1999-07-22 17:09:15 +02:00
|
|
|
<!--
|
2004-03-09 17:57:47 +01:00
|
|
|
$PostgreSQL: pgsql/doc/src/sgml/ref/create_user.sgml,v 1.33 2004/03/09 16:57:47 neilc Exp $
|
2001-12-08 04:24:40 +01:00
|
|
|
PostgreSQL documentation
|
1999-07-22 17:09:15 +02:00
|
|
|
-->
|
|
|
|
|
1999-06-14 09:37:05 +02:00
|
|
|
<refentry id="SQL-CREATEUSER">
|
|
|
|
<refmeta>
|
2002-02-27 22:14:54 +01:00
|
|
|
<refentrytitle id="sql-createuser-title">CREATE USER</refentrytitle>
|
1999-06-14 09:37:05 +02:00
|
|
|
<refmiscinfo>SQL - Language Statements</refmiscinfo>
|
|
|
|
</refmeta>
|
2002-02-27 22:14:54 +01:00
|
|
|
|
1999-06-14 09:37:05 +02:00
|
|
|
<refnamediv>
|
2002-02-27 22:14:54 +01:00
|
|
|
<refname>CREATE USER</refname>
|
|
|
|
<refpurpose>define a new database user account</refpurpose>
|
1998-12-29 03:24:47 +01:00
|
|
|
</refnamediv>
|
2002-02-27 22:14:54 +01:00
|
|
|
|
2003-08-31 19:32:24 +02:00
|
|
|
<indexterm zone="sql-createuser">
|
|
|
|
<primary>CREATE USER</primary>
|
|
|
|
</indexterm>
|
|
|
|
|
1999-06-14 09:37:05 +02:00
|
|
|
<refsynopsisdiv>
|
2002-02-27 22:14:54 +01:00
|
|
|
<synopsis>
|
2003-09-22 02:16:58 +02:00
|
|
|
CREATE USER <replaceable class="PARAMETER">name</replaceable> [ [ WITH ] <replaceable class="PARAMETER">option</replaceable> [ ... ] ]
|
2001-07-11 00:09:29 +02:00
|
|
|
|
|
|
|
where <replaceable class="PARAMETER">option</replaceable> can be:
|
|
|
|
|
2002-02-27 22:14:54 +01:00
|
|
|
SYSID <replaceable class="PARAMETER">uid</replaceable>
|
|
|
|
| [ ENCRYPTED | UNENCRYPTED ] PASSWORD '<replaceable class="PARAMETER">password</replaceable>'
|
|
|
|
| CREATEDB | NOCREATEDB
|
|
|
|
| CREATEUSER | NOCREATEUSER
|
|
|
|
| IN GROUP <replaceable class="PARAMETER">groupname</replaceable> [, ...]
|
|
|
|
| VALID UNTIL '<replaceable class="PARAMETER">abstime</replaceable>'
|
|
|
|
</synopsis>
|
|
|
|
</refsynopsisdiv>
|
|
|
|
|
|
|
|
<refsect1>
|
|
|
|
<title>Description</title>
|
|
|
|
|
|
|
|
<para>
|
2003-04-22 12:08:08 +02:00
|
|
|
<command>CREATE USER</command> adds a new user to a
|
|
|
|
<productname>PostgreSQL</productname> database cluster. Refer to
|
|
|
|
<xref linkend="user-manag"> and <xref
|
|
|
|
linkend="client-authentication"> for information about managing
|
|
|
|
users and authentication. You must be a database superuser to use
|
|
|
|
this command.
|
2002-02-27 22:14:54 +01:00
|
|
|
</para>
|
2003-04-22 12:08:08 +02:00
|
|
|
</refsect1>
|
2002-02-27 22:14:54 +01:00
|
|
|
|
2003-04-22 12:08:08 +02:00
|
|
|
<refsect1>
|
|
|
|
<title>Parameters</title>
|
1999-07-22 17:09:15 +02:00
|
|
|
|
1999-06-14 09:37:05 +02:00
|
|
|
<variablelist>
|
|
|
|
<varlistentry>
|
2003-09-22 02:16:58 +02:00
|
|
|
<term><replaceable class="parameter">name</replaceable></term>
|
1999-06-14 09:37:05 +02:00
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
The name of the user.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
1999-11-30 04:57:29 +01:00
|
|
|
<varlistentry>
|
|
|
|
<term><replaceable class="parameter">uid</replaceable></term>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
2002-02-27 22:14:54 +01:00
|
|
|
The <literal>SYSID</literal> clause can be used to choose the
|
|
|
|
<productname>PostgreSQL</productname> user ID of the user that
|
2003-04-22 12:08:08 +02:00
|
|
|
is being created. This is not normally not necessary, but may
|
|
|
|
be useful if you need to recreate the owner of an orphaned
|
|
|
|
object.
|
1999-11-30 04:57:29 +01:00
|
|
|
</para>
|
|
|
|
<para>
|
2002-02-27 22:14:54 +01:00
|
|
|
If this is not specified, the highest assigned user ID plus one
|
2001-09-21 22:31:49 +02:00
|
|
|
(with a minimum of 100) will be used as default.
|
1999-11-30 04:57:29 +01:00
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
1999-06-14 09:37:05 +02:00
|
|
|
<varlistentry>
|
2001-09-21 22:31:49 +02:00
|
|
|
<term><replaceable class="parameter">password</replaceable></term>
|
1999-06-14 09:37:05 +02:00
|
|
|
<listitem>
|
|
|
|
<para>
|
2000-01-14 23:11:38 +01:00
|
|
|
Sets the user's password. If you do not plan to use password
|
2003-04-22 12:08:08 +02:00
|
|
|
authentication you can omit this option, but then the user
|
|
|
|
won't be able to connect if you decide to switch to password
|
|
|
|
authentication. The password can be set or changed later,
|
|
|
|
using <xref linkend="SQL-ALTERUSER"
|
|
|
|
endterm="SQL-ALTERUSER-title">.
|
2001-09-21 22:31:49 +02:00
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
2002-02-27 22:14:54 +01:00
|
|
|
<term><literal>ENCRYPTED</></term>
|
|
|
|
<term><literal>UNENCRYPTED</></term>
|
2001-09-21 22:31:49 +02:00
|
|
|
<listitem>
|
2002-02-27 22:14:54 +01:00
|
|
|
<para>
|
2003-04-22 12:08:08 +02:00
|
|
|
These key words control whether the password is stored
|
|
|
|
encrypted in the system catalogs. (If neither is specified,
|
|
|
|
the default behavior is determined by the configuration
|
2004-03-09 17:57:47 +01:00
|
|
|
parameter <xref linkend="guc-password-encryption">.) If the
|
2003-04-22 12:08:08 +02:00
|
|
|
presented password string is already in MD5-encrypted format,
|
|
|
|
then it is stored encrypted as-is, regardless of whether
|
|
|
|
<literal>ENCRYPTED</> or <literal>UNENCRYPTED</> is specified
|
|
|
|
(since the system cannot decrypt the specified encrypted
|
|
|
|
password string). This allows reloading of encrypted
|
|
|
|
passwords during dump/restore.
|
2002-02-27 22:14:54 +01:00
|
|
|
</para>
|
|
|
|
|
|
|
|
<para>
|
2003-04-22 12:08:08 +02:00
|
|
|
Note that older clients may lack support for the MD5
|
|
|
|
authentication mechanism that is needed to work with passwords
|
|
|
|
that are stored encrypted.
|
1999-06-14 09:37:05 +02:00
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
2002-02-27 22:14:54 +01:00
|
|
|
<term><literal>CREATEDB</></term>
|
|
|
|
<term><literal>NOCREATEDB</></term>
|
1999-06-14 09:37:05 +02:00
|
|
|
<listitem>
|
2002-02-27 22:14:54 +01:00
|
|
|
<para>
|
|
|
|
These clauses define a user's ability to create databases. If
|
|
|
|
<literal>CREATEDB</literal> is specified, the user being
|
|
|
|
defined will be allowed to create his own databases. Using
|
|
|
|
<literal>NOCREATEDB</literal> will deny a user the ability to
|
|
|
|
create databases. If this clause is omitted,
|
|
|
|
<literal>NOCREATEDB</literal> is used by default.
|
1999-06-14 09:37:05 +02:00
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
2002-02-27 22:14:54 +01:00
|
|
|
<term><literal>CREATEUSER</literal></term>
|
|
|
|
<term><literal>NOCREATEUSER</literal></term>
|
1999-06-14 09:37:05 +02:00
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
These clauses determine whether a user will be permitted to
|
2000-01-14 23:11:38 +01:00
|
|
|
create new users himself. This option will also make the user
|
2002-02-27 22:14:54 +01:00
|
|
|
a superuser who can override all access restrictions.
|
1999-06-14 09:37:05 +02:00
|
|
|
Omitting this clause will set the user's value of this
|
2002-02-27 22:14:54 +01:00
|
|
|
attribute to be <literal>NOCREATEUSER</literal>.
|
1999-06-14 09:37:05 +02:00
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
1999-07-06 19:16:42 +02:00
|
|
|
<term><replaceable class="parameter">groupname</replaceable></term>
|
1999-06-14 09:37:05 +02:00
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
A name of a group into which to insert the user as a new member.
|
2001-07-11 00:09:29 +02:00
|
|
|
Multiple group names may be listed.
|
1999-06-14 09:37:05 +02:00
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
1999-07-06 19:16:42 +02:00
|
|
|
<term><replaceable class="parameter">abstime</replaceable></term>
|
1999-06-14 09:37:05 +02:00
|
|
|
<listitem>
|
|
|
|
<para>
|
2002-02-27 22:14:54 +01:00
|
|
|
The <literal>VALID UNTIL</literal> clause sets an absolute
|
|
|
|
time after which the user's password is no longer valid. If
|
|
|
|
this clause is omitted the login will be valid for all time.
|
1999-06-14 09:37:05 +02:00
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
1998-12-29 03:24:47 +01:00
|
|
|
</variablelist>
|
2002-02-27 22:14:54 +01:00
|
|
|
</refsect1>
|
|
|
|
|
|
|
|
<refsect1>
|
|
|
|
<title>Notes</title>
|
|
|
|
|
2000-01-14 23:11:38 +01:00
|
|
|
<para>
|
2002-02-27 22:14:54 +01:00
|
|
|
Use <xref linkend="SQL-ALTERUSER" endterm="SQL-ALTERUSER-title"> to
|
|
|
|
change the attributes of a user, and <xref linkend="SQL-DROPUSER"
|
|
|
|
endterm="SQL-DROPUSER-title"> to remove a user. Use <xref
|
|
|
|
linkend="SQL-ALTERGROUP" endterm="SQL-ALTERGROUP-title"> to add the
|
|
|
|
user to groups or remove the user from groups.
|
2003-04-22 12:08:08 +02:00
|
|
|
</para>
|
|
|
|
|
|
|
|
<para>
|
2002-02-27 22:14:54 +01:00
|
|
|
<productname>PostgreSQL</productname> includes a program <xref
|
|
|
|
linkend="APP-CREATEUSER" endterm="APP-CREATEUSER-title"> that has
|
2003-04-22 12:08:08 +02:00
|
|
|
the same functionality as <command>CREATE USER</command> (in fact, it calls this
|
2002-02-27 22:14:54 +01:00
|
|
|
command) but can be run from the command shell.
|
|
|
|
</para>
|
|
|
|
</refsect1>
|
|
|
|
|
|
|
|
<refsect1>
|
|
|
|
<title>Examples</title>
|
|
|
|
|
1999-06-14 09:37:05 +02:00
|
|
|
<para>
|
1998-09-01 17:53:09 +02:00
|
|
|
Create a user with no password:
|
2000-01-14 23:11:38 +01:00
|
|
|
<programlisting>
|
2002-02-27 22:14:54 +01:00
|
|
|
CREATE USER jonathan;
|
2000-01-14 23:11:38 +01:00
|
|
|
</programlisting>
|
1999-06-14 09:37:05 +02:00
|
|
|
</para>
|
1999-07-06 19:16:42 +02:00
|
|
|
|
1999-06-14 09:37:05 +02:00
|
|
|
<para>
|
1998-09-01 17:53:09 +02:00
|
|
|
Create a user with a password:
|
2000-01-14 23:11:38 +01:00
|
|
|
<programlisting>
|
2001-09-14 10:24:29 +02:00
|
|
|
CREATE USER davide WITH PASSWORD 'jw8s0F4';
|
2000-01-14 23:11:38 +01:00
|
|
|
</programlisting>
|
1999-06-14 09:37:05 +02:00
|
|
|
</para>
|
1999-07-06 19:16:42 +02:00
|
|
|
|
1998-09-01 17:53:09 +02:00
|
|
|
<para>
|
2003-04-22 12:08:08 +02:00
|
|
|
Create a user with a password that is valid until the end of 2004.
|
|
|
|
After one second has ticked in 2005, the password is no longer
|
|
|
|
valid.
|
1999-07-06 19:16:42 +02:00
|
|
|
|
2000-01-14 23:11:38 +01:00
|
|
|
<programlisting>
|
2003-04-22 12:08:08 +02:00
|
|
|
CREATE USER miriam WITH PASSWORD 'jw8s0F4' VALID UNTIL '2005-01-01';
|
2000-01-14 23:11:38 +01:00
|
|
|
</programlisting>
|
1998-09-01 17:53:09 +02:00
|
|
|
</para>
|
1999-07-06 19:16:42 +02:00
|
|
|
|
1998-09-01 17:53:09 +02:00
|
|
|
<para>
|
|
|
|
Create an account where the user can create databases:
|
2000-01-14 23:11:38 +01:00
|
|
|
<programlisting>
|
2001-09-14 10:24:29 +02:00
|
|
|
CREATE USER manuel WITH PASSWORD 'jw8s0F4' CREATEDB;
|
2000-01-14 23:11:38 +01:00
|
|
|
</programlisting>
|
1998-09-01 17:53:09 +02:00
|
|
|
</para>
|
1999-06-14 09:37:05 +02:00
|
|
|
</refsect1>
|
1998-09-01 17:53:09 +02:00
|
|
|
|
2002-02-27 22:14:54 +01:00
|
|
|
<refsect1>
|
|
|
|
<title>Compatibility</title>
|
1998-09-01 17:53:09 +02:00
|
|
|
|
2002-02-27 22:14:54 +01:00
|
|
|
<para>
|
|
|
|
The <command>CREATE USER</command> statement is a
|
|
|
|
<productname>PostgreSQL</productname> extension. The SQL standard
|
|
|
|
leaves the definition of users to the implementation.
|
|
|
|
</para>
|
|
|
|
</refsect1>
|
1999-07-22 17:09:15 +02:00
|
|
|
|
2002-02-27 22:14:54 +01:00
|
|
|
<refsect1>
|
|
|
|
<title>See Also</title>
|
|
|
|
|
|
|
|
<simplelist type="inline">
|
|
|
|
<member><xref linkend="sql-alteruser" endterm="sql-alteruser-title"></member>
|
|
|
|
<member><xref linkend="sql-dropuser" endterm="sql-dropuser-title"></member>
|
|
|
|
<member><xref linkend="app-createuser"></member>
|
|
|
|
</simplelist>
|
1998-12-29 03:24:47 +01:00
|
|
|
</refsect1>
|
1999-06-14 09:37:05 +02:00
|
|
|
</refentry>
|
1998-09-01 17:53:09 +02:00
|
|
|
|
|
|
|
<!-- Keep this comment at the end of the file
|
|
|
|
Local variables:
|
|
|
|
mode: sgml
|
1999-06-14 09:37:05 +02:00
|
|
|
sgml-omittag:nil
|
1998-09-01 17:53:09 +02:00
|
|
|
sgml-shorttag:t
|
|
|
|
sgml-minimize-attributes:nil
|
|
|
|
sgml-always-quote-attributes:t
|
|
|
|
sgml-indent-step:1
|
|
|
|
sgml-indent-data:t
|
|
|
|
sgml-parent-document:nil
|
|
|
|
sgml-default-dtd-file:"../reference.ced"
|
|
|
|
sgml-exposed-tags:nil
|
|
|
|
sgml-local-catalogs:"/usr/lib/sgml/catalog"
|
|
|
|
sgml-local-ecat-files:nil
|
|
|
|
End:
|
1998-09-07 17:58:31 +02:00
|
|
|
-->
|