4ceb2d0cb6
* Let unprivileged users change their own passwords. * The password is now an Sconst in the parser, which better reflects its text datatype and also forces users to quote them. * If your password is NULL you won't be written to the password file, meaning you can't connect until you have a password set up (if you use password authentication). * When you drop a user that owns a database you get an error. The database is not gone.
255 lines
6.8 KiB
Plaintext
255 lines
6.8 KiB
Plaintext
<!--
|
|
$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_user.sgml,v 1.13 2000/01/14 22:11:32 petere Exp $
|
|
Postgres documentation
|
|
-->
|
|
|
|
<refentry id="SQL-CREATEUSER">
|
|
<refmeta>
|
|
<refentrytitle id="sql-createuser-title">
|
|
CREATE USER
|
|
</refentrytitle>
|
|
<refmiscinfo>SQL - Language Statements</refmiscinfo>
|
|
</refmeta>
|
|
<refnamediv>
|
|
<refname>
|
|
CREATE USER
|
|
</refname>
|
|
<refpurpose>
|
|
Creates a new database user
|
|
</refpurpose>
|
|
</refnamediv>
|
|
<refsynopsisdiv>
|
|
<refsynopsisdivinfo>
|
|
<date>1999-07-20</date>
|
|
</refsynopsisdivinfo>
|
|
<synopsis>
|
|
CREATE USER <replaceable class="PARAMETER">username</replaceable>
|
|
[ WITH
|
|
[ SYSID <replaceable class="PARAMETER">uid</replaceable> ]
|
|
[ PASSWORD '<replaceable class="PARAMETER">password</replaceable>' ] ]
|
|
[ CREATEDB | NOCREATEDB ] [ CREATEUSER | NOCREATEUSER ]
|
|
[ IN GROUP <replaceable class="PARAMETER">groupname</replaceable> [, ...] ]
|
|
[ VALID UNTIL '<replaceable class="PARAMETER">abstime</replaceable>' ]
|
|
</synopsis>
|
|
|
|
<refsect2 id="R2-SQL-CREATEUSER-1">
|
|
<refsect2info>
|
|
<date>1998-09-21</date>
|
|
</refsect2info>
|
|
<title>
|
|
Inputs
|
|
</title>
|
|
<para>
|
|
|
|
<variablelist>
|
|
<varlistentry>
|
|
<term><replaceable class="parameter">username</replaceable></term>
|
|
<listitem>
|
|
<para>
|
|
The name of the user.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><replaceable class="parameter">uid</replaceable></term>
|
|
<listitem>
|
|
<para>
|
|
The <literal>SYSID</literal> clause can be used to choose
|
|
the <productname>PostgreSQL</productname> user id of the user
|
|
that is being created. It is not at all necessary that those
|
|
match the <acronym>UNIX</acronym> user ids, but some people
|
|
choose to keep the numbers the same.
|
|
</para>
|
|
<para>
|
|
If this is not specified, the highest assigned user id plus one
|
|
will be used as default.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><replaceable class="parameter">password</replaceable></term>
|
|
<listitem>
|
|
<para>
|
|
Sets the user's password. If you do not plan to use password
|
|
authentication you can omit this option, otherwise the user
|
|
won't be able to connect to a password-authenticated server.
|
|
See pg_hba.conf(5) or the administrator's guide for details on
|
|
how to set up authentication mechanisms.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>CREATEDB</term>
|
|
<term>NOCREATEDB</term>
|
|
<listitem>
|
|
<para>
|
|
These clauses define a user's ability to create databases.
|
|
If CREATEDB is specified, the user being defined will
|
|
be allowed to create his own databases. Using NOCREATEDB
|
|
will deny a user the ability to create databases. If this
|
|
clause is omitted, NOCREATEDB is used by default.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>CREATEUSER</term>
|
|
<term>NOCREATEUSER</term>
|
|
<listitem>
|
|
<para>
|
|
These clauses determine whether a user will be permitted to
|
|
create new users himself. This option will also make the user
|
|
a superuser who can override all access restrictions.
|
|
Omitting this clause will set the user's value of this
|
|
attribute to be NOCREATEUSER.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><replaceable class="parameter">groupname</replaceable></term>
|
|
<listitem>
|
|
<para>
|
|
A name of a group into which to insert the user as a new member.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><replaceable class="parameter">abstime</replaceable></term>
|
|
<listitem>
|
|
<para>
|
|
The VALID UNTIL clause sets an absolute time after which the
|
|
user's password is no longer valid.
|
|
If this clause is omitted the login will be valid for all time.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
</para>
|
|
</refsect2>
|
|
|
|
<refsect2 id="R2-SQL-CREATEUSER-2">
|
|
<refsect2info>
|
|
<date>1998-09-21</date>
|
|
</refsect2info>
|
|
<title>
|
|
Outputs
|
|
</title>
|
|
|
|
<para>
|
|
<variablelist>
|
|
<varlistentry>
|
|
<term><computeroutput>CREATE USER</computeroutput></term>
|
|
<listitem>
|
|
<para>
|
|
Message returned if the command completes successfully.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
</para>
|
|
</refsect2>
|
|
</refsynopsisdiv>
|
|
|
|
<refsect1 id="R1-SQL-CREATEUSER-1">
|
|
<refsect1info>
|
|
<date>1998-09-21</date>
|
|
</refsect1info>
|
|
<title>
|
|
Description
|
|
</title>
|
|
<para>
|
|
CREATE USER will add a new user to an instance of
|
|
<productname>PostgreSQL</productname>. Refer to the adminstrator's
|
|
guide for information about managing users and authentication.
|
|
You must be a database superuser to use this command.
|
|
</para>
|
|
<para>
|
|
Use <xref linkend="SQL-ALTERUSER" endterm="SQL-ALTERUSER-title">
|
|
to change a user's password and privileges, and <xref linkend="SQL-DROPUSER"
|
|
endterm="SQL-DROPUSER-title"> to remove a user.
|
|
Use <command>ALTER GROUP</command> to add or remove the user from other groups.
|
|
<productname>PostgreSQL</productname>
|
|
comes with a script <xref linkend="APP-CREATEUSER"
|
|
endterm="APP-CREATEUSER-title">
|
|
which has the same functionality as this command (in fact, it calls this command)
|
|
but can be run from the command shell.
|
|
</para>
|
|
</refsect1>
|
|
<refsect1 id="R1-SQL-CREATEUSER-2">
|
|
<title>
|
|
Usage
|
|
</title>
|
|
<para>
|
|
Create a user with no password:
|
|
<programlisting>
|
|
CREATE USER jonathan
|
|
</programlisting>
|
|
</para>
|
|
|
|
<para>
|
|
Create a user with a password:
|
|
<programlisting>
|
|
CREATE USER davide WITH PASSWORD 'jw8s0F4'
|
|
</programlisting>
|
|
</para>
|
|
|
|
<para>
|
|
Create a user with a password, whose account is valid until the end of 2001.
|
|
Note that after one second has ticked in 2002, the account is not
|
|
valid:
|
|
|
|
<programlisting>
|
|
CREATE USER miriam WITH PASSWORD 'jw8s0F4' VALID UNTIL 'Jan 1 2002'
|
|
</programlisting>
|
|
</para>
|
|
|
|
<para>
|
|
Create an account where the user can create databases:
|
|
<programlisting>
|
|
CREATE USER manuel WITH PASSWORD 'jw8s0F4' CREATEDB
|
|
</programlisting>
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1 id="R1-SQL-CREATEUSER-3">
|
|
<title>
|
|
Compatibility
|
|
</title>
|
|
|
|
<refsect2 id="R2-SQL-CREATEUSER-4">
|
|
<refsect2info>
|
|
<date>1998-09-21</date>
|
|
</refsect2info>
|
|
<title>
|
|
SQL92
|
|
</title>
|
|
|
|
<para>
|
|
There is no <command>CREATE USER</command> statement in SQL92.
|
|
</para>
|
|
</refsect2>
|
|
</refsect1>
|
|
</refentry>
|
|
|
|
<!-- Keep this comment at the end of the file
|
|
Local variables:
|
|
mode: sgml
|
|
sgml-omittag:nil
|
|
sgml-shorttag:t
|
|
sgml-minimize-attributes:nil
|
|
sgml-always-quote-attributes:t
|
|
sgml-indent-step:1
|
|
sgml-indent-data:t
|
|
sgml-parent-document:nil
|
|
sgml-default-dtd-file:"../reference.ced"
|
|
sgml-exposed-tags:nil
|
|
sgml-local-catalogs:"/usr/lib/sgml/catalog"
|
|
sgml-local-ecat-files:nil
|
|
End:
|
|
-->
|