Authentication and Authorisation
ArangoDB only provides a very simple authentication interface and no authorisation. We plan to add authorisation features in later releases, which will allow the administrator to restrict access to collections and queries to certain users, given them either read or write access.
Currently, you can only secure the access to the HTTP client and admin port in a all-or-nothing fashion. The collection _users contains all user and the SHA256 of their passwords. A user can be active or inactive. A typical document of this collection is
{
"_id" : "103022/1675886",
"_rev" : 2147452,
"active" : true,
"user" : "admin",
"password" : "8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918"
}