v8 v7 v6 v5 v4 v3
Edit Page

User Management

Introduction

This section provides instructions on how to create, update and delete users with the default authenticator mongoRealAuthenticator.

It also shows how to manage permissions with the default authorizer mongoAclAuthorizer.

Note
 The mongoRealAuthenticator is configured to utilize the "/users" collection as its default storage location for user documents. Similarly, the mongoAclAuthorizer employs the "/acl" collection as its default repository for storing permissions.

Before running the example requests

The following examples assume RESTHeart running on the localhost with the default configuration: the database restheart is bound to / and the user admin exists with default password secret.

User document

With the default configuration, a user is represented as follows:

{
    "_id": "username",
    "roles": [ "list", "of", "roles" ],
    "password": "secret"
}
Tip
 mongoRealAuthenticator can be configured to use different properties for the username, roles an password. Check mongoRealAuthenticator for more information.

Get existing users

Request Execute with restninja 
GET /users HTTP/1.1
Response 
[
  {
    "_id": "admin",
    "roles": [
      "admin"
    ],
    "_etag": {
      "$oid": "5d2edb155883c050065d6a8a"
    }
  }
]
Note
 The password is always hidden on GET requests.
Note
 For security reasons, it not possible to use the filter query parameter on the password field; the following request is forbidden and will cause an error: GET /users?filter={"password":{"$regex":"^a.*"}}

Create a user

Request Execute with restninja 
POST /users HTTP/1.1

{
    "_id": "foo",
    "roles": [ "user" ],
    "password": "secret"
}
Note
 The password is automatically encrypted by RESTHeart.

Update a user

Request Execute with restninja 
PATCH /users/foo HTTP/1.1

{
    "password": "betterSecret"
}

Delete a user

Request Execute with restninja 
DELETE /users/foo HTTP/1.1

Create an ACL document

Request Execute with restninja 
POST /acl HTTP/1.1

{
  "predicate": "path-prefix[/inventory] and method[GET]",
  "roles": [ "user" ],
  "priority": 1
}
Tip
 Check Format of permission for more information on ACL permissions.
Tip
 Watch Managing users with practical examples