Home / Documentation / User Management

User Management

Comprehensive user management with role-based access control

Table of Contents

Overview

ShibuDB provides a comprehensive user management system with role-based access control (RBAC) and fine-grained permissions. The system supports multiple user roles and space-specific permissions to ensure secure access to database resources.

Key Features

  • Role-Based Access Control: Admin and User roles with different privileges
  • Space-Level Permissions: Fine-grained control over individual spaces
  • Secure Authentication: Password-based authentication with role validation
  • User Lifecycle Management: Create, update, and delete users
  • Permission Inheritance: Role-based default permissions with space-specific overrides

Security Architecture

Security Layers 
┌─────────────────────────────────────┐
│         Authentication Layer        │
├─────────────────────────────────────┤
│  Username/Password Validation       │
├─────────────────────────────────────┤
│         Authorization Layer         │
├─────────────────────────────────────┤
│  Role-Based Access Control (RBAC)   │
├─────────────────────────────────────┤
│      Permission Enforcement         │
├─────────────────────────────────────┤
│  Space-Level Permission Checks      │
└─────────────────────────────────────┘

Authentication System

Understanding how authentication works in ShibuDB.

Admin User Setup

On first startup, ShibuDB prompts you to create an admin user. You can also pass credentials directly:

  • Role: admin
  • Permissions: Full access to all spaces

Login Process

Login Example 
# Connect to ShibuDB (interactive prompt)
shibudb connect 9090

# You'll be prompted for credentials
Username: admin
Password: ****

# Connect with credentials (non-interactive)
shibudb connect --admin-user admin --admin-password admin 9090

# Successful login response
Login successful.
[]>

Authentication Flow

  1. Connection: Client connects to server
  2. Login Request: Client sends username/password
  3. Validation: Server validates credentials
  4. Role Assignment: Server assigns user role and permissions
  5. Session: Client can now execute commands based on permissions

User Roles

Different user roles with specific privileges and use cases.

Admin Role

Privileges:

  • Create and delete spaces
  • Create, update, and delete users
  • Full access to all spaces (read/write)
  • Manage user permissions
  • Access to all system commands

Use Case: System administrators, database owners

User Role

Privileges:

  • Access to spaces based on permissions
  • Read/write operations on permitted spaces
  • Cannot create or delete spaces
  • Cannot manage other users

Use Case: Application users, developers, analysts

User Management Commands

Commands for managing users and their permissions. All commands are admin-only unless stated otherwise.

Creating Users

The CREATE-USER command is interactive — it will prompt for username, password, role, and permissions:

Create User 
# Create a new user (interactive prompts for username, password, role, permissions)
CREATE-USER

Updating Users

Update Password 
# Update a user's password (interactive prompt for new password)
UPDATE-USER-PASSWORD john
Update Role 
# Update a user's role (interactive prompt for new role: admin/user)
UPDATE-USER-ROLE john
Update Permissions 
# Update a user's space permissions (interactive)
# Permission format: space_name=permission_type (e.g. users=read, products=write)
UPDATE-USER-PERMISSIONS john

Viewing and Deleting Users

Get / Delete User 
# Get user information
GET-USER john

# Delete user
DELETE-USER john

Permission System

Understanding the permission system and access control.

Permission Types

Permissions use the format <space_name>=<permission_type>:

  • read: Allows GET, GET-VECTOR, SEARCH-TOPK, RANGE-SEARCH operations
  • write: Allows PUT, DELETE, INSERT-VECTOR, GET, GET-VECTOR, SEARCH-TOPK, RANGE-SEARCH operations

Space-Level Permissions

Assign permissions interactively using UPDATE-USER-PERMISSIONS. Enter permissions in the format space_name=permission_type:

Permission Examples 
# Example permission entries (entered interactively):
users=read
products=write
analytics=write
tenant_a_data=read

Permission Inheritance

  • Admin users have full access to all spaces by default
  • Regular users have no access by default
  • Space-specific permissions must be explicitly granted per space
  • Permissions are checked on every operation

Security Best Practices

Recommended security practices for user management.

Password Security

  • Use strong, unique passwords for each user
  • Change default admin password immediately
  • Implement password rotation policies
  • Use password managers for secure storage

User Management

  • Create separate users for different applications
  • Use principle of least privilege
  • Regularly review and update user permissions
  • Remove unused user accounts promptly

Access Control

  • Grant minimal required permissions
  • Use space isolation for multi-tenant applications
  • Monitor user access patterns
  • Implement audit logging for sensitive operations

Examples and Use Cases

Common scenarios and practical examples.

Multi-Tenant Application

Multi-Tenant Setup 
# Create spaces for different tenants (admin)
CREATE-SPACE tenant1_data --engine key-value
CREATE-SPACE tenant2_data --engine key-value

# Create users for each tenant (interactive - CREATE-USER prompts for details)
CREATE-USER
# Enter: username=tenant1_user, role=user, permissions: tenant1_data=write

CREATE-USER
# Enter: username=tenant2_user, role=user, permissions: tenant2_data=write

Application Development

Development Setup 
# Create development spaces (admin)
CREATE-SPACE dev_users --engine key-value
CREATE-SPACE dev_vectors --engine vector --dimension 128

# Create development user (interactive)
CREATE-USER
# Enter: username=dev_user, role=user, permissions: dev_users=write, dev_vectors=write

Read-Only Analytics

Analytics Access 
# Create analytics user (interactive)
CREATE-USER
# Enter: username=analyst, role=user
# Permissions: users=read, products=read, analytics=write

# To update permissions later:
UPDATE-USER-PERMISSIONS analyst

Troubleshooting

Common issues and solutions for user management.

Common Issues

  • Authentication Failed: Check username/password
  • Permission Denied: Verify user has required permissions
  • User Not Found: Ensure user exists and is spelled correctly
  • Space Access Denied: Check space-specific permissions

Reset Admin Password

Password Reset 
# Stop the server
shibudb stop

# Remove users file to reset
rm ~/.shibudb/lib/users.json

# Start server (will prompt for new admin credentials)
shibudb start 9090

Debugging Commands

Debug Commands 
# Get detailed user info
GET-USER username

# Delete user
DELETE-USER username

# Update user password (interactive)
UPDATE-USER-PASSWORD username

# Update user role (interactive)
UPDATE-USER-ROLE username

# Update user permissions (interactive)
UPDATE-USER-PERMISSIONS username