Creating database server users (UNIX, Linux)

If you have DBSA privileges, you can create internally authenticated users or you can create users who do not have accounts on the host system. To create these types of users, you must map each user to the appropriate user and group privileges, regardless of whether these users have operating system accounts on the database server host computer.

Before you begin

After a non-root database server is installed, users cannot immediately connect to the server with passwords because permission issues prevent OS authentication. Additionally, users do not yet exist in the internal database. The only way to initially connect to a non-root server is without a password. Because only a DBSA can create users, the database owner must make a connection without a password, and then create users in the database. The DBSA can create a user with or without a password. The method of establishing the initial connection without a password is provided in this task.

  • You must have DBSA privileges. By default, the owner of a non-root server is a DBSA. When you create or modify user accounts, you can use CREATE USER or ALTER USER statements to grant the DBSA privilege to other users.
  • For a non-root installation only: After installation, you must connect to the database server by using DB-Access.

    On local clients, you can start DB-Access and establish a connection to the server by using a user name and password. Alternatively, on the command prompt, a user can run the dbaccess command and then run other SQL statements to connect without a password, as follows:

    
    >dbaccess - -
    > database  sysuser;
    
    Database selected.
    
    >

    If you want to connect from a remote computer without a password, you must have trusted-host information or trusted-user information specified. Trusted-host information is in the hosts.equiv file or the file specified by the REMOTE_SERVER_CFG configuration parameter. Trusted-user information is in each user's rhosts file or the file specified by the REMOTE_USERS_CFG configuration parameter.

About this task

To create user accounts for database users:

Procedure

Run the CREATE USER statement, in the format shown in the following examples:
CREATE DEFAULT USER WITH PROPERTIES USER 'guest';

CREATE USER username WITH PASSWORD password

What to do next

To enable a new user to successfully connect to the server:

You are not required to specify information in the USERMAPPING configuration parameter when you create users. However, if you want to enable the mapped or internal user to successfully connect to the server, you must set the USERMAPPING configuration parameter, as follows:

  • If you do not want mapped users to have administrative privileges, set the USERMAPPING parameter to BASIC.
  • If you want to make it possible for selected mapped users to have administrative privileges, set the USERMAPPING parameter to ADMIN.

    No administrative privileges are given to any users until you provide that access when you run a CREATE USER (or ALTER USER) statement. You can grant ADMIN privileges to users with surrogate property AUTHORIZATION. The valid values are dbsa, dbsso, aao and bargroup.