The Business Rules Engine

Users and Groups

Create User

create_user := CREATE USER <username> IDENTIFIED BY '<password>' [AS ROBOT]? 
               [ ( <user_property> = '<property_value>' [ , ... ]* ) ] 
user_property := FIRST_NAME | MIDDLE_NAME | LAST_NAME | 
                 ORGANIZATION | ADDRESS | CITY | STATE_PROV | 
                 POSTAL_CODE | COUNTRY | PHONE | ALT_PHONE | 
                 EMAIL

Users in Coda are the means by which people or systems log in to the server and do work. Every username must be unique, and one user can access multiple applications and be part of multiple groups. Every Coda system has one mandatory account called ROOT which is set up when the database is created. This user by definition has all privileges in the system and cannot be removed or modified.

The "robot" designation is used to indicate that a particular login belongs to an automated system rather than a person. This is useful for administrators as they can grant access to logical users as well as physical, organic users.

In addition to username, password, and robot flag, users have a variety of optional biographical properties that can be set. While not exhaustive, these properties help establish identity within the CodaServer system and provide useful information that can be used by applications.

Alter User

alter_user := ALTER USER <username> [
              SET PASSWORD = '<password>' |
              SET <user_property> = '<property_value>' [ , ... ]*
              ]
user_property := FIRST_NAME | MIDDLE_NAME | LAST_NAME | 
                 ORGANIZATION | ADDRESS | CITY | STATE_PROV | 
                 POSTAL_CODE | COUNTRY | PHONE | ALT_PHONE | 
                 EMAIL

Alter user lets you modify any data about the user, except for their status as robots. It is worth mentioning that the ROOT user is the only one who can modify ROOT's information.

Drop User

drop_user := DROP USER <username>

Drop user removes a user from the system permanently.

Create Group

create_group := CREATE GROUP <group_name> [DISPLAYED AS '<display_name>']?

Creates a group with the specified name. Optionally, a display name can be specified so that applications looking to use groups have a human-readable version to use in drop downs, etc.

Alter Group

alter_group := ALTER GROUP <group_name> [
               RENAME TO <group_name> |
               SET DISPLAY '<display_name>' |
               ADD USER <username> |
               REMOVE USER <username>
               ] 

Alters any of the properties of the group, and adds or removes users.

Drop Group

drop_group := DROP GROUP <group_name>

Drops a group permanently.

Application Grants and Revokes

grant_application := GRANT CONNECT TO <application_name>
                     TO GROUP <group_name>
revoke_application := REVOKE CONNECT TO <application_name>
                      FROM GROUP <group_name>

In order for groups to connect to applications they need to be given permission. These commands give and take away that permission.

On a REVOKE, all users who have been granted access through the group in question will immediately have that access taken away. This is a one-way operation and cannot be undone; you should make sure you back up your data before performing it.