2 $PostgreSQL: pgsql/doc/src/sgml/ref/create_user.sgml,v 1.34 2005/01/04 00:39:53 tgl Exp $
3 PostgreSQL documentation
6 <refentry id="SQL-CREATEUSER">
8 <refentrytitle id="sql-createuser-title">CREATE USER</refentrytitle>
9 <refmiscinfo>SQL - Language Statements</refmiscinfo>
13 <refname>CREATE USER</refname>
14 <refpurpose>define a new database user account</refpurpose>
17 <indexterm zone="sql-createuser">
18 <primary>CREATE USER</primary>
23 CREATE USER <replaceable class="PARAMETER">name</replaceable> [ [ WITH ] <replaceable class="PARAMETER">option</replaceable> [ ... ] ]
25 where <replaceable class="PARAMETER">option</replaceable> can be:
27 SYSID <replaceable class="PARAMETER">uid</replaceable>
28 | CREATEDB | NOCREATEDB
29 | CREATEUSER | NOCREATEUSER
30 | IN GROUP <replaceable class="PARAMETER">groupname</replaceable> [, ...]
31 | [ ENCRYPTED | UNENCRYPTED ] PASSWORD '<replaceable class="PARAMETER">password</replaceable>'
32 | VALID UNTIL '<replaceable class="PARAMETER">abstime</replaceable>'
37 <title>Description</title>
40 <command>CREATE USER</command> adds a new user to a
41 <productname>PostgreSQL</productname> database cluster. Refer to
42 <xref linkend="user-manag"> and <xref
43 linkend="client-authentication"> for information about managing
44 users and authentication. You must be a database superuser to use
50 <title>Parameters</title>
54 <term><replaceable class="parameter">name</replaceable></term>
57 The name of the new user.
63 <term><replaceable class="parameter">uid</replaceable></term>
66 The <literal>SYSID</literal> clause can be used to choose the
67 <productname>PostgreSQL</productname> user ID of the new user.
68 This is normally not necessary, but may
69 be useful if you need to recreate the owner of an orphaned
73 If this is not specified, the highest assigned user ID plus one
74 (with a minimum of 100) will be used as default.
80 <term><literal>CREATEDB</></term>
81 <term><literal>NOCREATEDB</></term>
84 These clauses define a user's ability to create databases. If
85 <literal>CREATEDB</literal> is specified, the user being
86 defined will be allowed to create his own databases. Using
87 <literal>NOCREATEDB</literal> will deny a user the ability to
88 create databases. If not specified,
89 <literal>NOCREATEDB</literal> is the default.
95 <term><literal>CREATEUSER</literal></term>
96 <term><literal>NOCREATEUSER</literal></term>
99 These clauses determine whether a user will be permitted to
100 create new users himself. <literal>CREATEUSER</literal> will also make
101 the user a superuser, who can override all access restrictions.
103 <literal>NOCREATEUSER</literal> is the default.
109 <term><replaceable class="parameter">groupname</replaceable></term>
112 A name of an existing group into which to insert the user as a new
113 member. Multiple group names may be listed.
119 <term><replaceable class="parameter">password</replaceable></term>
122 Sets the user's password. If you do not plan to use password
123 authentication you can omit this option, but then the user
124 won't be able to connect if you decide to switch to password
125 authentication. The password can be set or changed later,
126 using <xref linkend="SQL-ALTERUSER"
127 endterm="SQL-ALTERUSER-title">.
133 <term><literal>ENCRYPTED</></term>
134 <term><literal>UNENCRYPTED</></term>
137 These key words control whether the password is stored
138 encrypted in the system catalogs. (If neither is specified,
139 the default behavior is determined by the configuration
140 parameter <xref linkend="guc-password-encryption">.) If the
141 presented password string is already in MD5-encrypted format,
142 then it is stored encrypted as-is, regardless of whether
143 <literal>ENCRYPTED</> or <literal>UNENCRYPTED</> is specified
144 (since the system cannot decrypt the specified encrypted
145 password string). This allows reloading of encrypted
146 passwords during dump/restore.
150 Note that older clients may lack support for the MD5
151 authentication mechanism that is needed to work with passwords
152 that are stored encrypted.
158 <term><replaceable class="parameter">abstime</replaceable></term>
161 The <literal>VALID UNTIL</literal> clause sets an absolute
162 time after which the user's password is no longer valid. If
163 this clause is omitted the password will be valid for all time.
174 Use <xref linkend="SQL-ALTERUSER" endterm="SQL-ALTERUSER-title"> to
175 change the attributes of a user, and <xref linkend="SQL-DROPUSER"
176 endterm="SQL-DROPUSER-title"> to remove a user. Use <xref
177 linkend="SQL-ALTERGROUP" endterm="SQL-ALTERGROUP-title"> to add the
178 user to groups or remove the user from groups.
182 <productname>PostgreSQL</productname> includes a program <xref
183 linkend="APP-CREATEUSER" endterm="APP-CREATEUSER-title"> that has
184 the same functionality as <command>CREATE USER</command> (in fact, it calls this
185 command) but can be run from the command shell.
189 The <literal>VALID UNTIL</> clause defines an expiration time for a
190 password only, not for the user account <foreignphrase>per se</>. In
191 particular, the expiration time is not enforced when logging in using
192 a non-password-based authentication method.
197 <title>Examples</title>
200 Create a user with no password:
202 CREATE USER jonathan;
207 Create a user with a password:
209 CREATE USER davide WITH PASSWORD 'jw8s0F4';
214 Create a user with a password that is valid until the end of 2004.
215 After one second has ticked in 2005, the password is no longer
219 CREATE USER miriam WITH PASSWORD 'jw8s0F4' VALID UNTIL '2005-01-01';
224 Create an account where the user can create databases:
226 CREATE USER manuel WITH PASSWORD 'jw8s0F4' CREATEDB;
232 <title>Compatibility</title>
235 The <command>CREATE USER</command> statement is a
236 <productname>PostgreSQL</productname> extension. The SQL standard
237 leaves the definition of users to the implementation.
242 <title>See Also</title>
244 <simplelist type="inline">
245 <member><xref linkend="sql-alteruser" endterm="sql-alteruser-title"></member>
246 <member><xref linkend="sql-dropuser" endterm="sql-dropuser-title"></member>
247 <member><xref linkend="app-createuser"></member>
252 <!-- Keep this comment at the end of the file
257 sgml-minimize-attributes:nil
258 sgml-always-quote-attributes:t
261 sgml-parent-document:nil
262 sgml-default-dtd-file:"../reference.ced"
263 sgml-exposed-tags:nil
264 sgml-local-catalogs:"/usr/lib/sgml/catalog"
265 sgml-local-ecat-files:nil