# Cybus::User

This resource creates a *user* and optionally assigns initial permissions. See also [user management](https://docs.cybus.io/1-10-1/documentation/user-management).

The permissions for this user can be specified by assigning this user to some [roles](#roles) (preferred) or by directly listing a set of [permissions](#permissions).

The identifier of the resource is also automatically taken as the *username* for the new user. The *username* must be at least 3 characters long.

## Properties

| Property                    | Type       | Required     |
| --------------------------- | ---------- | ------------ |
| [password](#password)       | `string`   | **Required** |
| [permissions](#permissions) | `object[]` | Optional     |
| [roles](#roles)             | `string[]` | Optional     |

### password

* is **required**
* type: `string`; must be minimum length: 5 characters

### permissions

The list of permissions for this user. It is suggested to not use this property directly, but rather defining [Cybus::Role](https://docs.cybus.io/1-10-1/documentation/services/service-commissioning-files/resources/cybus-role) resources with the list of the actual permissions, and adding those role(s) to the [roles](#roles) property here.

* is optional
* type: `object[]`; all items must be of the type: `object` with following properties:

| Property                | Type   | Required     |
| ----------------------- | ------ | ------------ |
| [context](#context)     | string | **Required** |
| [operation](#operation) | string | **Required** |
| [resource](#resource)   | string | **Required** |

#### context

The context in which the user permissions for the resource should be interpreted.

* is **required**
* type: `enum`; the value of this property **must** be equal to one of the below:
  * `mqtt` when describing permissions for MQTT topics
  * `http` when describing permissions for REST API paths

#### operation

The allowed access operation to the resource.

* is **required**
* type: `enum`; the value of this property **must** be equal to one of the below:
  * `read`
  * `write`
  * `readWrite`

#### resource

Resource path. Can be REST-ful API path or MQTT topic.

* is **required**
* type: `string`

### roles

The list of [Cybus::Role](https://docs.cybus.io/1-10-1/documentation/services/service-commissioning-files/resources/cybus-role) identifiers for this user, which describe the actual permissions. This is the suggested way of specifying actual permissions.

* is optional
* type: `string[]`
* All items must be of the type: `string`

## Example

{% code lineNumbers="true" %}

```yaml
myUser:
 type: Cybus::User
  properties:
    password: 'somePassword1'
    permissions:
      - resource: userspace/werner/#
        operation: readWrite
        context: mqtt
```

{% endcode %}