), as shown above, restricts the user to the machine on which the server is running.
Multiple IP addresses can also be specified in a comma separated list and using a hyphen (-) to indicate a range. For example, a value "188.8.131.52-184.108.40.206,127.0.0.1" allows connecting from any IP address in the range of 220.127.116.11 to 18.104.22.168, as well as from 127.0.0.1.
- The admin attribute (whose value is "true" or "false") specifies if the user is a superuser. A superuser is authorized to manage server settings using the ObjectDB Explorer.
A value of "$default" for the username attribute indicates a virtual master user definition. All the settings of that master definition are automatically inherited by all the other user definitions but the master user itself cannot be used to connect to the database.
The <dir> element
<dir path="/" permissions="access,modify,create,delete" /> <dir path="/$user/" permissions="access|modify|create|delete"> <quota directories="5" files="20" disk-space="5mb" /> </dir>
Every <user> element may contain one or more <dir> subelements indicating which paths under the server data directory the user is allowed to access:
- The required path attribute specifies a directory path relative to the root data directory. Permission to access a directory always includes the permission to access the whole tree of subdirectories under that directory. Therefore, path "/" indicates permission to access any directory in the data directory.
$user represents the user's username and if specified for the master ("$default") it is interpreted by every concrete user definition as the real username of that user. This way, it is easy to allocate a private directory for every user.
- The required permissions attribute specifies which database file permissions are granted.
The comma separated string value may contain the following permissions:
- access - permission to open a database for read.
- modify - permission to modify the content of a database.
- create - permission to create new subdirectories and database files.
- delete - permission to delete subdirectories and database files.
If no database file permissions are specified the user is still allowed to view the directory content (using the Explorer) but cannot open database files or modify anything.
The <quota> element
<quota directories="5" files="20" disk-space="5mb" />
Every <dir> element may contain one optional <quota> subelement, specifying restrictions on the directory content:
- The directories attribute specifies how many subdirectories are allowed under that directory (nested subdirectories are also allowed).
- The files attribute specifies how many database files the directory may contain.
- The disk-space attribute specifies maximum disk space for all the files in that directory.