Updated on 2025-08-19 GMT+08:00
CREATE USER
Description
Creates a user.
Precautions
- A user created using the CREATE USER statement has the LOGIN permission by default.
- When you run the CREATE USER command to create a user, the system creates a schema with the same name as the user in the database where the command is executed.
- The owner of an object created by a system administrator in a schema with the same name as a common user is the common user, not the system administrator.
Syntax
CREATE USER user_name [ [ WITH ] option [ ... ] ] [ ENCRYPTED | UNENCRYPTED ] { PASSWORD | IDENTIFIED BY } { 'password' [EXPIRED] | DISABLE };
The option clause is used to configure information, including permissions and properties.
{SYSADMIN | NOSYSADMIN}
| {MONADMIN | NOMONADMIN}
| {OPRADMIN | NOOPRADMIN}
| {POLADMIN | NOPOLADMIN}
| {AUDITADMIN | NOAUDITADMIN}
| {CREATEDB | NOCREATEDB}
| {USEFT | NOUSEFT}
| {CREATEROLE | NOCREATEROLE}
| {INHERIT | NOINHERIT}
| {LOGIN | NOLOGIN}
| {REPLICATION | NOREPLICATION}
| {VCADMIN | NOVCADMIN}
| {PERSISTENCE | NOPERSISTENCE}
| CONNECTION LIMIT connlimit
| VALID BEGIN 'timestamp'
| VALID UNTIL 'timestamp'
| USER GROUP 'groupuser'
| PERM SPACE 'spacelimit'
| TEMP SPACE 'tmpspacelimit'
| SPILL SPACE 'spillspacelimit'
| NODE GROUP logic_cluster_name
| IN ROLE role_name [, ...]
| IN GROUP role_name [, ...]
| ROLE role_name [, ...]
| ADMIN role_name [, ...]
| USER role_name [, ...]
| SYSID uid
| DEFAULT TABLESPACE tablespace_name
| PROFILE DEFAULT
| PROFILE profile_name
| PGUSER
Parameters
- user_name
Username.
Value range: a string that follows the Identifier Naming Conventions with a maximum of 63 characters.
- password
Specifies the login password.
The new password must:
- Contain at least eight characters. This is the default length.
- Differ from the username or the username spelled backward.
- Contain at least three of the following character types: uppercase characters, lowercase characters, digits, and special characters (limited to ~!@#$ %^&*()-_=+\|[{}];:,<.>/?).
- The password can also be a ciphertext character string that meets the format requirements. This mode is mainly used to import user data. You are advised not to use it directly. If a ciphertext password is used, you need to know the plaintext corresponding to the ciphertext password and ensure a complex plaintext password. The database does not verify the complexity of the ciphertext password, so you should ensure the password security.
- When creating a user, enclose the user password in single quotation marks.
Value range: a string.
For details about other parameter values of CREATE USER, see CREATE ROLE.
Examples
-- Create user jim whose login password is ********. openGauss=# CREATE USER jim PASSWORD '********'; -- Alternatively, you can run the following statement: openGauss=# CREATE USER kim IDENTIFIED BY '********'; -- To create a user with the CREATEDB permission, add the CREATEDB keyword. openGauss=# CREATE USER dim CREATEDB PASSWORD '********'; -- Change the login password of user jim from ******** to **********. openGauss=# ALTER USER jim IDENTIFIED BY '**********' REPLACE '********'; -- Add the CREATEROLE permission to jim. openGauss=# ALTER USER jim CREATEROLE; -- Set enable_seqscan to on. (The setting will take effect in the next session.) openGauss=# ALTER USER jim SET enable_seqscan TO on; -- Reset the enable_seqscan parameter for jim. openGauss=# ALTER USER jim RESET enable_seqscan; -- Lock jim. openGauss=# ALTER USER jim ACCOUNT LOCK; -- Drop users. openGauss=# DROP USER kim CASCADE; openGauss=# DROP USER jim CASCADE; openGauss=# DROP USER dim CASCADE;
Helpful Links
ALTER USER, CREATE ROLE, and DROP USER
Parent topic: SQL Syntax
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
The system is busy. Please try again later.
