User Management
Introduction
This section provides instructions on how to create, update and delete users with mongoRealAuthenticator.
It also shows how to manage permissions with mongoAclAuthorizer.
TUP: mongoRealAuthenticator uses the collection /users by default.
Before running the example requests
The following examples assume RESTHeart running on the localhost with the default configuration: the database restheart is bound to / and the user admin exists with default password secret.
User document
With the default configuration, a user is represented as follows:
{
"_id": "username",
"roles": [ "list", "of", "roles" ],
"password": "secret"
}|
Tip
|
mongoRealAuthenticator can be configured to use different properties for the username, roles an password. Check mongoRealAuthenticator for more information. |
Get existing users
Request
Execute on rest ninja
GET /users HTTP/1.1
Response
[
{
"_id": "admin",
"roles": [
"admin"
],
"_etag": {
"$oid": "5d2edb155883c050065d6a8a"
}
}
]|
Note
|
The password is always hidden on GET requests. |
|
Note
|
For security reasons, it not possible to use the filter query parameter on the password field; the following request is forbidden and will cause an error: GET /users?filter={"password":{"$regex":"^a.*"}}
|
Create a user
Request
Execute on rest ninja
POST /users HTTP/1.1
{
"_id": "foo",
"roles": [ "user" ],
"password": "secret"
}|
Note
|
The password is automatically encrypted by RESTHeart. |
Update a user
Request
Execute on rest ninja
PATCH /users/foo HTTP/1.1
{
"password": "betterSecret"
}Delete a user
Request
Execute on rest ninja
DELETE /users/foo HTTP/1.1Create an ACL document
Request
Execute on rest ninja
POST /acl HTTP/1.1
{
"predicate": "path-prefix[/inventory] and method[GET]",
"roles": [ "user" ],
"priority": 1
}|
Tip
|
Check /docs/security/authorization/#format-of-permissions[Format of permission] for more information on ACL permissions. |
|
Tip
|
Watch Managing users with practical examples |