Creates a GROUP, PROGRAM or USER (authorization-identity) ident.
where schema-clause is:
Usage
Embedded, Interactive, Module, ODBC, JDBC.
Description
A new ident is created. If the ident is a USER or PROGRAM ident, a schema with the same name as the ident can also be created. A schema is created by default and when WITH SCHEMA is explicitly specified. For idents who are not supposed to create database objects, it’s good practice to specify WITHOUT SCHEMA. (If such an ident later needs a schema, just grant schema to that ident.)
If the ident is a USER, a password can be optionally specified.
If the ident is a PROGRAM ident, a password must be specified.
USER idents are authorized to access a Mimer SQL database by using the CONNECT statement. In interactive contexts, e.g. when Mimer BSQL is started, a USER ident is used to log in.
A USER may connect either by specifying a password or using an OS_USER login. An OS_USER login is added to a USER by using the ALTER IDENT statement. There may be multiple OS_USER logins defined for a USER ident. When a connect statement is executed, the Mimer SQL server will pick up the current system user name from the operating system. If there is an OS_USER login for the ident name used in the connect statement that matches the system user name there is no need to specify a password in the connect statement. If the system user name is the same as the ident name in the Mimer SQL server there is no need to give a ident name when doing a connect statement.
If the connect is done with a tool such as BSQL, this is achieved by entering <return> when prompted for username or password.
PROGRAM idents cannot be used to connect to a database. After a connection has been established (by using a USER or OS_USER ident), the ENTER statement can used to make a PROGRAM ident the current ident. The access rights to the database defined for the PROGRAM ident will thus come into effect.
The ident executing the ENTER statement must have EXECUTE privilege on the PROGRAM ident (the ENTER statement can be executed by a PROGRAM ident).
The ident that executed the ENTER statement will become the current ident again after the LEAVE statement has been executed.
GROUP idents cannot be used to connect to a database. They are used to implement collective authorization of access rights to the database. Other idents become members of a GROUP ident when MEMBER privilege on the GROUP ident is granted to them.
While an ident is a member of a GROUP ident, that ident is effectively granted the privileges held by the GROUP ident.
For a more detailed description of idents, see the Mimer SQL Programmer's Manual, Idents and Privileges.
Restrictions
CREATE IDENT requires that the current ident have IDENT privilege.
The ident must not have the same name as an ident or schema that already exists in the database.
Notes
The creator of a GROUP ident is automatically granted MEMBER privilege on it, with the WITH GRANT OPTION.
The creator of a PROGRAM ident is automatically granted EXECUTE privilege on it, with the WITH GRANT OPTION.
A USER ident password must be at least 1 and at most 128 characters long. A PROGRAM ident password must be at least 1 and at most 18 characters long. A password may contain any characters except space. The case of alphabetic characters is significant. The password string must be enclosed in string delimiters, which are not stored as part of the password.
An ident who is authorized to created new idents (by having IDENT privilege) can also create new schemas.
Example
CREATE IDENT mimer_adm AS USER USING 'admin';
For more information, see the Mimer SQL User's Manual, Creating Idents and Schemas.
Standard Compliance
Standard |
Compliance |
Comments |
---|---|---|
|
Mimer SQL extension |
The CREATE IDENT statement is a Mimer SQL extension. |