Create Users on Autonomous Database

There are several options to create users on Autonomous Database. You can use Oracle Database Actions Database Users card or use client-side tools that connect to the database to create database users.

• Create Users on Autonomous Database with Database Actions
  You can quickly create Autonomous Database users with Database Actions.
• Create Users on Autonomous Database - Connecting with a Client Tool
  You can create users by connecting to the database as the ADMIN user using any SQL client tool.
• Unlock User Accounts on Autonomous Database
  If a user account is locked, as the ADMIN user you can unlock the account.
• About User Passwords on Autonomous Database
  Autonomous Database requires strong passwords; the password you specify for a user must meet the minimum default password complexity rules.
• Manage the Administrator Account on Autonomous Database
  You can change the administrator user (ADMIN) password and when locked, unlock the administrator user account on Autonomous Database. When you use the APIs to create an Autonomous Database or to reset the ADMIN password, you can optionally use an Oracle Cloud Infrastructure Vault secret to store the password.

Create Users on Autonomous Database with Database Actions

You can quickly create Autonomous Database users with Database Actions.

First, access Database Actions as the ADMIN user. See Access Database Actions as ADMIN for more information.

1. Click the top left next to Oracle Database Actions.

   This shows the Database Actions menu, including Development, Data Studio, Administration, and Downloads.

2. Under Administration click Database Users.
3. On the Database Users page, in the All Users area click Create User.
4. To create a new user, enter a user name, a password, and enter the password again to confirm the password. Also select any options you want to enable for the user: Graph, OML, or Web Access.

   
   Description of the illustration adb_databaseactions_create_user.png

5. Set a value for the Quota on tablespace DATA for the user.
6. If you want to grant roles for the new user, click the Granted Roles tab and select the roles for the user. For example, select DWROLE and CONNECT.
7. Click Create User.

   Database Actions shows the User Created confirmation message.

See Manage User Roles and Privileges on Autonomous Database for more information on granting roles and adding or updating privileges for a user.

See The Database Users Page for detailed information on Database Actions Database Users.

If you provide Web Access for the new user, then you need to send a URL to the new user. See Provide Database Actions Access to Database Users for more information.

The administrator needs to provide the credentials wallet to the new user for client-side access. See Connect to Autonomous Database for more information on client-side access credentials.

Note:

Autonomous Database requires strong passwords; the password you specify must meet the default password complexity rules. See About User Passwords on Autonomous Database for more information.

See Create Oracle APEX Workspaces in Autonomous Database for information on creating APEX workspaces.

See Create and Update User Accounts for Oracle Machine Learning Components on Autonomous Database to add user accounts for Oracle Machine Learning Notebooks.

Create Users on Autonomous Database - Connecting with a Client Tool

You can create users by connecting to the database as the ADMIN user using any SQL client tool.

For example, connect using Oracle SQL Developer (see Connect Oracle SQL Developer with a Wallet (mTLS)).

1. Connect as the ADMIN user.
2. Run the following SQL statements:

   CREATE USER new_user IDENTIFIED BY password;
   GRANT CREATE SESSION TO new_user;

   Note:

   IDENTIFIED with the EXTERNALLY clause is not supported with Autonomous Database.

   In addition, IDENTIFIED with the BY VALUES clause is not allowed.

This creates new_user with connect privileges. This user can now connect to the database and run queries. To grant additional privileges to users, see Manage User Roles and Privileges on Autonomous Database.

The administrator needs to provide the credentials wallet to the user new_user. See Connect to Autonomous Database for more information on client credentials.

Note:

Autonomous Database requires strong passwords; the password you specify must meet the default password complexity rules. See About User Passwords on Autonomous Database for more information.

See Provide Database Actions Access to Database Users to add users for Database Actions.

See Create Oracle APEX Workspaces in Autonomous Database for information on creating APEX workspaces.

See Create and Update User Accounts for Oracle Machine Learning Components on Autonomous Database to add user accounts for Oracle Machine Learning components.

Unlock User Accounts on Autonomous Database

If a user account is locked, as the ADMIN user you can unlock the account.

To unlock an account, connect to your database as the ADMIN user and run the following command:

ALTER USER username IDENTIFIED BY password ACCOUNT UNLOCK;

See SQL Language Reference for information on the ALTER USER command.

About User Passwords on Autonomous Database

Autonomous Database requires strong passwords; the password you specify for a user must meet the minimum default password complexity rules.

Autonomous Database sets minimum standards for passwords, and the default profile sets parameters to limit the number of failed login attempts.

• The password must be between 12 and 30 characters long and must include at least one uppercase letter, one lowercase letter, and one numeric character.

  Note, the password limit is shown as 60 characters in some help tooltip popups. Limit passwords to a maximum of 30 characters.

• The password cannot contain the username.

• The password cannot be one of the last four passwords used for the same username.

• The password cannot contain the double quote (") character.

• The password must not be the same password that is set less than 24 hours ago.

To change the password complexity rules and password parameter values you can alter the default profile or create a new profile and assign it to users. See Manage User Profiles with Autonomous Database for more information.

The following are the Autonomous Database default profile password parameter values:

Password Parameter	Description	Value
FAILED_LOGIN_ATTEMPTS	The maximum times a user can try to log in and fail before locking the account. This limit applies for regular database user accounts.	10
PASSWORD_GRACE_TIME	The number of days after the grace period begins during which a warning is issued and login is allowed.	30
PASSWORD_LIFE_TIME	The number of days the same password can be used for authentication.	360
PASSWORD_LOCK_TIME	The number of days an account will be locked after the specified number of consecutive failed login attempts.	1
PASSWORD_REUSE_MAX	The number of password changes required before the current password can be reused.	4
PASSWORD_REUSE_TIME	The number of days before which a password cannot be reused.	1

See Manage User Profiles with Autonomous Database for information on using CREATE USER or ALTER USER with a profile clause.

See SQL Language Reference for information on the ALTER USER command.

Manage the Administrator Account on Autonomous Database

You can change the administrator user (ADMIN) password and when locked, unlock the administrator user account on Autonomous Database. When you use the APIs to create an Autonomous Database or to reset the ADMIN password, you can optionally use an Oracle Cloud Infrastructure Vault secret to store the password.

See CreateAutonomousDatabase for more information.

• Set the ADMIN Password in Autonomous Database
  Provides the steps to set the ADMIN password.
• Unlock the ADMIN Account in Autonomous Database
  Shows the steps to unlock the ADMIN user account.
• Use Oracle Cloud Infrastructure Vault Secret for ADMIN Password
  When you create or clone an Autonomous Database instance or when you reset the ADMIN password, you can use an Oracle Cloud Infrastructure vault secret to specify the ADMIN password.

Set the ADMIN Password in Autonomous Database

Provides the steps to set the ADMIN password.

From the Oracle Cloud Infrastructure Console, change the password for the ADMIN user by following these steps:

1. On the Details page, from the More actions drop-down list, select Administrator password.
2. On the Administrator password page enter the new password and confirm.
3. Click Update.

Note:

You can also use Database Actions to change the password for the ADMIN user. See Manage Users and User Roles on Autonomous Database - Connecting with Database Actions for more information.

The password for the default administrator account, ADMIN, has the same password complexity rules mentioned in the section Create Users on Autonomous Database - Connecting with a Client Tool.

Unlock the ADMIN Account in Autonomous Database

Shows the steps to unlock the ADMIN user account.

Perform the following prerequisite steps as necessary:

• Open the Oracle Cloud Infrastructure Console by clicking the next to Oracle Cloud.

• From the Oracle Cloud Infrastructure left navigation menu click Oracle Database and then, depending on your workload click one of: Autonomous Data Warehouse, Autonomous JSON Database, or Autonomous Transaction Processing.

• On the Autonomous Databases page select an Autonomous Database from the links under the Display name column.

Use the following steps to unlock the ADMIN account by updating the ADMIN password:

1. On the Details page, from the More actions drop-down list, select Administrator password.
2. On the Administrator password page enter the new password and confirm.
3. Click Update.

This operation unlocks the ADMIN account if it was locked.

The password for the default administrator account, ADMIN, has the same password complexity rules mentioned in the section Create Users on Autonomous Database - Connecting with a Client Tool.

Use Oracle Cloud Infrastructure Vault Secret for ADMIN Password

When you create or clone an Autonomous Database instance or when you reset the ADMIN password, you can use an Oracle Cloud Infrastructure vault secret to specify the ADMIN password.

Autonomous Database allows you to use the APIs to provide a protected vault secret as the ADMIN password, with secure access to the vault secret granted through Oracle Cloud Infrastructure IAM policies.

Note:

Using an Oracle Cloud Infrastructure vault secret for the ADMIN password is only supported with the APIs.

Oracle Cloud Infrastructure Vault secrets are credentials that you use with Oracle Cloud Infrastructure services. Storing secrets in a vault provides greater security than you might achieve storing them elsewhere, such as in code or in configuration files. By calling database APIs you can use secrets from the Vault Service to set the ADMIN password. The vault secret password option is available when you create or clone an Autonomous Database instance, or when you set or reset the ADMIN password.

You create secrets using the Oracle Cloud Infrastructure Console, CLI, or API.

Notes for using a vault secret to set or reset the ADMIN password:

• In order for Autonomous Database to reach the secret in a vault, the following conditions must apply:

  • The secret must be in current or previous state.

  • If you specify a secret version in the API call, the specified secret version is used. If you do not specify a secret version, the call uses the latest secret version.

  • You must have the proper user group policy that allows READ access to the specific secret in a given compartment. For example:

    Allow userGroup1 to read secret-bundles in compartment training

• The password stored in the secret must conform to Autonomous Database password requirements.

See the following for more information:

• Overview of Vault

• CreateAutonomousDatabase

• UpdateAutonomousDatabaseDetails

• About User Passwords on Autonomous Database

• Managing Secrets