CREATE USER (oracle 12c)
来源:互联网 发布:天津武术培训知乎 编辑:程序博客网 时间:2024/05/16 06:54
CREATE USER
Purpose
Use the CREATE
USER
statement to create and configure a database user, which is an account through which you can log in to the database, and to establish the means by which Oracle Database permits access by the user.
You can issue this statement in an Oracle Automatic Storage Management (Oracle ASM) cluster to add a user and password combination to the password file that is local to the Oracle ASM instance of the current node. Each node's Oracle ASM instance can use this statement to update its own password file. The password file itself must have been created by the ORAPWD
utility.
You can enable a user to connect to the database through a proxy application or application server. For syntax and discussion, refer to ALTER USER.
Prerequisites
You must have the CREATE
USER
system privilege. When you create a user with the CREATE
USER
statement, the user's privilege domain is empty. To log on to Oracle Database, a user must have the CREATE
SESSION
system privilege. Therefore, after creating a user, you should grant the user at least the CREATE
SESSION
system privilege. Refer to GRANT for more information.
Only a user authenticated AS
SYSASM
can issue this command to modify the Oracle ASM instance password file.
To specify the CONTAINER
clause, you must be connected to a multitenant container database (CDB). To specify CONTAINER
=
ALL
, the current container must be the root.
Syntax
create_user::=
Description of the illustration create_user.gif
(size_clause::=)
Semantics
user
Specify the name of the user to be created. This name can contain only characters from your database character set and must follow the rules described in the section "Database Object Naming Rules". Oracle recommends that the user name contain at least one single-byte character regardless of whether the database character set also contains multibyte characters. If you are creating a common user, then the name of the user must begin with C##
or c##
and must only contain characters from the ASCII character repertoire.
Note:
Oracle recommends that user names and passwords be encoded in ASCII or EBCDIC characters only, depending on your platform.See Also:
"Creating a Database User: Example"IDENTIFIED Clause
The IDENTIFIED
clause lets you indicate how Oracle Database authenticates the user.
BY password
The BY
password
clause lets you creates a local user and indicates that the user must specify password
to log on to the database. Passwords are case sensitive. Any subsequent CONNECT
string used to connect this user to the database must specify the password using the same case (upper, lower, or mixed) that is used in this CREATE
USER
statement or a subsequent ALTER
USER
statement. Passwords can contain any single-byte, multibyte, or special characters, or any combination of these, from your database character set, with the exception of the double quotation mark (") and the return character. If a password starts with a non-alphabetic character, or contains a character other than an alphanumeric character, the underscore (_), dollar sign ($), or pound sign (#), then it must be enclosed in double quotation marks. Otherwise, enclosing a password in double quotation marks is optional.
See Also:
Oracle Database Security Guide for more information about case-sensitive passwords, password complexity, and other password guidelinesPasswords must follow the rules described in the section "Database Object Naming Rules", unless you are using one of the three Oracle Database password complexity verification routines. These routines requires a more complex combination of characters than the normal naming rules permit. You implement these routines with the UTLPWDMG.SQL
script, which is further described in Oracle Database Security Guide.
Note:
Oracle recommends that user names and passwords be encoded in ASCII or EBCDIC characters only, depending on your platform.See Also:
Oracle Database Security Guide to for a detailed discussion of password management and protectionEXTERNALLY Clause
Specify EXTERNALLY
to create an external user. Such a user must be authenticated by an external service, such as an operating system or a third-party service. In this case, Oracle Database relies on authentication by the operating system or third-party service to ensure that a specific external user has access to a specific database user.
AS 'certificate_DN' This clause is required for and used for SSL-authenticated external users only. The certificate_DN
is the distinguished name in the user's PKI certificate in the user's wallet. The maximum length of certificate_DN
is 1024 characters.
AS 'kerberos_principal_name' This clause is required for and used for Kerberos-authenticated external users only. The maximum length ofkerberos_principal_name
is 1024 characters.
Caution:
Oracle strongly recommends that you do not useIDENTIFIED
EXTERNALLY
with operating systems that have inherently weak login security.Restriction on Creating External Users The user SYS
cannot be an external user.
See Also:
Oracle Database Enterprise User Security Administrator's Guide for more information on externally identified users
"Creating External Database Users: Examples"
GLOBALLY Clause
The GLOBALLY
clause lets you create a global user. Such a user must be authorized by the enterprise directory service (Oracle Internet Directory).
The directory_DN
string can take one of two forms:
The X.509 name at the enterprise directory service that identifies this user. It should be of the form
CN=
username,other_attributes
, whereother_attributes
is the rest of the user's distinguished name (DN) in the directory. This form creates a private global schema.A null string (' ') indicating that the enterprise directory service will map authenticated global users to this database schema with the appropriate roles. This form is the same as specifying the
GLOBALLY
keyword alone and creates a shared global schema.
The maximum length of directory_DN
is 1024 characters.
You can control the ability of an application server to connect as the specified user and to activate that user's roles using the ALTER
USER
statement.
See Also:
Oracle Database Security Guide for more information on global users
ALTER USER
"Creating a Global Database User: Example"
DEFAULT TABLESPACE Clause
Specify the default tablespace for objects that are created in the user's schema. If you omit this clause, then the user's objects are stored in the database default tablespace. If no default tablespace has been specified for the database, then the user's objects are stored in the SYSTEM
tablespace.
Restriction on Default Tablespaces You cannot specify a locally managed temporary tablespace, including an undo tablespace, or a dictionary-managed temporary tablespace, as a user's default tablespace.
See Also:
CREATE TABLESPACE for more information on tablespaces in general and undo tablespaces in particular
Oracle Database Security Guide for more information on assigning default tablespaces to users
TEMPORARY TABLESPACE Clause
Specify the tablespace or tablespace group for the user's temporary segments. If you omit this clause, then the user's temporary segments are stored in the database default temporary tablespace or, if none has been specified, in the SYSTEM
tablespace.
Specify
tablespace
to indicate the user's temporary tablespace. If you are connected to a CDB, then you can specifyCDB$DEFAULT
to use the CDB-wide default temporary tablespace.Specify
tablespace_group_name
to indicate that the user can save temporary segments in any tablespace in the tablespace group specified bytablespace_group_name
.
Restrictions on Temporary Tablespace This clause is subject to the following restrictions:
The tablespace must be a temporary tablespace and must have a standard block size.
The tablespace cannot be an undo tablespace or a tablespace with automatic segment-space management.
See Also:
Oracle Database Administrator's Guide for information about tablespace groups and Oracle Database Security Guidefor information on assigning temporary tablespaces to users
CREATE TABLESPACE for more information on undo tablespaces and segment management
"Assigning a Tablespace Group: Example"
QUOTA Clause
Use the QUOTA
clause to specify the maximum amount of space the user can allocate in the tablespace.
A CREATE
USER
statement can have multiple QUOTA
clauses for multiple tablespaces.
UNLIMITED
lets the user allocate space in the tablespace without bound.
Restriction on the QUOTA Clause You cannot specify this clause for a temporary tablespace.
See Also:
size_clause for information on that clause and Oracle Database Security Guide for more information on assigning tablespace quotasPROFILE Clause
Specify the profile you want to assign to the user. The profile limits the amount of database resources the user can use. If you omit this clause, then Oracle Database assigns the DEFAULT
profile to the user.
Note:
Oracle recommends that you use the Database Resource Manager rather SQL profiles to establish database resource limits. The Database Resource Manager offers a more flexible means of managing and tracking resource use. For more information on the Database Resource Manager, refer to Oracle Database Administrator's Guide.See Also:
GRANT and CREATE PROFILEPASSWORD EXPIRE Clause
Specify PASSWORD
EXPIRE
if you want the user's password to expire. This setting forces the user or the DBA to change the password before the user can log in to the database.
ACCOUNT Clause
Specify ACCOUNT
LOCK
to lock the user's account and disable access. Specify ACCOUNT
UNLOCK
to unlock the user's account and enable access to the account.
ENABLE EDITIONS
This clause is not reversible. Specify ENABLE
EDITIONS
to allow the user to create multiple versions of editionable objects in this schema using editions. Editionable objects in schemas that are not editions-enabled cannot be editioned.
Restriction on Enabling Editions You cannot enable editions for any schemas supplied by Oracle except for the sample schemas in the seed database.
CONTAINER Clause
To create a local user in a pluggable database (PDB), ensure that the current container is that PDB and specify CONTAINER
=
CURRENT
. To create a common user, ensure that the current container is the root and specify CONTAINER
=
ALL
. The name of the common user must begin with C##
or c##
. If you omit this clause and the current container is a PDB, then CONTAINER
=
CURRENT
is the default. If you omit this clause and the current container is the root, thenCONTAINER
=
ALL
is the default.
While creating a common user, any default tablespace, temporary tablespace, or profile specified using the following clauses must exist in all the containers belonging to the CDB:
DEFAULT
TABLESPACE
TEMPORARY
TABLESPACE
QUOTA
PROFILE
If these objects do not exist in all the containers, the CREATE
USER
statement fails.
Examples
All of the following examples use the example
tablespace, which exists in the seed database and is accessible to the sample schemas.
Creating a Database User: Example If you create a new user with PASSWORD
EXPIRE
, then the user's password must be changed before the user attempts to log in to the database. You can create the user sidney
by issuing the following statement:
CREATE USER sidney IDENTIFIED BY out_standing1 DEFAULT TABLESPACE example QUOTA 10M ON example TEMPORARY TABLESPACE temp QUOTA 5M ON system PROFILE app_user PASSWORD EXPIRE;
The user sidney
has the following characteristics:
The password
out_standing1
Default tablespace
example
, with a quota of 10 megabytesTemporary tablespace
temp
Access to the tablespace
SYSTEM
, with a quota of 5 megabytesLimits on database resources defined by the profile
app_user
(which was created in "Creating a Profile: Example")An expired password, which must be changed before
sidney
can log in to the database
Creating External Database Users: Examples The following example creates an external user, who must be identified by an external source before accessing the database:
CREATE USER app_user1 IDENTIFIED EXTERNALLY DEFAULT TABLESPACE example QUOTA 5M ON example PROFILE app_user;
The user app_user1
has the following additional characteristics:
Default tablespace
example
Default temporary tablespace
example
5M of space on the tablespace
example
and unlimited quota on the temporary tablespace of the databaseLimits on database resources defined by the
app_user
profile
To create another user accessible only by an operating system account, prefix the user name with the value of the initialization parameterOS_AUTHENT_PREFIX
. For example, if this value is "ops$
", then you can create the externally identified user external_user
with the following statement:
CREATE USER ops$external_user IDENTIFIED EXTERNALLY DEFAULT TABLESPACE example QUOTA 5M ON example PROFILE app_user;
Creating a Global Database User: Example The following example creates a global user. When you create a global user, you can specify the X.509 name that identifies this user at the enterprise directory server:
CREATE USER global_user IDENTIFIED GLOBALLY AS 'CN=analyst, OU=division1, O=oracle, C=US' DEFAULT TABLESPACE example QUOTA 5M ON example;
Creating a Common User in a CDB The following example creates a common user called c##comm_user
in a CDB. Before you run this CREATE USER
statement, ensure that the tablespaces example
and temp_tbs
exist in all of the containers in the CDB.
CREATE USER c##comm_user IDENTIFIED BY comm_pwd DEFAULT TABLESPACE example QUOTA 20M ON example TEMPORARY TABLESPACE temp_tbs;
The user comm_user
has the following additional characteristics:
The password
comm_pwd
Default tablespace
example
, with a quota of 20 megabytesTemporary tablespace
temp_tbs
- CREATE USER (oracle 12c)
- Oracle Create TableSpace,User
- ORACLE CREATE USER 命令
- Oracle create user
- oracle-user create
- ORACLE CREATE USER
- ORACLE CREATE USER 命令
- oracle create user and create tablespace
- oracle create tablespaces and create user ---cxl
- Oracle之create tablespace、user
- oracle 12c create database
- Create / Alter Oracle TableSpace / Temporary TableSpace, User...
- oracle 创建create user 及授权grant
- Oracle 创建create user 及授权grant
- 详解oracle用户创建(create user)
- navcat for oracle create namespace user
- oracle中的 create function 权限grant create function to user
- oracle 12c 创建 pdb user
- WindowManager$BadTokenException: Unable to add window permission denied for this window type
- 如何写PHP规范注释
- Transaction关闭不当可能引发WinForm界面无反应的问题
- DDX and DDV
- 星号图d
- CREATE USER (oracle 12c)
- Java和Android中日期时间格式DateFormat
- linux下解压命令大全
- PCI设备读取配置空间
- python学习笔记——Tkinter GUI编程——简介
- ORACLE 11g 升级补丁(Patch)
- 110401 Vito's Family
- VS2010打不开
- 17 Introduction to the Multitenant Architecture