Creating a new role associated with a profile v16
A database superuser can use clauses of the CREATE USER|ROLE
command to assign a named profile to a role when creating the role or to specify profile management details for a role. The command syntax related to profile management functionality is:
where option
can be the following compatible clauses:
Or, option
can be the following noncompatible clauses:
For information about the administrative clauses of the CREATE USER
or CREATE ROLE
command that are supported by EDB Postgres Advanced Server, see the PostgreSQL core documentation.
CREATE ROLE|USER... PROFILE
adds a role with an associated profile to an EDB Postgres Advanced Server database cluster.
Roles created with the CREATE USER
command are by default login roles. Roles created with the CREATE ROLE
command are by default not login roles. To create a login account with the CREATE ROLE
command, you must include the LOGIN
keyword.
Only a database superuser can use the CREATE USER|ROLE
clauses that enforce profile management. These clauses enforce the following behaviors:
Include the
PROFILE
clause and aprofile_name
to associate a predefined profile with a role or to change the predefined profile associated with a user.Include the
ACCOUNT
clause and theLOCK
orUNLOCK
keyword to place the user account in a locked or unlocked state.Include the
LOCK TIME 'timestamp'
clause and a date/time value to lock the role at the specified time and unlock the role at the time indicated by thePASSWORD_LOCK_TIME
parameter of the profile assigned to this role. IfLOCK TIME
is used with theACCOUNT LOCK
clause, only a database superuser can unlock the role with theACCOUNT UNLOCK
clause.Include the
PASSWORD EXPIRE
clause with the optionalAT 'timestamp'
keywords to specify a date/time when the password associated with the role expires. If you omit theAT 'timestamp'
keywords, the password expires immediately.
Each login role can have only one profile. To discover the profile that's currently associated with a login role, query the profile
column of the DBA_USERS
view.
Parameters
name
The name of the role.
profile_name
The name of the profile associated with the role.
timestamp
The date and time when the clause is enforced. When specifying a value for timestamp
, enclose the value in single quotes.
Examples
This example uses CREATE USER
to create a login role named john
associated with the acctg_profile
profile:
john
can log in to the server using the password 1safepwd
.
This example uses CREATE ROLE
to create a login role named john
associated with the acctg_profile
profile:
john
can log in to the server using the password 1safepwd
.
- On this page
- Parameters
- Examples