SQL Statements: CREATE SYNONYM to DROP ROLLBACK SEGMENT, 9 of 31

CREATE USER

Purpose

Use the CREATE USER statement to create and configure a database user, or an account through which you can log in to the database and establish the means by which Oracle permits access by the user.

Note: You can enable a user to connect to Oracle through a proxy (that is, an application or application server). For syntax and discussion, refer to ALTER USER .

Prerequisites

You must have CREATE USER system privilege. When you create a user with the CREATE USER statement, the user's privilege domain is empty. To log on to Oracle, a user must have CREATE SESSION system privilege. Therefore, after creating a user, you should grant the user at least the CREATE SESSION privilege.

See Also: GRANT

Syntax

Keywords and Parameters

`user`

Specify the name of the user to be created. This name can contain only characters from your database character set and must follow the rules described in the section "Schema Object Naming Rules". Oracle recommends that the user name contain at least one single-byte character regardless of whether the database character set also contains multi-byte characters.

`IDENTIFIED`

The IDENTIFIED clause lets you indicate how Oracle authenticates the user.

See Also: Oracle8i Application Developer's Guide - Fundamentals and your operating system specific documentation for more information

BY password

The BY password clause lets you creates a local user and indicates that the user must specify password to log on. Passwords can contain only single-byte characters from your database character set regardless of whether this character set also contains multibyte characters.
Passwords must follow the rules described in the section "Schema Object Naming Rules", unless you are using Oracle's password complexity verification routine. That routine requires a more complex combination of characters than the normal naming rules permit. You implement this routine with the UTLPWDMG.SQL script, which is further described in Oracle8i Administrator's Guide.

See Also: Oracle8i Administrator's Guide to for a detailed description and explanation of how to use password management and protection

EXTERNALLY

Specify EXTERNALLY to create an external user and indicate that a user must be authenticated by an external service (such as an operating system or a third-party service). Doing so causes Oracle to rely on the login authentication of the operating system to ensure that a specific operating system user has access to a specific database user.

Caution: Oracle strongly recommends that you do not use IDENTIFIED EXTERNALLY with operating systems that have inherently weak login security. For more information, see Oracle8i Administrator's Guide.

GLOBALLY AS 'external_name'

The GLOBALLY clause lets you create a global user and indicates that a user must be authenticated by the enterprise directory service. The 'external_name' string can take one of two forms:

The X.509 name at the enterprise directory service that identifies this user. It should be of the form 'CN=username,other_attributes', where other_attributes is the rest of the user's distinguished name (DN) in the directory.

A null string (' ') indicating that the enterprise directory service will map authenticated global users to the appropriate database schema with the appropriate roles

Note: You can control the ability of an application server to connect as the specified user and to activate that user's roles using the ALTER USER statement.

See Also:

- Oracle Advanced Security Administrator's Guide for more information on global users

- ALTER USER

`DEFAULT` `TABLESPACE`

Specify the default tablespace for objects that the user creates. If you omit this clause, objects default to the SYSTEM tablespace.

See Also: CREATE TABLESPACE for more information on tablespaces

`TEMPORARY` `TABLESPACE`

Specify the tablespace for the user's temporary segments. If you omit this clause, temporary segments default to the SYSTEM tablespace.

`QUOTA`

Use the QUOTA clause to allow the user to allocate space in the tablespace and optionally establishes a quota of integer bytes. Use K or M to specify the quota in kilobytes or megabytes. This quota is the maximum space in the tablespace the user can allocate.

A CREATE USER statement can have multiple QUOTA clauses for multiple tablespaces.

UNLIMITED allows the user to allocate space in the tablespace without bound.

`PROFILE`

Specify the the profile you want to reassign to the user. The profile limits the amount of database resources the user can use. If you omit this clause, Oracle assigns the DEFAULT profile to the user.

See Also: GRANT and CREATE PROFILE

`PASSWORD` `EXPIRE`

Specify PASSWORD EXPIRE if you want the user's password to expire. This setting forces the user (or the DBA) to change the password before the user can log in to the database.

`ACCOUNT` Clause

ACCOUNT LOCK

Specify ACCOUNT LOCK to lock the user's account and disables access.

ACCOUNT UNLOCK

Specify ACCOUNT UNLOCK to unlock the user's account and enables access to the account.

Examples

Creating a User Example

If you create a new user with PASSWORD EXPIRE, the user's password must be changed before attempting to log in to the database. You can create the user sidney by issuing the following statement:

CREATE USER sidney 
    IDENTIFIED BY welcome 
    DEFAULT TABLESPACE cases_ts 
    QUOTA 10M ON cases_ts 
    TEMPORARY TABLESPACE temp_ts 
    QUOTA 5M ON system 
    PROFILE engineer 
    PASSWORD EXPIRE;

The user sidney has the following characteristics:

The password welcome
Default tablespace cases_ts, with a quota of 10 megabytes
Temporary tablespace temp_ts
Access to the tablespace SYSTEM, with a quota of 5 megabytes
Limits on database resources defined by the profile engineer
An expired password, which must be changed before sidney can log in to the database

To create a user accessible only by the operating system account george, prefix george by the value of the initialization parameter OS_AUTHENT_PREFIX. For example, if this value is "ops$", you can create the user ops$george with the following statement:

CREATE USER ops$george 
    IDENTIFIED EXTERNALLY 
    DEFAULT TABLESPACE accs_ts 
    TEMPORARY TABLESPACE temp_ts 
    QUOTA UNLIMITED ON accs_ts;

The user ops$george has the following additional characteristics:

Default tablespace accs_ts
Default temporary tablespace temp_ts
Unlimited space on the tablespaces accs_ts and temp_ts
Limits on database resources defined by the DEFAULT profile

The following example creates user cindy as a global user:

CREATE USER cindy 
   IDENTIFIED GLOBALLY AS 'CN=cindy,OU=division1,O=oracle,C=US'
   DEFAULT TABLESPACE legal_ts
   QUOTA 20M ON legal_ts
   PROFILE lawyer;

`BY` `password`	The `BY` `password` clause lets you creates a local user and indicates that the user must specify `password` to log on. Passwords can contain only single-byte characters from your database character set regardless of whether this character set also contains multibyte characters. Passwords must follow the rules described in the section "Schema Object Naming Rules", unless you are using Oracle's password complexity verification routine. That routine requires a more complex combination of characters than the normal naming rules permit. You implement this routine with the `UTLPWDMG.SQL` script, which is further described in Oracle8i Administrator's Guide. See Also: Oracle8i Administrator's Guide to for a detailed description and explanation of how to use password management and protection
`EXTERNALLY`	Specify `EXTERNALLY` to create an external user and indicate that a user must be authenticated by an external service (such as an operating system or a third-party service). Doing so causes Oracle to rely on the login authentication of the operating system to ensure that a specific operating system user has access to a specific database user.
	Caution: Oracle strongly recommends that you do not use `IDENTIFIED` `EXTERNALLY` with operating systems that have inherently weak login security. For more information, see Oracle8i Administrator's Guide.
`GLOBALLY` `AS` '`external_name`'	The `GLOBALLY` clause lets you create a global user and indicates that a user must be authenticated by the enterprise directory service. The '`external_name`' string can take one of two forms:
	The X.509 name at the enterprise directory service that identifies this user. It should be of the form '`CN=``username,other_attributes'`, where `other_attributes` is the rest of the user's distinguished name (DN) in the directory. A null string (' ') indicating that the enterprise directory service will map authenticated global users to the appropriate database schema with the appropriate roles
	Note: You can control the ability of an application server to connect as the specified user and to activate that user's roles using the `ALTER` `USER` statement. See Also: - Oracle Advanced Security Administrator's Guide for more information on global users - ALTER USER

`ACCOUNT` `LOCK`	Specify `ACCOUNT` `LOCK` to lock the user's account and disables access.
`ACCOUNT` `UNLOCK`	Specify `ACCOUNT` `UNLOCK` to unlock the user's account and enables access to the account.

CREATE USER

Purpose

Prerequisites

Syntax

Keywords and Parameters

user

IDENTIFIED

DEFAULT TABLESPACE

TEMPORARY TABLESPACE

QUOTA

PROFILE

PASSWORD EXPIRE

ACCOUNT Clause