Oracle CREATE USER
Oracle CREATE USER
Oracle CREATE USER
Summary: in this tutorial, you will learn how to use the Oracle CREATE USER statement to create a new user
in the Oracle database.
The CREATE USER statement allows you to create a new database user which you can use to log in to the
Oracle database.
In this syntax:
CREATE USER username
IDENTIFIED BY password
Specify a password for the local user to use to log on to the database. Note that you can create an external or
global user, which is not covered in this tutorial.
DEFAULT TABLESPACE
Specify the tablespace of the objects such as tables and views that the user will create.
If you skip this clause, the user’s objects will be stored in the database default tablespace if available, typically
it is USERS tablespace; or the SYSTEM tablespace in case there is no database default tablespace.
QUOTA
Specify the maximum of space in the tablespace that the user can use. You can have multiple QUOTA clauses,
each for a tablespace.
Use UNLIMITED if you don’t want to restrict the size in the tablespace that user can use.
PROFILE profile
A user profile limits the database resources or password that the user cannot exceed. You can assign a profile
to a newly created user. If you skip this clause, Oracle will assign the DEFAULT profile to the user.
PASSWORD EXPIRE
Use the PASSWORD EXPIRE if you want to force the user to change the password for the first time the user
logs in to the database.
Use ACCOUNT LOCK if you want to lock user and disable access. On the other hand, specify ACCOUNT
UNLOCK to unlock user and enable access.
To execute the CREATE USER statement, you must have the CREATE USER system privilege. Once you
create the new user, the privilege domain of the user will be empty. Therefore, if you want to the user to be
able to login to the database, you should grant the CREATE SESSION system privilege to the user.
Oracle CREATE USER examples
Oracle issues the following output indicating that user john has been created successfully.
To find a list of users with the OPEN status, you query the information from the dba_users:
SELECT
username,
default_tablespace,
profile,
authentication_type
FROM
dba_users
WHERE
account_status = 'OPEN';
As you can see from the output, user john has a default tablespace as USERS, profile as DEFAULT, and log in
to the database using a PASSWORD.
Enter password:<john_password>
ERROR: ORA-01045:
To enable the user john to log in, you need to grant the CREATE SESSION system privilege to the user john
by using the following statement:
Enter password:
Connected to:
2) Using Oracle CREATE USER statement to create a new local user with password expired example
PASSWORD EXPIRE;
Second, verify if the user has been created successfully:
SELECT
username,
default_tablespace,
profile,
authentication_type
FROM
dba_users
WHERE
account_status = 'OPEN';
Third, grant the CREATE SESSION privilege to the user jane so that you can use this user to log in the Oracle
database.
Finally, use the user jane to log in to the database via the SQL*plus program:
ERROR:
Oracle requested for changing the password for jane, you must provide the new password and confirm it before
you can log in:
New password:<new_password>
Password changed
Connected.
SQL>
In this tutorial, you have learned how to use the Oracle CREATE USER statement to create a new user in the
Oracle database.
A role is a group of privileges. Instead of granting individual privileges to users, you can group related
privileges into a role and grant this role to users. Roles help manage privileges more efficiently.
To create a new role, you use the CREATE ROLE statement. The basic syntax of the CREATE
ROLE statement is as follows:
In this syntax:
First, specify the name of the role that you want to create.
Second, use IDENTIFIED BY password option to create a local role and indicate that the user, who was
granted the role, must provide the password to the database when enabling the role.
Third, use NOT IDENTIFIED to indicate that the role is authorized by the database and the user, who was
granted this role, don’t need a password to enable the role.
After a role is created, it is empty. To grant privileges to a role, you use the GRANT statement:
In addition, you can use the GRANT statement to grant privileges of a role to another role:
Second, grant object privileges
on customers, contacts, products, product_categories, warehouses, locations, employees tables to
the mdm role:
Enter password:
To query all roles of the current user, you use the following query:
------
MDM
ON orders
TO order_entry;
ON order_items
TO order_entry;
SET ROLE
mdm;
Finally, use the following statement to get the current roles of alice:
ROLE
-------------
MDM
ORDER_ENTRY
In this tutorial, you have learned how to use the Oracle CREATE ROLE statement to create roles in the
database.