Updated at July 17, 2026 02:08 PM
box.schema.user.create()
Create a user. For explanation of how Tarantool maintains user data, see section Users and reference on _user space.
The possible options are:
if_not_exists=true|false(default =false) - boolean;truemeans there should be no error if the user already exists,password(default = '') - string; thepassword= password specification is good because in a URI (Uniform Resource Identifier) it is usually illegal to include a username without a password.
Parameters:
-
name(string) — a user name, which should conform to the rules for object names -
options(table) —if_not_exists,password
Returns
nil
Examples:
box.schema.user.create('testuser', { password = 'foobar' })t.assert_equals(box.space._user.index.name:select { 'testuser' }[1][5]['chap-sha1'], 'm1ADQ7xS4pERcutSrlz0hHYExuU=')end)endg.test_current_user_password_set = function(cg)cg.server:exec(function()box.session.su('admin')-- Set a password for the current user --box.schema.user.passwd('foobar')-- End: Set a password for the current user --t.assert_equals(box.space._user.index.name:select { 'admin' }[1][5]['chap-sha1'], 'm1ADQ7xS4pERcutSrlz0hHYExuU=')end)endg.test_specified_user_password_set = function(cg)cg.server:exec(function()box.schema.user.create('testuser')-- Set a password for the specified user --box.schema.user.passwd('testuser', 'foobar')-- End: Set a password for the specified user --t.assert_equals(box.space._user.index.name:select { 'testuser' }[1][5]['chap-sha1'], 'm1ADQ7xS4pERcutSrlz0hHYExuU=')end)endg.test_grant_revoke_privileges_user = function(cg)cg.server:exec(function()box.schema.user.create('testuser', { password = 'foobar' })box.schema.user.grant('testuser', 'execute', 'universe')-- Grant privileges to the specified user --box.schema.user.grant('testuser', 'read', 'space', 'writers')box.schema.user.grant('testuser', 'read,write', 'space', 'books')-- End: Grant privileges to the specified user --box.session.su('testuser')local _, delete_writer_error = pcall(function()box.space.writers:delete(3)end)t.assert_equals(delete_writer_error:unpack().message, "Write access to space 'writers' is denied for user 'testuser'")box.session.su('admin')-- Revoke space reading --box.schema.user.revoke('testuser', 'write', 'space', 'books')-- End: Revoke space reading --box.session.su('testuser')local _, delete_book_error = pcall(function()box.space.books:delete(10)end)t.assert_equals(delete_book_error:unpack().message, "Write access to space 'books' is denied for user 'testuser'")box.session.su('admin')-- Revoke session --box.schema.user.revoke('testuser', 'session', 'universe')-- End: Revoke session --local _, change_user_error = pcall(function()box.session.su('testuser')end)t.assert_equals(change_user_error:unpack().message, "Session access to universe '' is denied for user 'testuser'")end)endg.test_user_dropped = function(cg)cg.server:exec(function()box.schema.user.create('testuser')-- Drop a user --box.schema.user.drop('testuser')-- End: Drop a user --t.assert_equals(box.schema.user.exists('testuser'), false)end)end
See also: access_control_users.