Server User List
users> configuration element lists the users that are allowed to access the ObjectDB Server and specifies their specific settings (username, password, permissions, quota).
The default configuration file contains the following
<users> <user username="admin" password="admin" ip="127.0.0.1" admin="true"> <dir path="/" permissions="access,modify,create,delete" /> </user> <user username="$default" password="$$$###"> <dir path="/$user/" permissions="access|modify|create|delete"> <quota directories="5" files="20" disk-space="5mb" /> </dir> </user> <user username="user1" password="user1" /> </users>
Each of the following sections describes one descendant element:
The <user> elements
<user username="admin" password="admin" ip="127.0.0.1" admin="true"> ... </user> <user username="$default" password="$$$###"> ... </user> <user username="user1" password="user1" />
Every user is represented by a single
- The required
passwordattributes specify a username and a password that have to be provided when the user connects to the server.
- The optional
ipattribute, if specified, restricts the user to connect to the server only from the specified IP addresses. For instance,
"127.0.0.1"(which represents the local machine), as shown above, restricts the user to the machine on which the server is running.
Multiple IP addresses can also be specified in a comma separated list and using a hyphen (-) to indicate a range. For example, a value
"18.104.22.168-22.214.171.124,127.0.0.1"allows connecting from any IP address in the range of
126.96.36.199, as well as from
adminattribute (whose value is
"false") specifies if the user is a superuser. A superuser is authorized to manage server settings using the ObjectDB Explorer.
of "$default" for the
username attribute indicates a virtual master user definition. All the settings of that master definition are automatically inherited by all the other user definitions but the master user itself cannot be used to connect to the database.
The <dir> element
<dir path="/" permissions="access,modify,create,delete" /> <dir path="/$user/" permissions="access|modify|create|delete"> <quota directories="5" files="20" disk-space="5mb" /> </dir>
<user> element may contain one or more
<dir> subelements indicating which paths under the server data directory the user is allowed to access:
- The required
pathattribute specifies a directory path relative to the root data directory. Permission to access a directory always includes the permission to access the whole tree of subdirectories under that directory. Therefore, path "/" indicates permission to access any directory in the data directory.
$userrepresents the user's username and if specified for the master (
"$default")it is interpreted by every concrete user definition as the real username of that user. This way, it is easy to allocate a private directory for every user.
- The required
permissionsattribute specifies which database file permissions are granted.
The comma separated string value may contain the following permissions:
access- permission to open a database for read.
modify- permission to modify the content of a database.
create- permission to create new subdirectories and database files.
delete- permission to delete subdirectories and database files.
If no database file permissions are specified the user is still allowed to view the directory content (using the Explorer) but cannot open database files or modify anything.
The <quota> element
<quota directories="5" files="20" disk-space="5mb" />
<dir> element may contain one optional
<quota> subelement, specifying restrictions on the directory content:
directoriesattribute specifies how many subdirectories are allowed under that directory (nested subdirectories are also allowed).
filesattribute specifies how many database files the directory may contain.
disk-spaceattribute specifies maximum disk space for all the files in that directory.