Oracle CREATE USER

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 9

Oracle CREATE USER

Summary: in this tutorial, you will learn how to use the Oracle CREATE USER statement to create a new user
in the Oracle database.

Introduction to Oracle CREATE USER statement

The CREATE USER statement allows you to create a new database user which you can use to log in to the
Oracle database.

The basic syntax of the CREATE USER statement is as follows:

CREATE USER username


IDENTIFIED BY password
[DEFAULT TABLESPACE tablespace]
[QUOTA {size | UNLIMITED} ON tablespace]
[PROFILE profile]
[PASSWORD EXPIRE]
[ACCOUNT {LOCK | UNLOCK}];

In this syntax:

 CREATE USER username

Specify the name of the user to be created.

 IDENTIFIED BY password

Specify a password for the local user to use to log on to the database. Note that you can create an external or
global user, which is not covered in this tutorial.

 DEFAULT TABLESPACE

Specify the tablespace of the objects such as tables and views that the user will create.

If you skip this clause, the user’s objects will be stored in the database default tablespace if available, typically
it is USERS tablespace; or the SYSTEM tablespace in case there is no database default tablespace.

 QUOTA

Specify the maximum of space in the tablespace that the user can use. You can have multiple QUOTA clauses,
each for a tablespace.

Use UNLIMITED if you don’t want to restrict the size in the tablespace that user can use.

 PROFILE profile

A user profile limits the database resources or password that the user cannot exceed. You can assign a profile
to a newly created user. If you skip this clause, Oracle will assign the DEFAULT profile to the user.

 PASSWORD EXPIRE
Use the PASSWORD EXPIRE if you want to force the user to change the password for the first time the user
logs in to the database.

 ACCOUNT {LOCK | UNLOCK}

Use ACCOUNT LOCK if you want to lock user and disable access. On the other hand, specify ACCOUNT
UNLOCK to unlock user and enable access.

To execute the CREATE USER statement, you must have the CREATE USER system privilege. Once you
create the new user, the privilege domain of the user will be empty. Therefore, if you want to the user to be
able to login to the database, you should grant the CREATE SESSION system privilege to the user.

Oracle CREATE USER examples

Let’s practice with the CREATE USER statement.

1. Using Oracle CREATE USER statement to create a new local user example


This example uses the CREATE USER statement to create a new local user named john with the
password abcd1234:

CREATE USER john IDENTIFIED BY abcd1234;

Oracle issues the following output indicating that user john has been created successfully.

User JOHN created.

To find a list of users with the OPEN status, you query the information from the dba_users:

SELECT

username,

default_tablespace,

profile,

authentication_type

FROM

dba_users

WHERE

account_status = 'OPEN';
As you can see from the output, user john has a default tablespace as USERS, profile as DEFAULT, and log in
to the database using a PASSWORD.

Let’s use the john account to log in the database.

Launch the SQL*Plus program and enter the following information:

Enter user-name: john@pdborcl

Enter password:<john_password>

Oracle issued the following error:

ERROR: ORA-01045:

user JOHN lacks CREATE SESSION privilege; logon denied

To enable the user john to log in, you need to grant the CREATE SESSION system privilege to the user john 
by using the following statement:

GRANT CREATE SESSION TO john;

Now, the user john should be able to log in the database.

Enter user-name: john@pdborcl

Enter password:

Connected to:

Oracle Database 12c Enterprise Edition Release 12.2.0.1.0 - 64bit Production

2) Using Oracle CREATE USER statement to create a new local user with password expired example

First, use the CREATE USER statement to create a new user jane:

CREATE USER jane IDENTIFIED BY abcd1234

PASSWORD EXPIRE;
Second, verify if the user has been created successfully:

SELECT
username,
default_tablespace,
profile,
authentication_type
FROM
dba_users
WHERE
account_status = 'OPEN';

Third, grant the CREATE SESSION privilege to the user jane so that you can use this user to log in the Oracle
database.

GRANT CREATE SESSION TO jane;

Finally, use the user jane to log in to the database via the SQL*plus program:

SQL> connect jane@orclpdb/abcd1234

ERROR:

ORA-28001: the password has expired

Oracle requested for changing the password for jane, you must provide the new password and confirm it before
you can log in:

Changing password for jane

New password:<new_password>

Retype new password:<new_password>

Password changed
Connected.

SQL>

In this tutorial, you have learned how to use the Oracle CREATE USER statement to create a new user in the
Oracle database.

Oracle CREATE ROLE


Summary: in this tutorial, you will learn how to use the Oracle CREATE ROLE statement to create roles in the
Oracle Database.

Introduction to Oracle CREATE ROLE statement

A role is a group of privileges. Instead of granting individual privileges to users, you can group related
privileges into a role and grant this role to users. Roles help manage privileges more efficiently.

To create a new role, you use the CREATE ROLE statement. The basic syntax of the CREATE
ROLE statement is as follows:

CREATE ROLE role_name


[IDENTIFIED BY password]
[NOT IDENTIFIED]

In this syntax:

First, specify the name of the role that you want to create.

Second, use IDENTIFIED BY password option to create a local role and indicate that the user, who was
granted the role, must provide the password to the database when enabling the role.

Third, use NOT IDENTIFIED to indicate that the role is authorized by the database and the user, who was
granted this role, don’t need a password to enable the role.

After a role is created, it is empty. To grant privileges to a role, you use the GRANT statement:

GRANT {system_privileges | object_privileges} TO role_name;

In addition, you can use the GRANT statement to grant privileges of a role to another role:

GRANT role_name TO another_role_name;

Oracle CREATE ROLE statement examples

Let’s take some examples of using the CREATE ROLE statement.

1) Using Oracle CREATE ROLE without a password example

First, create a new role named mdm (master data management) in the sample database:


CREATE ROLES mdm;

Second, grant object privileges
on customers, contacts, products, product_categories, warehouses, locations, employees tables to
the mdm role:

GRANT SELECT, INSERT, UPDATE, DELETE


ON customers
TO mdm;

GRANT SELECT, INSERT, UPDATE, DELETE


ON contacts
TO mdm;

GRANT SELECT, INSERT, UPDATE, DELETE


ON products
TO mdm;

GRANT SELECT, INSERT, UPDATE, DELETE


ON product_categories
TO mdm;

GRANT SELECT, INSERT, UPDATE, DELETE


ON warehouses
TO mdm;

GRANT SELECT, INSERT, UPDATE, DELETE


ON locations
TO mdm;

GRANT SELECT, INSERT, UPDATE, DELETE


ON employees
TO mdm;

Third, create a new user named alice and grant the CREATE SESSION privilege to alice:

CREATE USER alice IDENTIFIED BY abcd1234;

GRANT CREATE SESSION TO alice;

Fourth, log in to the database as alice:

Enter user-name: alice@pdborcl

Enter password:

and attempt to query data from the ot.employees table:

SELECT * FROM ot.employees;

Oracle issued the following error:

ORA-00942: table or view does not exist

Go back to the first session and grant alice the mdm role:

GRANT mdm TO alice;

Go to the alice’s session and enable role using the SET ROLE statement:

SET ROLE mdm;

To query all roles of the current user, you use the following query:

SELECT * FROM session_roles;

Here is the role of alice:


ROLE

------

MDM

Now, alice can manipulate data in the master data tables such as customers and employees.

2) Using Oracle CREATE ROLE to create a role with IDENTIFIED BY password example

First, create a new role named order_entry with the password xyz123:

CREATE ROLE order_entry IDENTIFIED BY xyz123;

Next, grant object privileges on the orders and order_items tables to the order_entry role:

GRANT SELECT, INSERT, UPDATE, DELETE

ON orders

TO order_entry;

GRANT SELECT, INSERT, UPDATE, DELETE

ON order_items

TO order_entry;

Then, grant the order_entry role to the user alice:

GRANT order_entry TO alice;

After that, log in as alice and enable the order_entry role by using the SET ROLE statement:

SET ROLE

order_entry IDENTIFIED BY xyz123,

mdm;

Finally, use the following statement to get the current roles of alice:

SELECT * FROM session_roles;


Here are the current roles of alice:

ROLE

-------------

MDM

ORDER_ENTRY

In this tutorial, you have learned how to use the Oracle CREATE ROLE statement to create roles in the
database.

You might also like