CREATE APPLICATION IDENTITY

Purpose

Use CREATE APPLICATION IDENTITY to create an application identity.

Prerequisites

You must have the CREATE APPLICATION IDENTITY privilege to execute this command.

You can use the DBA_APPLICATION_IDENTITIES data dictionary view to query the existing application identities.

Syntax


Description of create_application_identity.eps follows
Description of the illustration create_application_identity.eps

Semantics

  • OR REPLACE: When OR REPLACE is specified, and the application identity does not exist, it will be created. If the application identity already exists, the identifier_string will be replaced.

    When OR REPLACE is not specified, and the application identity does not exist, it will be created. If the application identity already exists, then an error will be thrown.

  • IF NOT EXISTS: If you specify IF NOT EXISTS and the application identity already exists, no error is thrown. If the end user does not exist, then it will be created.

    If you do not specify IF NOT EXISTS and the application identity already exists, an error is thrown. If the application identity does not exist, then it will be created.

  • Note that only one of OR REPLACE or IF NOT EXISTS is allowed in the same statement at a time. Using both OR REPLACE and IF NOT EXISTS in the same statement results in an error .

  • app_identity: The name of the application identity to be created.

    Note that the same application cannot have more than one application identity mapping in the database. When creating an application identity, an error will be raised if the specified identifier string already exists for another application identity. The identifier string comparison is case insensitive.

  • identitifier_string: The identifier string for the external identity provider mapping. Supported prefixes are: AZURE_CLIENT_ID=<id> for Microsoft Entra ID, or IAM_OAUTH_CLIENT_ID=<id> for Oracle Cloud Infrastructure Identity and Access Management (OCI IAM). The identifier_string parameter must be fewer than 1024 characters. The database raises an error if this limit is exceeded.

Example

The following SQL statement creates an application identity hcm_app, which identifies an application that connects to the database.


CREATE APPLICATION IDENTITY hcm_app MAPPED TO 

'AZURE_CLIENT_ID = f1fab37e-7aa2-4ff8-849c-7e731fea3b48';