title: Creating an user zettel
role: manual
tags: #authentication #configuration #manual #security #zettelstore
syntax: zmk
back: 00001004050000 00001005090000 00001006020000 00001010000000 00001010040100 00001010040400 00001010070600 00001012050200 00001012921200 00001017000000 00001018000000
backward: 00001004020000 00001004020200 00001004050000 00001004051400 00001005090000 00001006020000 00001010000000 00001010040100 00001010040400 00001010070300 00001010070600 00001012050200 00001012921200 00001017000000 00001018000000
box-number: 1
copyright: (c) 2020-present by Detlef Stern <ds@zettelstore.de>
created: 20210126175322
forward: 00001004020000 00001004020200 00001004051400 00001006050000 00001010070300
lang: en
license: EUPL-1.2-or-later
modified: 20221205160251
published: 20221205160251
visibility: public

All data to be used for authenticating a user is store in a special zettel called ""user zettel"". 
A user zettel must have set the following two metadata fields:
; ''user-id'' (""user identification"")
: The unique identification to be specified for authentication.
; ''credential''
: A hashed password as generated by the [[``zettelstore password``{="sh"}|00001004051400]] command.
The title of the zettel typically specifies the real name of the user.

The following metadata elements are optional:
; ''user-role''
: Associate the user with some basic privileges, e.g. a [[user role|00001010070300]]
A user zettel may additionally contain metadata that [[overwrites corresponding values|00001004020200]] of the [[runtime configuration|00001004020000]].

A user zettel can only be created by the owner of the Zettelstore.

The owner should execute the following steps to create a new user zettel:
# Create a new zettel.
# Save the zettel to get a [[identifier|00001006050000]] for this zettel.
# Choose a unique identification for the user.
#* If the identifier is not unique, authentication will not work for this user.
# Execute the [[``zettelstore password``|00001004051400]] command.
#* You have to specify the user identification and the zettel identifier
#* If you should not know the password of the new user, send her/him the user identification and the user zettel identifier, so that the person can create the hashed password herself.
# Edit the user zettel and add the hashed password under the meta key ''credential'' and the user identification under the key ''user-id''.