1999-07-22 17:09:15 +02:00
|
|
|
<!--
|
2001-12-08 04:24:40 +01:00
|
|
|
$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_user.sgml,v 1.22 2001/12/08 03:24:35 thomas Exp $
|
|
|
|
PostgreSQL documentation
|
1999-07-22 17:09:15 +02:00
|
|
|
-->
|
|
|
|
|
1999-06-14 09:37:05 +02:00
|
|
|
<refentry id="SQL-CREATEUSER">
|
|
|
|
<refmeta>
|
1999-12-04 05:53:22 +01:00
|
|
|
<refentrytitle id="sql-createuser-title">
|
1998-09-01 17:53:09 +02:00
|
|
|
CREATE USER
|
1999-06-14 09:37:05 +02:00
|
|
|
</refentrytitle>
|
|
|
|
<refmiscinfo>SQL - Language Statements</refmiscinfo>
|
|
|
|
</refmeta>
|
|
|
|
<refnamediv>
|
|
|
|
<refname>
|
1998-09-01 17:53:09 +02:00
|
|
|
CREATE USER
|
1999-06-14 09:37:05 +02:00
|
|
|
</refname>
|
|
|
|
<refpurpose>
|
2001-09-03 14:57:50 +02:00
|
|
|
define a new database user account
|
1999-06-14 09:37:05 +02:00
|
|
|
</refpurpose>
|
1998-12-29 03:24:47 +01:00
|
|
|
</refnamediv>
|
1999-06-14 09:37:05 +02:00
|
|
|
<refsynopsisdiv>
|
|
|
|
<refsynopsisdivinfo>
|
2001-07-11 00:09:29 +02:00
|
|
|
<date>2001-07-10</date>
|
1999-06-14 09:37:05 +02:00
|
|
|
</refsynopsisdivinfo>
|
|
|
|
<synopsis>
|
2001-07-11 00:09:29 +02:00
|
|
|
CREATE USER <replaceable class="PARAMETER">username</replaceable> [ [ WITH ] <replaceable class="PARAMETER">option</replaceable> [ ... ] ]
|
|
|
|
|
|
|
|
where <replaceable class="PARAMETER">option</replaceable> can be:
|
|
|
|
|
|
|
|
SYSID <replaceable class="PARAMETER">uid</replaceable>
|
2001-08-15 20:42:16 +02:00
|
|
|
| [ ENCRYPTED | UNENCRYPTED ] PASSWORD '<replaceable class="PARAMETER">password</replaceable>'
|
2001-07-11 00:09:29 +02:00
|
|
|
| CREATEDB | NOCREATEDB
|
|
|
|
| CREATEUSER | NOCREATEUSER
|
|
|
|
| IN GROUP <replaceable class="PARAMETER">groupname</replaceable> [, ...]
|
|
|
|
| VALID UNTIL '<replaceable class="PARAMETER">abstime</replaceable>'
|
1999-06-14 09:37:05 +02:00
|
|
|
</synopsis>
|
1998-09-01 17:53:09 +02:00
|
|
|
|
1999-06-14 09:37:05 +02:00
|
|
|
<refsect2 id="R2-SQL-CREATEUSER-1">
|
|
|
|
<refsect2info>
|
|
|
|
<date>1998-09-21</date>
|
|
|
|
</refsect2info>
|
|
|
|
<title>
|
1998-09-01 17:53:09 +02:00
|
|
|
Inputs
|
1999-06-14 09:37:05 +02:00
|
|
|
</title>
|
|
|
|
<para>
|
1999-07-22 17:09:15 +02:00
|
|
|
|
1999-06-14 09:37:05 +02:00
|
|
|
<variablelist>
|
|
|
|
<varlistentry>
|
1999-07-06 19:16:42 +02:00
|
|
|
<term><replaceable class="parameter">username</replaceable></term>
|
1999-06-14 09:37:05 +02:00
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
The name of the user.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
1999-11-30 04:57:29 +01:00
|
|
|
<varlistentry>
|
|
|
|
<term><replaceable class="parameter">uid</replaceable></term>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
The <literal>SYSID</literal> clause can be used to choose
|
2001-12-08 04:24:40 +01:00
|
|
|
the <productname>PostgreSQL</productname> user id of the user
|
1999-11-30 04:57:29 +01:00
|
|
|
that is being created. It is not at all necessary that those
|
|
|
|
match the <acronym>UNIX</acronym> user ids, but some people
|
|
|
|
choose to keep the numbers the same.
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
If this is not specified, the highest assigned user id plus one
|
2001-09-21 22:31:49 +02:00
|
|
|
(with a minimum of 100) will be used as default.
|
1999-11-30 04:57:29 +01:00
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
1999-06-14 09:37:05 +02:00
|
|
|
<varlistentry>
|
2001-09-21 22:31:49 +02:00
|
|
|
<term><replaceable class="parameter">password</replaceable></term>
|
1999-06-14 09:37:05 +02:00
|
|
|
<listitem>
|
|
|
|
<para>
|
2000-01-14 23:11:38 +01:00
|
|
|
Sets the user's password. If you do not plan to use password
|
2001-09-21 22:31:49 +02:00
|
|
|
authentication you can omit this option, but the user
|
2000-01-14 23:11:38 +01:00
|
|
|
won't be able to connect to a password-authenticated server.
|
2001-09-21 22:31:49 +02:00
|
|
|
The password can be set or changed later, using
|
|
|
|
<xref linkend="SQL-ALTERUSER" endterm="SQL-ALTERUSER-title">.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>ENCRYPTED</term>
|
|
|
|
<term>UNENCRYPTED</term>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
These keywords control whether the
|
|
|
|
password is stored encrypted in <literal>pg_shadow</>. (If neither
|
|
|
|
is specified, the default behavior is determined by the
|
|
|
|
<varname>PASSWORD_ENCRYPTION</varname> server parameter.)
|
|
|
|
If the presented string is already in MD5-encrypted format,
|
|
|
|
then it is stored as-is, regardless of whether
|
|
|
|
ENCRYPTED or UNENCRYPTED
|
|
|
|
is specified. This allows reloading of encrypted passwords
|
|
|
|
during dump/restore.
|
2001-08-15 20:42:16 +02:00
|
|
|
</para>
|
|
|
|
<para>
|
2000-07-14 17:27:14 +02:00
|
|
|
See the chapter on client authentication in the
|
|
|
|
<citetitle>Administrator's Guide</citetitle> for details on
|
2001-09-21 22:31:49 +02:00
|
|
|
how to set up authentication mechanisms. Note that older clients
|
|
|
|
may lack support for the MD5 authentication mechanism that's needed
|
|
|
|
to work with passwords that are stored encrypted.
|
1999-06-14 09:37:05 +02:00
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
1999-07-06 19:16:42 +02:00
|
|
|
<term>CREATEDB</term>
|
|
|
|
<term>NOCREATEDB</term>
|
1999-06-14 09:37:05 +02:00
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
These clauses define a user's ability to create databases.
|
|
|
|
If CREATEDB is specified, the user being defined will
|
|
|
|
be allowed to create his own databases. Using NOCREATEDB
|
|
|
|
will deny a user the ability to create databases. If this
|
|
|
|
clause is omitted, NOCREATEDB is used by default.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
1999-07-06 19:16:42 +02:00
|
|
|
<term>CREATEUSER</term>
|
|
|
|
<term>NOCREATEUSER</term>
|
1999-06-14 09:37:05 +02:00
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
These clauses determine whether a user will be permitted to
|
2000-01-14 23:11:38 +01:00
|
|
|
create new users himself. This option will also make the user
|
|
|
|
a superuser who can override all access restrictions.
|
1999-06-14 09:37:05 +02:00
|
|
|
Omitting this clause will set the user's value of this
|
|
|
|
attribute to be NOCREATEUSER.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
1999-07-06 19:16:42 +02:00
|
|
|
<term><replaceable class="parameter">groupname</replaceable></term>
|
1999-06-14 09:37:05 +02:00
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
A name of a group into which to insert the user as a new member.
|
2001-07-11 00:09:29 +02:00
|
|
|
Multiple group names may be listed.
|
1999-06-14 09:37:05 +02:00
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
1999-07-06 19:16:42 +02:00
|
|
|
<term><replaceable class="parameter">abstime</replaceable></term>
|
1999-06-14 09:37:05 +02:00
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
The VALID UNTIL clause sets an absolute time after which the
|
2000-01-14 23:11:38 +01:00
|
|
|
user's password is no longer valid.
|
|
|
|
If this clause is omitted the login will be valid for all time.
|
1999-06-14 09:37:05 +02:00
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
1998-12-29 03:24:47 +01:00
|
|
|
</variablelist>
|
|
|
|
</para>
|
1999-06-14 09:37:05 +02:00
|
|
|
</refsect2>
|
1998-09-01 17:53:09 +02:00
|
|
|
|
1999-06-14 09:37:05 +02:00
|
|
|
<refsect2 id="R2-SQL-CREATEUSER-2">
|
|
|
|
<refsect2info>
|
|
|
|
<date>1998-09-21</date>
|
|
|
|
</refsect2info>
|
|
|
|
<title>
|
1998-09-01 17:53:09 +02:00
|
|
|
Outputs
|
1999-06-14 09:37:05 +02:00
|
|
|
</title>
|
|
|
|
|
|
|
|
<para>
|
|
|
|
<variablelist>
|
|
|
|
<varlistentry>
|
2000-01-14 23:11:38 +01:00
|
|
|
<term><computeroutput>CREATE USER</computeroutput></term>
|
1999-06-14 09:37:05 +02:00
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Message returned if the command completes successfully.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
</variablelist>
|
|
|
|
</para>
|
|
|
|
</refsect2>
|
|
|
|
</refsynopsisdiv>
|
1999-07-06 19:16:42 +02:00
|
|
|
|
1999-06-14 09:37:05 +02:00
|
|
|
<refsect1 id="R1-SQL-CREATEUSER-1">
|
|
|
|
<refsect1info>
|
|
|
|
<date>1998-09-21</date>
|
|
|
|
</refsect1info>
|
|
|
|
<title>
|
1998-09-01 17:53:09 +02:00
|
|
|
Description
|
1999-06-14 09:37:05 +02:00
|
|
|
</title>
|
|
|
|
<para>
|
2001-07-11 00:09:29 +02:00
|
|
|
<command>CREATE USER</command> will add a new user to an instance of
|
2001-12-08 04:24:40 +01:00
|
|
|
<productname>PostgreSQL</productname>. Refer to the administrator's
|
2000-01-14 23:11:38 +01:00
|
|
|
guide for information about managing users and authentication.
|
|
|
|
You must be a database superuser to use this command.
|
1999-06-14 09:37:05 +02:00
|
|
|
</para>
|
2000-01-14 23:11:38 +01:00
|
|
|
<para>
|
|
|
|
Use <xref linkend="SQL-ALTERUSER" endterm="SQL-ALTERUSER-title">
|
|
|
|
to change a user's password and privileges, and <xref linkend="SQL-DROPUSER"
|
|
|
|
endterm="SQL-DROPUSER-title"> to remove a user.
|
2001-07-11 00:09:29 +02:00
|
|
|
Use <xref linkend="SQL-ALTERGROUP" endterm="SQL-ALTERGROUP-title">
|
|
|
|
to add or remove the user from other groups.
|
2001-12-08 04:24:40 +01:00
|
|
|
<productname>PostgreSQL</productname>
|
2000-01-14 23:11:38 +01:00
|
|
|
comes with a script <xref linkend="APP-CREATEUSER"
|
|
|
|
endterm="APP-CREATEUSER-title">
|
|
|
|
which has the same functionality as this command (in fact, it calls this command)
|
|
|
|
but can be run from the command shell.
|
|
|
|
</para>
|
|
|
|
</refsect1>
|
1999-06-14 09:37:05 +02:00
|
|
|
<refsect1 id="R1-SQL-CREATEUSER-2">
|
|
|
|
<title>
|
1998-09-01 17:53:09 +02:00
|
|
|
Usage
|
1999-06-14 09:37:05 +02:00
|
|
|
</title>
|
|
|
|
<para>
|
1998-09-01 17:53:09 +02:00
|
|
|
Create a user with no password:
|
2000-01-14 23:11:38 +01:00
|
|
|
<programlisting>
|
1999-07-06 19:16:42 +02:00
|
|
|
CREATE USER jonathan
|
2000-01-14 23:11:38 +01:00
|
|
|
</programlisting>
|
1999-06-14 09:37:05 +02:00
|
|
|
</para>
|
1999-07-06 19:16:42 +02:00
|
|
|
|
1999-06-14 09:37:05 +02:00
|
|
|
<para>
|
1998-09-01 17:53:09 +02:00
|
|
|
Create a user with a password:
|
2000-01-14 23:11:38 +01:00
|
|
|
<programlisting>
|
2001-09-14 10:24:29 +02:00
|
|
|
CREATE USER davide WITH PASSWORD 'jw8s0F4';
|
2000-01-14 23:11:38 +01:00
|
|
|
</programlisting>
|
1999-06-14 09:37:05 +02:00
|
|
|
</para>
|
1999-07-06 19:16:42 +02:00
|
|
|
|
1998-09-01 17:53:09 +02:00
|
|
|
<para>
|
|
|
|
Create a user with a password, whose account is valid until the end of 2001.
|
|
|
|
Note that after one second has ticked in 2002, the account is not
|
|
|
|
valid:
|
1999-07-06 19:16:42 +02:00
|
|
|
|
2000-01-14 23:11:38 +01:00
|
|
|
<programlisting>
|
2001-09-14 10:24:29 +02:00
|
|
|
CREATE USER miriam WITH PASSWORD 'jw8s0F4' VALID UNTIL 'Jan 1 2002';
|
2000-01-14 23:11:38 +01:00
|
|
|
</programlisting>
|
1998-09-01 17:53:09 +02:00
|
|
|
</para>
|
1999-07-06 19:16:42 +02:00
|
|
|
|
1998-09-01 17:53:09 +02:00
|
|
|
<para>
|
|
|
|
Create an account where the user can create databases:
|
2000-01-14 23:11:38 +01:00
|
|
|
<programlisting>
|
2001-09-14 10:24:29 +02:00
|
|
|
CREATE USER manuel WITH PASSWORD 'jw8s0F4' CREATEDB;
|
2000-01-14 23:11:38 +01:00
|
|
|
</programlisting>
|
1998-09-01 17:53:09 +02:00
|
|
|
</para>
|
1999-06-14 09:37:05 +02:00
|
|
|
</refsect1>
|
1998-09-01 17:53:09 +02:00
|
|
|
|
1999-06-14 09:37:05 +02:00
|
|
|
<refsect1 id="R1-SQL-CREATEUSER-3">
|
|
|
|
<title>
|
1998-09-01 17:53:09 +02:00
|
|
|
Compatibility
|
1999-06-14 09:37:05 +02:00
|
|
|
</title>
|
1998-09-01 17:53:09 +02:00
|
|
|
|
1999-06-14 09:37:05 +02:00
|
|
|
<refsect2 id="R2-SQL-CREATEUSER-4">
|
|
|
|
<refsect2info>
|
|
|
|
<date>1998-09-21</date>
|
|
|
|
</refsect2info>
|
|
|
|
<title>
|
1998-09-01 17:53:09 +02:00
|
|
|
SQL92
|
1999-06-14 09:37:05 +02:00
|
|
|
</title>
|
1999-07-22 17:09:15 +02:00
|
|
|
|
1999-06-14 09:37:05 +02:00
|
|
|
<para>
|
1999-07-06 19:16:42 +02:00
|
|
|
There is no <command>CREATE USER</command> statement in SQL92.
|
1999-06-14 09:37:05 +02:00
|
|
|
</para>
|
1998-12-29 03:24:47 +01:00
|
|
|
</refsect2>
|
|
|
|
</refsect1>
|
1999-06-14 09:37:05 +02:00
|
|
|
</refentry>
|
1998-09-01 17:53:09 +02:00
|
|
|
|
|
|
|
<!-- Keep this comment at the end of the file
|
|
|
|
Local variables:
|
|
|
|
mode: sgml
|
1999-06-14 09:37:05 +02:00
|
|
|
sgml-omittag:nil
|
1998-09-01 17:53:09 +02:00
|
|
|
sgml-shorttag:t
|
|
|
|
sgml-minimize-attributes:nil
|
|
|
|
sgml-always-quote-attributes:t
|
|
|
|
sgml-indent-step:1
|
|
|
|
sgml-indent-data:t
|
|
|
|
sgml-parent-document:nil
|
|
|
|
sgml-default-dtd-file:"../reference.ced"
|
|
|
|
sgml-exposed-tags:nil
|
|
|
|
sgml-local-catalogs:"/usr/lib/sgml/catalog"
|
|
|
|
sgml-local-ecat-files:nil
|
|
|
|
End:
|
1998-09-07 17:58:31 +02:00
|
|
|
-->
|