Tarantool CE/EE Documentation portal logo
Support
Updated at July 17, 2026   02:08 PM

box.schema.user.create()

box.schema.user.create(name [, {options}])

Create a user. For explanation of how Tarantool maintains user data, see section Users and reference on _user space.

The possible options are:

  • if_not_exists = true|false (default = false) - boolean; true means there should be no error if the user already exists,
  • password (default = '') - string; the password = password specification is good because in a URI (Uniform Resource Identifier) it is usually illegal to include a username without a password.

Parameters:

  • name (string) — a user name, which should conform to the rules for object names

  • options (table) — if_not_exists, password

Returns

nil

Examples:

box.schema.user.create('testuser', { password = 'foobar' })        t.assert_equals(box.space._user.index.name:select { 'testuser' }[1][5]['chap-sha1'], 'm1ADQ7xS4pERcutSrlz0hHYExuU=')    end)endg.test_current_user_password_set = function(cg)    cg.server:exec(function()        box.session.su('admin')        -- Set a password for the current user --        box.schema.user.passwd('foobar')        -- End: Set a password for the current user --        t.assert_equals(box.space._user.index.name:select { 'admin' }[1][5]['chap-sha1'], 'm1ADQ7xS4pERcutSrlz0hHYExuU=')    end)endg.test_specified_user_password_set = function(cg)    cg.server:exec(function()        box.schema.user.create('testuser')        -- Set a password for the specified user --        box.schema.user.passwd('testuser', 'foobar')        -- End: Set a password for the specified user --        t.assert_equals(box.space._user.index.name:select { 'testuser' }[1][5]['chap-sha1'], 'm1ADQ7xS4pERcutSrlz0hHYExuU=')    end)endg.test_grant_revoke_privileges_user = function(cg)    cg.server:exec(function()        box.schema.user.create('testuser', { password = 'foobar' })        box.schema.user.grant('testuser', 'execute', 'universe')        -- Grant privileges to the specified user --        box.schema.user.grant('testuser', 'read', 'space', 'writers')        box.schema.user.grant('testuser', 'read,write', 'space', 'books')        -- End: Grant privileges to the specified user --        box.session.su('testuser')        local _, delete_writer_error = pcall(function()            box.space.writers:delete(3)        end)        t.assert_equals(delete_writer_error:unpack().message, "Write access to space 'writers' is denied for user 'testuser'")        box.session.su('admin')        -- Revoke space reading --        box.schema.user.revoke('testuser', 'write', 'space', 'books')        -- End: Revoke space reading --        box.session.su('testuser')        local _, delete_book_error = pcall(function()            box.space.books:delete(10)        end)        t.assert_equals(delete_book_error:unpack().message, "Write access to space 'books' is denied for user 'testuser'")        box.session.su('admin')        -- Revoke session --        box.schema.user.revoke('testuser', 'session', 'universe')        -- End: Revoke session --        local _, change_user_error = pcall(function()            box.session.su('testuser')        end)        t.assert_equals(change_user_error:unpack().message, "Session access to universe '' is denied for user 'testuser'")    end)endg.test_user_dropped = function(cg)    cg.server:exec(function()        box.schema.user.create('testuser')        -- Drop a user --        box.schema.user.drop('testuser')        -- End: Drop a user --        t.assert_equals(box.schema.user.exists('testuser'), false)    end)end

See also: access_control_users.