To create a user for VantageCloud Lake, do the following tasks:
- Determine what to provision for profiles, roles and users.
See User Privileges for commonly-assigned privileges for users.
- Log on to VantageCloud Lake.
- Go to Editor.
- Connect as the database administrator SYSDBA.
- Create a profile to be used by the user, if one has not been created. Best practice is to start the profile name with P_ to make it easily identifiable as a profile.
CREATE PROFILE P_profile_name AS profile ;
The following is an example with profile attributes shown in bold:CREATE PROFILE "P_AdminProfile" AS COMPUTE GROUP = compute_group SPOOL=spool_space, TEMPORARY=NULL, ACCOUNT=('account__strA',' account_strB'), DEFAULT DATABASE="database_name", PASSWORD = (EXPIRE=90,MINCHAR=NULL,MAXCHAR=NULL,MAXLOGONATTEMPTS=NULL, LOCKEDUSEREXPIRE=NULL,REUSE=NULL,DIGITS=NULL, RESTRICTWORDS=NULL,SPECCHAR=NULL);
See CREATE PROFILE for additional information.
- Create a role to be used by the user, if one has not been created, as follows:
- Create the role. Best practice is to start the role name with R_ to make it easily identifiable as a role.
CREATE ROLE R_role_name;
- Assign privileges to the role.
GRANT privilege_list ON database_object_name TO R_role_name;
- Include privileges on Sys_Calendar to the role.
GRANT SELECT, EXECUTE ON Sys_Calendar TO R_role_name;
See CREATE ROLE for additional information.
- Create the role. Best practice is to start the role name with R_ to make it easily identifiable as a role.
- Create the user, and include their additional privileges and the default role.Include the compute group if the compute profile does not include the compute group.
CREATE USER "user_name" FROM "SYSDBA" AS PERM = number_of_bytes, PASSWORD = "temp_password", STARTUP = '', DEFAULT DATABASE = "database_name", PROFILE="P_profile_name”, [ COMPUTE GROUP = "compute_group" ] ;
Important: If you create users outside of the VantageCloud Lake platform, then you must grant those users the following privileges to allow them to access the platform:GRANT ALL ON user_name to user_name WITH GRANT OPTION GRANT LOGON ON ALL TO user_name WITH NULL PASSWORD
See CREATE USER for additional information.
- Grant the role to the user.
GRANT R_role_name TO user_name;
Grant user access to the compute group if the role privileges did not include access.