- •Contents
- •Send Us Your Comments
- •Preface
- •What’s New in SQL Reference?
- •1 Introduction to Oracle SQL
- •History of SQL
- •SQL Standards
- •Embedded SQL
- •Lexical Conventions
- •Tools Support
- •2 Basic Elements of Oracle SQL
- •Datatypes
- •Oracle Built-in Datatypes
- •ANSI, DB2, and SQL/DS Datatypes
- •Oracle-Supplied Types
- •"Any" Types
- •XML Types
- •Spatial Type
- •Media Types
- •Datatype Comparison Rules
- •Data Conversion
- •Literals
- •Text Literals
- •Integer Literals
- •Number Literals
- •Interval Literals
- •Format Models
- •Number Format Models
- •Date Format Models
- •String-to-Date Conversion Rules
- •XML Format Model
- •Nulls
- •Nulls in SQL Functions
- •Nulls with Comparison Conditions
- •Nulls in Conditions
- •Pseudocolumns
- •CURRVAL and NEXTVAL
- •LEVEL
- •ROWID
- •ROWNUM
- •XMLDATA
- •Comments
- •Comments Within SQL Statements
- •Comments on Schema Objects
- •Hints
- •Database Objects
- •Schema Objects
- •Nonschema Objects
- •Parts of Schema Objects
- •Schema Object Names and Qualifiers
- •Schema Object Naming Rules
- •Schema Object Naming Examples
- •Schema Object Naming Guidelines
- •Syntax for Schema Objects and Parts in SQL Statements
- •How Oracle Resolves Schema Object References
- •Referring to Objects in Other Schemas
- •Referring to Objects in Remote Databases
- •Referencing Object Type Attributes and Methods
- •3 Operators
- •About SQL Operators
- •Unary and Binary Operators
- •Operator Precedence
- •Arithmetic Operators
- •Concatenation Operator
- •Set Operators
- •4 Expressions
- •About SQL Expressions
- •Simple Expressions
- •Compound Expressions
- •CASE Expressions
- •CURSOR Expressions
- •Datetime Expressions
- •Function Expressions
- •INTERVAL Expressions
- •Object Access Expressions
- •Scalar Subquery Expressions
- •Type Constructor Expressions
- •Variable Expressions
- •Expression Lists
- •5 Conditions
- •About SQL Conditions
- •Condition Precedence
- •Comparison Conditions
- •Simple Comparison Conditions
- •Group Comparison Conditions
- •Logical Conditions
- •Membership Conditions
- •Range Conditions
- •Null Conditions
- •EQUALS_PATH
- •EXISTS Conditions
- •LIKE Conditions
- •IS OF type Conditions
- •UNDER_PATH
- •Compound Conditions
- •6 Functions
- •SQL Functions
- •Single-Row Functions
- •Aggregate Functions
- •Analytic Functions
- •Object Reference Functions
- •Alphabetical Listing of SQL Functions
- •ACOS
- •ADD_MONTHS
- •ASCII
- •ASCIISTR
- •ASIN
- •ATAN
- •ATAN2
- •BFILENAME
- •BITAND
- •CAST
- •CEIL
- •CHARTOROWID
- •COALESCE
- •COMPOSE
- •CONCAT
- •CONVERT
- •CORR
- •COSH
- •COUNT
- •COVAR_POP
- •COVAR_SAMP
- •CUME_DIST
- •CURRENT_DATE
- •CURRENT_TIMESTAMP
- •DBTIMEZONE
- •DECODE
- •DECOMPOSE
- •DENSE_RANK
- •DEPTH
- •DEREF
- •DUMP
- •EMPTY_BLOB, EMPTY_CLOB
- •EXISTSNODE
- •EXTRACT (datetime)
- •EXTRACT (XML)
- •EXTRACTVALUE
- •FIRST
- •FIRST_VALUE
- •FLOOR
- •FROM_TZ
- •GREATEST
- •GROUP_ID
- •GROUPING
- •GROUPING_ID
- •HEXTORAW
- •INITCAP
- •INSTR
- •LAST
- •LAST_DAY
- •LAST_VALUE
- •LEAD
- •LEAST
- •LENGTH
- •LOCALTIMESTAMP
- •LOWER
- •LPAD
- •LTRIM
- •MAKE_REF
- •MONTHS_BETWEEN
- •NCHR
- •NEW_TIME
- •NEXT_DAY
- •NLS_CHARSET_DECL_LEN
- •NLS_CHARSET_ID
- •NLS_CHARSET_NAME
- •NLS_INITCAP
- •NLS_LOWER
- •NLSSORT
- •NLS_UPPER
- •NTILE
- •NULLIF
- •NUMTODSINTERVAL
- •NUMTOYMINTERVAL
- •PATH
- •PERCENT_RANK
- •PERCENTILE_CONT
- •PERCENTILE_DISC
- •POWER
- •RANK
- •RATIO_TO_REPORT
- •RAWTOHEX
- •RAWTONHEX
- •REFTOHEX
- •REGR_ (Linear Regression) Functions
- •REPLACE
- •ROUND (number)
- •ROUND (date)
- •ROW_NUMBER
- •ROWIDTOCHAR
- •ROWIDTONCHAR
- •RPAD
- •RTRIM
- •SESSIONTIMEZONE
- •SIGN
- •SINH
- •SOUNDEX
- •SQRT
- •STDDEV
- •STDDEV_POP
- •STDDEV_SAMP
- •SUBSTR
- •SYS_CONNECT_BY_PATH
- •SYS_CONTEXT
- •SYS_DBURIGEN
- •SYS_EXTRACT_UTC
- •SYS_GUID
- •SYS_TYPEID
- •SYS_XMLAGG
- •SYS_XMLGEN
- •SYSDATE
- •SYSTIMESTAMP
- •TANH
- •TO_CHAR (character)
- •TO_CHAR (datetime)
- •TO_CHAR (number)
- •TO_CLOB
- •TO_DATE
- •TO_DSINTERVAL
- •TO_MULTI_BYTE
- •TO_NCHAR (character)
- •TO_NCHAR (datetime)
- •TO_NCHAR (number)
- •TO_NCLOB
- •TO_NUMBER
- •TO_SINGLE_BYTE
- •TO_TIMESTAMP
- •TO_TIMESTAMP_TZ
- •TO_YMINTERVAL
- •TRANSLATE
- •TRANSLATE ... USING
- •TREAT
- •TRIM
- •TRUNC (number)
- •TRUNC (date)
- •TZ_OFFSET
- •UNISTR
- •UPDATEXML
- •UPPER
- •USER
- •USERENV
- •VALUE
- •VAR_SAMP
- •VARIANCE
- •VSIZE
- •WIDTH_BUCKET
- •XMLAGG
- •XMLCOLATTVAL
- •XMLCONCAT
- •XMLELEMENT
- •XMLFOREST
- •XMLSEQUENCE
- •XMLTRANSFORM
- •ROUND and TRUNC Date Functions
- •User-Defined Functions
- •Prerequisites
- •Name Precedence
- •7 Common SQL DDL Clauses
- •allocate_extent_clause
- •constraints
- •deallocate_unused_clause
- •file_specification
- •logging_clause
- •parallel_clause
- •physical_attributes_clause
- •storage_clause
- •8 SQL Queries and Subqueries
- •About Queries and Subqueries
- •Creating Simple Queries
- •Hierarchical Queries
- •The UNION [ALL], INTERSECT, MINUS Operators
- •Sorting Query Results
- •Joins
- •Using Subqueries
- •Unnesting of Nested Subqueries
- •Selecting from the DUAL Table
- •Distributed Queries
- •9 SQL Statements: ALTER CLUSTER to ALTER SEQUENCE
- •Types of SQL Statements
- •Organization of SQL Statements
- •ALTER CLUSTER
- •ALTER DATABASE
- •ALTER DIMENSION
- •ALTER FUNCTION
- •ALTER INDEX
- •ALTER INDEXTYPE
- •ALTER JAVA
- •ALTER MATERIALIZED VIEW
- •ALTER MATERIALIZED VIEW LOG
- •ALTER OPERATOR
- •ALTER OUTLINE
- •ALTER PACKAGE
- •ALTER PROCEDURE
- •ALTER PROFILE
- •ALTER RESOURCE COST
- •ALTER ROLE
- •ALTER ROLLBACK SEGMENT
- •ALTER SEQUENCE
- •10 SQL Statements: ALTER SESSION to ALTER SYSTEM
- •ALTER SESSION
- •ALTER SYSTEM
- •ALTER TABLE
- •ALTER TABLESPACE
- •ALTER TRIGGER
- •ALTER TYPE
- •ALTER USER
- •ALTER VIEW
- •ANALYZE
- •ASSOCIATE STATISTICS
- •AUDIT
- •CALL
- •COMMENT
- •COMMIT
- •13 SQL Statements: CREATE CLUSTER to CREATE JAVA
- •CREATE CLUSTER
- •CREATE CONTEXT
- •CREATE CONTROLFILE
- •CREATE DATABASE
- •CREATE DATABASE LINK
- •CREATE DIMENSION
- •CREATE DIRECTORY
- •CREATE FUNCTION
- •CREATE INDEX
- •CREATE INDEXTYPE
- •CREATE JAVA
- •14 SQL Statements: CREATE LIBRARY to CREATE SPFILE
- •CREATE LIBRARY
- •CREATE MATERIALIZED VIEW
- •CREATE MATERIALIZED VIEW LOG
- •CREATE OPERATOR
- •CREATE OUTLINE
- •CREATE PACKAGE
- •CREATE PACKAGE BODY
- •CREATE PFILE
- •CREATE PROCEDURE
- •CREATE PROFILE
- •CREATE ROLE
- •CREATE ROLLBACK SEGMENT
- •CREATE SCHEMA
- •CREATE SEQUENCE
- •CREATE SPFILE
- •15 SQL Statements: CREATE SYNONYM to CREATE TRIGGER
- •CREATE SYNONYM
- •CREATE TABLE
- •CREATE TABLESPACE
- •CREATE TEMPORARY TABLESPACE
- •CREATE TRIGGER
- •CREATE TYPE
- •CREATE TYPE BODY
- •CREATE USER
- •CREATE VIEW
- •DELETE
- •DISASSOCIATE STATISTICS
- •DROP CLUSTER
- •DROP CONTEXT
- •DROP DATABASE LINK
- •DROP DIMENSION
- •DROP DIRECTORY
- •DROP FUNCTION
- •DROP INDEX
- •DROP INDEXTYPE
- •DROP JAVA
- •DROP LIBRARY
- •DROP MATERIALIZED VIEW
- •DROP MATERIALIZED VIEW LOG
- •DROP OPERATOR
- •DROP OUTLINE
- •DROP PACKAGE
- •DROP PROCEDURE
- •DROP PROFILE
- •DROP ROLE
- •DROP ROLLBACK SEGMENT
- •17 SQL Statements: DROP SEQUENCE to ROLLBACK
- •DROP SEQUENCE
- •DROP SYNONYM
- •DROP TABLE
- •DROP TABLESPACE
- •DROP TRIGGER
- •DROP TYPE
- •DROP TYPE BODY
- •DROP USER
- •DROP VIEW
- •EXPLAIN PLAN
- •GRANT
- •INSERT
- •LOCK TABLE
- •MERGE
- •NOAUDIT
- •RENAME
- •REVOKE
- •ROLLBACK
- •18 SQL Statements: SAVEPOINT to UPDATE
- •SAVEPOINT
- •SELECT
- •SET CONSTRAINT[S]
- •SET ROLE
- •SET TRANSACTION
- •TRUNCATE
- •UPDATE
- •Required Keywords and Parameters
- •Optional Keywords and Parameters
- •Syntax Loops
- •Multipart Diagrams
- •Database Objects
- •ANSI Standards
- •ISO Standards
- •Oracle Compliance
- •FIPS Compliance
- •Oracle Extensions to Standard SQL
- •Character Set Support
- •Using Extensible Indexing
- •Using XML in SQL Statements
- •Index
CREATE USER
CREATE USER
Purpose
Use the CREATE USER statement to create and configure a database user, or an account through which you can log in to the database and establish the means by which Oracle permits access by the user.
Note: You can enable a user to connect to Oracle through a proxy (that is, an application or application server). For syntax and discussion, refer to ALTER USER on page 12-22.
Prerequisites
You must have CREATE USER system privilege. When you create a user with the CREATE USER statement, the user’s privilege domain is empty. To log on to Oracle, a user must have CREATE SESSION system privilege. Therefore, after creating a user, you should grant the user at least the CREATE SESSION privilege.
See Also: GRANT on page 17-29
16-32 Oracle9i SQL Reference
CREATE USER
Syntax
create_user::=
|
|
|
|
|
BY |
password |
|
|
|
|
CREATE |
USER |
user |
IDENTIFIED |
EXTERNALLY |
|
|
|
|
||
|
|
|
|
|
GLOBALLY |
AS |
’ |
external_name |
’ |
|
DEFAULT |
TABLESPACE |
tablespace |
|
|
|
|
|
|
||
TEMPORARY |
TABLESPACE |
tablespace |
|
|
|
|
|
|||
|
|
|
|
K |
|
|
|
|
|
|
|
|
|
|
M |
|
|
|
|
|
|
|
|
integer |
|
|
|
|
|
|
|
|
|
QUOTA |
|
|
|
|
ON |
tablespace |
|
|
|
|
|
UNLIMITED |
|
|
|
|
|
|
|
|
PROFILE |
profile |
|
|
|
|
|
|
|
|
|
PASSWORD |
EXPIRE |
|
|
|
|
|
|
|
|
|
|
|
LOCK |
|
|
|
|
|
|
|
|
ACCOUNT |
|
|
|
|
|
|
|
|
|
|
|
|
UNLOCK |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
; |
Semantics
user
Specify the name of the user to be created. This name can contain only characters from your database character set and must follow the rules described in the section "Schema Object Naming Rules" on page 2-110. Oracle recommends that the user name contain at least one single-byte character regardless of whether the database character set also contains multibyte characters.
SQL Statements: CREATE TYPE to DROP ROLLBACK SEGMENT 16-33
CREATE USER
Note: Oracle Corporation recommends that user names and passwords be encoded in ASCII or EBCDIC characters only, depending on your platform. Please refer to Oracle9i Database Administrator’s Guide for more information about this recommendation.
See Also: "Creating a Database User: Example" on page 16-37
IDENTIFIED Clause
The IDENTIFIED clause lets you indicate how Oracle authenticates the user.
BY password
The BY password clause lets you creates a local user and indicates that the user must specify password to log on. Passwords can contain only single-byte characters from your database character set regardless of whether this character set also contains multibyte characters.
Passwords must follow the rules described in the section "Schema Object Naming Rules" on page 2-110, unless you are using Oracle’s password complexity verification routine. That routine requires a more complex combination of characters than the normal naming rules permit. You implement this routine with the UTLPWDMG.SQL script, which is further described in Oracle9i Database Administrator’s Guide.
Note: Oracle Corporation recommends that user names and passwords be encoded in ASCII or EBCDIC characters only, depending on your platform. Please refer to Oracle9i Database Administrator’s Guide for more information about this recommendation.
See Also: Oracle9i Database Administrator’s Guide to for a detailed description and explanation of how to use password management and protection
EXTERNALLY Clause
Specify EXTERNALLY to create an external user. Such a user must be authenticated by an external service (such as an operating system or a third-party service). In this
16-34 Oracle9i SQL Reference
CREATE USER
case, Oracle to relies on the login authentication of the operating system to ensure that a specific operating system user has access to a specific database user.
Caution: Oracle Corporation strongly recommends that you do not use IDENTIFIED EXTERNALLY with operating systems that have inherently weak login security. For more information, see
Oracle9i Database Administrator’s Guide.
See Also: "Creating External Database Users: Examples" on page 16-38
GLOBALLY Clause
The GLOBALLY clause lets you create a global user. Such a user must be authenticated by the enterprise directory service. The ’external_name’ string can take one of two forms:
■The X.509 name at the enterprise directory service that identifies this user. It should be of the form ’CN=username,other_attributes’, where other_ attributes is the rest of the user’s distinguished name (DN) in the directory.
■A null string (’ ’) indicating that the enterprise directory service will map authenticated global users to the appropriate database schema with the appropriate roles.
Note: You can control the ability of an application server to connect as the specified user and to activate that user’s roles using the ALTER USER statement.
See Also:
■Oracle Advanced Security Administrator’s Guide for more information on global users
■ALTER USER on page 12-22
■Oracle9i Application Developer’s Guide - Fundamentals and your operating system specific documentation for more information
■"Creating a Global Database User: Example" on page 16-38
SQL Statements: CREATE TYPE to DROP ROLLBACK SEGMENT 16-35
CREATE USER
DEFAULT TABLESPACE Clause
Specify the default tablespace for objects that the user creates. If you omit this clause, objects default to the SYSTEM tablespace.
Restriction on Default Temporary Tablespaces You cannot specify a locally managed tablespace (including an undo tablespace) or a dictionary-managed temporary tablespace as a user’s default tablespace.
See Also: CREATE TABLESPACE on page 15-80 for more information on tablespaces in general and undo tablespaces in particular
TEMPORARY TABLESPACE Clause
Specify the tablespace for the user’s temporary segments. If you omit this clause, temporary segments default to the SYSTEM tablespace.
Restrictions on a User’s Temporary Tablespace
■The tablespace must be a temporary tablespace and must have a standard block size.
■The tablespace cannot be an undo tablespace or a tablespace with automatic segment-space management.
See Also: CREATE TABLESPACE on page 15-80 for more information on undo tablespaces and segment management
QUOTA Clause
Use the QUOTA clause to allow the user to allocate up to integer bytes of space in the tablespace. Use K or M to specify the quota in kilobytes or megabytes. This quota is the maximum space in the tablespace the user can allocate.
A CREATE USER statement can have multiple QUOTA clauses for multiple tablespaces.
UNLIMITED lets the user allocate space in the tablespace without bound.
PROFILE Clause
Specify the profile you want to assign to the user. The profile limits the amount of database resources the user can use. If you omit this clause, Oracle assigns the DEFAULT profile to the user.
16-36 Oracle9i SQL Reference
CREATE USER
See Also: GRANT on page 17-29 and CREATE PROFILE on page 14-71
PASSWORD EXPIRE Clause
Specify PASSWORD EXPIRE if you want the user’s password to expire. This setting forces the user (or the DBA) to change the password before the user can log in to the database.
ACCOUNT Clause
Specify ACCOUNT LOCK to lock the user’s account and disable access. Specify ACCOUNT UNLOCK to unlock the user’s account and enable access to the account.
Examples
Note: All of the following examples use the example tablespace because it which exists in the seed database and is accessible to the sample schemas.
Creating a Database User: Example If you create a new user with PASSWORD EXPIRE, the user’s password must be changed before attempting to log in to the database. You can create the user sidney by issuing the following statement:
CREATE USER sidney
IDENTIFIED BY out_standing1
DEFAULT TABLESPACE example
QUOTA 10M ON example
TEMPORARY TABLESPACE temp
QUOTA 5M ON system
PROFILE app_user
PASSWORD EXPIRE;
The user sidney has the following characteristics:
■
■
■
■
The password welcome
Default tablespace example, with a quota of 10 megabytes
Temporary tablespace temp
Access to the tablespace SYSTEM, with a quota of 5 megabytes
SQL Statements: CREATE TYPE to DROP ROLLBACK SEGMENT 16-37
CREATE USER
■Limits on database resources defined by the profile app_user (which was created in "Creating a Profile: Example" on page 14-76)
■An expired password, which must be changed before sidney can log in to the database
Creating External Database Users: Examples The following example creates an external user, who must be identified by an external source before accessing the database:
CREATE USER app_user1
IDENTIFIED EXTERNALLY
DEFAULT TABLESPACE example
QUOTA 5M ON example
PROFILE app_user;
The user app_user1 has the following additional characteristics:
■Default tablespace example
■Default temporary tablespace example
■5M of space on the tablespace example and unlimited quota on the temporary tablespace of the database
■Limits on database resources defined by the app_user profile
To create another user accessible only by the operating system account app_user2, prefix app_user2 by the value of the initialization parameter OS_AUTHENT_ PREFIX. For example, if this value is "ops$", you can create the user ops$app_ user2 with the following statement:
CREATE USER ops$external_user
IDENTIFIED EXTERNALLY
DEFAULT TABLESPACE example
QUOTA 5M ON example
PROFILE app_user;
Creating a Global Database User: Example The following example creates a global user. When you create a global user, you can specify the X.509 name that identifies this user at the enterprise directory server:
CREATE USER global_user
IDENTIFIED GLOBALLY AS ’CN=analyst, OU=division1, O=oracle, C=US’ DEFAULT TABLESPACE example
QUOTA 5M ON example;
16-38 Oracle9i SQL Reference