User Management

Overview

ShibuDB provides a comprehensive user management system with role-based access control (RBAC) and fine-grained permissions. The system supports multiple user roles and space-specific permissions to ensure secure access to database resources.

Key Features

Role-Based Access Control: Admin and User roles with different privileges
Space-Level Permissions: Fine-grained control over individual spaces
Secure Authentication: Password-based authentication with role validation
User Lifecycle Management: Create, update, and delete users
Permission Inheritance: Role-based default permissions with space-specific overrides

Security Architecture

Security Layers

┌─────────────────────────────────────┐
│         Authentication Layer        │
├─────────────────────────────────────┤
│  Username/Password Validation       │
├─────────────────────────────────────┤
│         Authorization Layer         │
├─────────────────────────────────────┤
│  Role-Based Access Control (RBAC)   │
├─────────────────────────────────────┤
│      Permission Enforcement         │
├─────────────────────────────────────┤
│  Space-Level Permission Checks      │
└─────────────────────────────────────┘

Authentication System

Understanding how authentication works in ShibuDB.

Default Admin User

On first startup, ShibuDB creates a default admin user:

Username: admin
Password: admin
Role: admin
Permissions: Full access to all spaces

Login Process

Login Example

# Connect to ShibuDB
shibudb connect 9090

# You'll be prompted for credentials
Username: admin
Password: admin

# Successful login response
Login successful.
[]>

Authentication Flow

Connection: Client connects to server
Login Request: Client sends username/password
Validation: Server validates credentials
Role Assignment: Server assigns user role and permissions
Session: Client can now execute commands based on permissions

User Roles

Different user roles with specific privileges and use cases.

Admin Role

Privileges:

Create and delete spaces
Create, update, and delete users
Full access to all spaces (read/write)
Manage user permissions
Access to all system commands

Use Case: System administrators, database owners

User Role

Privileges:

Access to spaces based on permissions
Read/write operations on permitted spaces
Cannot create or delete spaces
Cannot manage other users

Use Case: Application users, developers, analysts

User Management Commands

Commands for managing users and their permissions.

Creating Users

Create User

# Create a new user (admin only)
CREATE-USER john --password secret123 --role user

# Create admin user
CREATE-USER admin2 --password adminpass --role admin

# Create user with specific permissions
CREATE-USER alice --password alice123 --role user --spaces users,products

Managing Users

User Management

# List all users
LIST-USERS

# Update user password
UPDATE-USER john --password newpassword

# Update user role
UPDATE-USER john --role admin

# Delete user
DELETE-USER john

# Get user information
INFO-USER john

Permission Management

Permissions

# Grant space access to user
GRANT-ACCESS john --space users --permissions read,write

# Revoke space access
REVOKE-ACCESS john --space users

# List user permissions
LIST-PERMISSIONS john

# Grant admin permissions
GRANT-ADMIN john

Permission System

Understanding the permission system and access control.

Permission Types

read: Can read data from the space
write: Can write data to the space
admin: Full administrative access
none: No access to the space

Space-Level Permissions

Space Permissions

# Grant read-only access
GRANT-ACCESS john --space users --permissions read

# Grant read-write access
GRANT-ACCESS john --space products --permissions read,write

# Grant admin access to space
GRANT-ACCESS john --space admin --permissions admin

# Remove all access
REVOKE-ACCESS john --space users

Permission Inheritance

Admin users have full access to all spaces by default
Regular users have no access by default
Space-specific permissions override role defaults
Permissions are checked on every operation

Security Best Practices

Recommended security practices for user management.

Password Security

Use strong, unique passwords for each user
Change default admin password immediately
Implement password rotation policies
Use password managers for secure storage

Create separate users for different applications
Use principle of least privilege
Regularly review and update user permissions
Remove unused user accounts promptly

Access Control

Grant minimal required permissions
Use space isolation for multi-tenant applications
Monitor user access patterns
Implement audit logging for sensitive operations

Examples and Use Cases

Common scenarios and practical examples.

Multi-Tenant Application

Multi-Tenant Setup

# Create spaces for different tenants
CREATE-SPACE tenant1_data --engine key-value
CREATE-SPACE tenant2_data --engine key-value

# Create users for each tenant
CREATE-USER tenant1_user --password pass1 --role user
CREATE-USER tenant2_user --password pass2 --role user

# Grant access to respective spaces
GRANT-ACCESS tenant1_user --space tenant1_data --permissions read,write
GRANT-ACCESS tenant2_user --space tenant2_data --permissions read,write

Application Development

Development Setup

# Create development user
CREATE-USER dev_user --password devpass --role user

# Create development spaces
CREATE-SPACE dev_users --engine key-value
CREATE-SPACE dev_vectors --engine vector --dimension 128

# Grant development access
GRANT-ACCESS dev_user --space dev_users --permissions read,write
GRANT-ACCESS dev_user --space dev_vectors --permissions read,write

Read-Only Analytics

Analytics Access

# Create analytics user
CREATE-USER analyst --password analyst123 --role user

# Grant read-only access to data spaces
GRANT-ACCESS analyst --space users --permissions read
GRANT-ACCESS analyst --space products --permissions read
GRANT-ACCESS analyst --space analytics --permissions read,write

Troubleshooting

Common issues and solutions for user management.

Common Issues

Authentication Failed: Check username/password
Permission Denied: Verify user has required permissions
User Not Found: Ensure user exists and is spelled correctly
Space Access Denied: Check space-specific permissions

Reset Admin Password

Password Reset

# Stop the server
sudo shibudb stop

# Remove users file to reset to defaults
sudo rm /usr/local/var/lib/shibudb/users.json

# Start server (will recreate default admin)
sudo shibudb start 9090

# Login with default credentials
Username: admin
Password: admin

Debugging Commands

Debug Commands

# Check current user
WHOAMI

# List all users and their roles
LIST-USERS

# Check user permissions
LIST-PERMISSIONS username

# Get detailed user info
INFO-USER username

User Management

Table of Contents

Overview

Key Features

Security Architecture

Authentication System

Default Admin User

Login Process

Authentication Flow

User Roles

Admin Role

Privileges:

User Role

Privileges:

User Management Commands

Creating Users

Managing Users

Permission Management

Permission System

Permission Types

Space-Level Permissions

Permission Inheritance

Security Best Practices

Password Security

User Management

Access Control

Examples and Use Cases

Multi-Tenant Application

Application Development

Read-Only Analytics

Troubleshooting

Common Issues

Reset Admin Password

Debugging Commands