CREATE USER
Use the CREATE USER
command to create a new user account in RisingWave.
Syntax for creating a new user
If you do not want password authentication for the user, omit the PASSWORD option.
Below are the options for system permissions.
Option | Description |
---|---|
SUPERUSER | Grants the user superuser permission. A superuser can override all access restrictions. NOSUPERUSER is the default value. |
NOSUPERUSER | Denies the user superuser permission. A superuser can override all access restrictions. NOSUPERUSER is the default value. |
CREATEDB | Grants the user the permission to create databases. NOCREATEDB is the default value. |
NOCREATEDB | Denies the user the permission to create databases. NOCREATEDB is the default value. |
CREATEUSER | Grants the user the permission to create new users and/or alter and drop existing users. NOCREATEUSER is the default value. |
NOCREATEUSER | Denies the user the ability to create new users and/or alter and drop existing users. NOCREATEUSER is the default value. |
Syntax for creating a user with OAuth authentication
In addition, you can create a user with OAuth authentication. The syntax is as follows:
The jwks_url
and issuer
parameters are mandatory. On the other hand, other_params_should_match
is an optional parameter that will be validated against jwt.claims
. Please ensure that all keys in the options are in lowercase.
kid
and alg
are required in the header of JWT, and kid
is also required in the JWKs returned by the JWKS server. All parameters set in user creation (except jwks_url
) will be checked in the claims of JWT. Any mismatch will deny the login process.
Examples
Create a user account and switch to it
The following statement creates a user account with the name “user1” and password ‘pAssword12345’.
You can connect to RisingWave with the newly created user account.
To switch to the new user account:
Quit current connection.
Connect and log in with the new account.
Enter the password to log in.
Names and unquoted identifiers are case-insensitive. Therefore, you must double-quote any of these fields for them to be case-sensitive. See also Identifiers.
Create a user with OAuth authentication
Here is an example of creating a new user test
with OAuth authentication.
Connect and log in with the root account.
Create a new user test with OAuth authentication in psql.
Connect and log in with the new account.
Was this page helpful?