1 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>createuser</title><link rel="stylesheet" type="text/css" href="stylesheet.css" /><link rev="made" href="pgsql-docs@lists.postgresql.org" /><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot" /><link rel="prev" href="app-createdb.html" title="createdb" /><link rel="next" href="app-dropdb.html" title="dropdb" /></head><body id="docContent" class="container-fluid col-10"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="5" align="center"><span class="application">createuser</span></th></tr><tr><td width="10%" align="left"><a accesskey="p" href="app-createdb.html" title="createdb">Prev</a> </td><td width="10%" align="left"><a accesskey="u" href="reference-client.html" title="PostgreSQL Client Applications">Up</a></td><th width="60%" align="center">PostgreSQL Client Applications</th><td width="10%" align="right"><a accesskey="h" href="index.html" title="PostgreSQL 18.0 Documentation">Home</a></td><td width="10%" align="right"> <a accesskey="n" href="app-dropdb.html" title="dropdb">Next</a></td></tr></table><hr /></div><div class="refentry" id="APP-CREATEUSER"><div class="titlepage"></div><a id="id-1.9.4.5.1" class="indexterm"></a><div class="refnamediv"><h2><span class="refentrytitle"><span class="application">createuser</span></span></h2><p>createuser — define a new <span class="productname">PostgreSQL</span> user account</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p id="id-1.9.4.5.4.1"><code class="command">createuser</code> [<em class="replaceable"><code>connection-option</code></em>...] [<em class="replaceable"><code>option</code></em>...] [<em class="replaceable"><code>username</code></em>]</p></div></div><div class="refsect1" id="id-1.9.4.5.5"><h2>Description</h2><p>
3 <span class="application">createuser</span> creates a
4 new <span class="productname">PostgreSQL</span> user (or more precisely, a role).
5 Only superusers and users with <code class="literal">CREATEROLE</code> privilege can create
6 new users, so <span class="application">createuser</span> must be
7 invoked by someone who can connect as a superuser or a user with
8 <code class="literal">CREATEROLE</code> privilege.
10 If you wish to create a role with the <code class="literal">SUPERUSER</code>,
11 <code class="literal">REPLICATION</code>, or <code class="literal">BYPASSRLS</code> privilege,
12 you must connect as a superuser, not merely with
13 <code class="literal">CREATEROLE</code> privilege.
14 Being a superuser implies the ability to bypass all access permission
15 checks within the database, so superuser access should not be granted
16 lightly. <code class="literal">CREATEROLE</code> also conveys
17 <a class="link" href="role-attributes.html#ROLE-CREATION">very extensive privileges</a>.
19 <span class="application">createuser</span> is a wrapper around the
20 <acronym class="acronym">SQL</acronym> command <a class="link" href="sql-createrole.html" title="CREATE ROLE"><code class="command">CREATE ROLE</code></a>.
21 There is no effective difference between creating users via
22 this utility and via other methods for accessing the server.
23 </p></div><div class="refsect1" id="id-1.9.4.5.6"><h2>Options</h2><p>
24 <span class="application">createuser</span> accepts the following command-line arguments:
26 </p><div class="variablelist"><dl class="variablelist"><dt><span class="term"><em class="replaceable"><code>username</code></em></span></dt><dd><p>
27 Specifies the name of the <span class="productname">PostgreSQL</span> user
29 This name must be different from all existing roles in this
30 <span class="productname">PostgreSQL</span> installation.
31 </p></dd><dt><span class="term"><code class="option">-a <em class="replaceable"><code>role</code></em></code><br /></span><span class="term"><code class="option">--with-admin=<em class="replaceable"><code>role</code></em></code></span></dt><dd><p>
32 Specifies an existing role that will be automatically added as a member of the new
33 role with admin option, giving it the right to grant membership in the
34 new role to others. Multiple existing roles can be specified by
35 writing multiple <code class="option">-a</code> switches.
36 </p></dd><dt><span class="term"><code class="option">-c <em class="replaceable"><code>number</code></em></code><br /></span><span class="term"><code class="option">--connection-limit=<em class="replaceable"><code>number</code></em></code></span></dt><dd><p>
37 Set a maximum number of connections for the new user.
38 The default is to set no limit.
39 </p></dd><dt><span class="term"><code class="option">-d</code><br /></span><span class="term"><code class="option">--createdb</code></span></dt><dd><p>
40 The new user will be allowed to create databases.
41 </p></dd><dt><span class="term"><code class="option">-D</code><br /></span><span class="term"><code class="option">--no-createdb</code></span></dt><dd><p>
42 The new user will not be allowed to create databases. This is the
44 </p></dd><dt><span class="term"><code class="option">-e</code><br /></span><span class="term"><code class="option">--echo</code></span></dt><dd><p>
45 Echo the commands that <span class="application">createuser</span> generates
46 and sends to the server.
47 </p></dd><dt><span class="term"><code class="option">-E</code><br /></span><span class="term"><code class="option">--encrypted</code></span></dt><dd><p>
48 This option is obsolete but still accepted for backward
50 </p></dd><dt><span class="term"><code class="option">-g <em class="replaceable"><code>role</code></em></code><br /></span><span class="term"><code class="option">--member-of=<em class="replaceable"><code>role</code></em></code><br /></span><span class="term"><code class="option">--role=<em class="replaceable"><code>role</code></em></code> (deprecated)</span></dt><dd><p>
51 Specifies the new role should be automatically added as a member
52 of the specified existing role. Multiple existing roles can be
53 specified by writing multiple <code class="option">-g</code> switches.
54 </p></dd><dt><span class="term"><code class="option">-i</code><br /></span><span class="term"><code class="option">--inherit</code></span></dt><dd><p>
55 The new role will automatically inherit privileges of roles
58 </p></dd><dt><span class="term"><code class="option">-I</code><br /></span><span class="term"><code class="option">--no-inherit</code></span></dt><dd><p>
59 The new role will not automatically inherit privileges of roles
61 </p></dd><dt><span class="term"><code class="option">--interactive</code></span></dt><dd><p>
62 Prompt for the user name if none is specified on the command line, and
63 also prompt for whichever of the options
64 <code class="option">-d</code>/<code class="option">-D</code>,
65 <code class="option">-r</code>/<code class="option">-R</code>,
66 <code class="option">-s</code>/<code class="option">-S</code> is not specified on the command
67 line. (This was the default behavior up to PostgreSQL 9.1.)
68 </p></dd><dt><span class="term"><code class="option">-l</code><br /></span><span class="term"><code class="option">--login</code></span></dt><dd><p>
69 The new user will be allowed to log in (that is, the user name
70 can be used as the initial session user identifier).
72 </p></dd><dt><span class="term"><code class="option">-L</code><br /></span><span class="term"><code class="option">--no-login</code></span></dt><dd><p>
73 The new user will not be allowed to log in.
74 (A role without login privilege is still useful as a means of
75 managing database permissions.)
76 </p></dd><dt><span class="term"><code class="option">-m <em class="replaceable"><code>role</code></em></code><br /></span><span class="term"><code class="option">--with-member=<em class="replaceable"><code>role</code></em></code></span></dt><dd><p>
77 Specifies an existing role that will be automatically
78 added as a member of the new role. Multiple existing roles can
79 be specified by writing multiple <code class="option">-m</code> switches.
80 </p></dd><dt><span class="term"><code class="option">-P</code><br /></span><span class="term"><code class="option">--pwprompt</code></span></dt><dd><p>
81 If given, <span class="application">createuser</span> will issue a prompt for
82 the password of the new user. This is not necessary if you do not plan
83 on using password authentication.
84 </p></dd><dt><span class="term"><code class="option">-r</code><br /></span><span class="term"><code class="option">--createrole</code></span></dt><dd><p>
85 The new user will be allowed to create, alter, drop, comment on,
86 change the security label for other roles; that is,
87 this user will have <code class="literal">CREATEROLE</code> privilege.
88 See <a class="xref" href="role-attributes.html#ROLE-CREATION">role creation</a> for more details about what
89 capabilities are conferred by this privilege.
90 </p></dd><dt><span class="term"><code class="option">-R</code><br /></span><span class="term"><code class="option">--no-createrole</code></span></dt><dd><p>
91 The new user will not be allowed to create new roles. This is the
93 </p></dd><dt><span class="term"><code class="option">-s</code><br /></span><span class="term"><code class="option">--superuser</code></span></dt><dd><p>
94 The new user will be a superuser.
95 </p></dd><dt><span class="term"><code class="option">-S</code><br /></span><span class="term"><code class="option">--no-superuser</code></span></dt><dd><p>
96 The new user will not be a superuser. This is the default.
97 </p></dd><dt><span class="term"><code class="option">-v <em class="replaceable"><code>timestamp</code></em></code><br /></span><span class="term"><code class="option">--valid-until=<em class="replaceable"><code>timestamp</code></em></code></span></dt><dd><p>
98 Set a date and time after which the role's password is no longer valid.
99 The default is to set no password expiry date.
100 </p></dd><dt><span class="term"><code class="option">-V</code><br /></span><span class="term"><code class="option">--version</code></span></dt><dd><p>
101 Print the <span class="application">createuser</span> version and exit.
102 </p></dd><dt><span class="term"><code class="option">--bypassrls</code></span></dt><dd><p>
103 The new user will bypass every row-level security (RLS) policy.
104 </p></dd><dt><span class="term"><code class="option">--no-bypassrls</code></span></dt><dd><p>
105 The new user will not bypass row-level security (RLS) policies. This is
107 </p></dd><dt><span class="term"><code class="option">--replication</code></span></dt><dd><p>
108 The new user will have the <code class="literal">REPLICATION</code> privilege,
109 which is described more fully in the documentation for <a class="xref" href="sql-createrole.html" title="CREATE ROLE"><span class="refentrytitle">CREATE ROLE</span></a>.
110 </p></dd><dt><span class="term"><code class="option">--no-replication</code></span></dt><dd><p>
111 The new user will not have the <code class="literal">REPLICATION</code>
112 privilege, which is described more fully in the documentation for <a class="xref" href="sql-createrole.html" title="CREATE ROLE"><span class="refentrytitle">CREATE ROLE</span></a>. This is the default.
113 </p></dd><dt><span class="term"><code class="option">-?</code><br /></span><span class="term"><code class="option">--help</code></span></dt><dd><p>
114 Show help about <span class="application">createuser</span> command line
116 </p></dd></dl></div><p>
118 <span class="application">createuser</span> also accepts the following
119 command-line arguments for connection parameters:
121 </p><div class="variablelist"><dl class="variablelist"><dt><span class="term"><code class="option">-h <em class="replaceable"><code>host</code></em></code><br /></span><span class="term"><code class="option">--host=<em class="replaceable"><code>host</code></em></code></span></dt><dd><p>
122 Specifies the host name of the machine on which the
124 is running. If the value begins with a slash, it is used
125 as the directory for the Unix domain socket.
126 </p></dd><dt><span class="term"><code class="option">-p <em class="replaceable"><code>port</code></em></code><br /></span><span class="term"><code class="option">--port=<em class="replaceable"><code>port</code></em></code></span></dt><dd><p>
127 Specifies the TCP port or local Unix domain socket file
128 extension on which the server
129 is listening for connections.
130 </p></dd><dt><span class="term"><code class="option">-U <em class="replaceable"><code>username</code></em></code><br /></span><span class="term"><code class="option">--username=<em class="replaceable"><code>username</code></em></code></span></dt><dd><p>
131 User name to connect as (not the user name to create).
132 </p></dd><dt><span class="term"><code class="option">-w</code><br /></span><span class="term"><code class="option">--no-password</code></span></dt><dd><p>
133 Never issue a password prompt. If the server requires
134 password authentication and a password is not available by
135 other means such as a <code class="filename">.pgpass</code> file, the
136 connection attempt will fail. This option can be useful in
137 batch jobs and scripts where no user is present to enter a
139 </p></dd><dt><span class="term"><code class="option">-W</code><br /></span><span class="term"><code class="option">--password</code></span></dt><dd><p>
140 Force <span class="application">createuser</span> to prompt for a
141 password (for connecting to the server, not for the
142 password of the new user).
144 This option is never essential, since
145 <span class="application">createuser</span> will automatically prompt
146 for a password if the server demands password authentication.
147 However, <span class="application">createuser</span> will waste a
148 connection attempt finding out that the server wants a password.
149 In some cases it is worth typing <code class="option">-W</code> to avoid the extra
151 </p></dd></dl></div><p>
152 </p></div><div class="refsect1" id="id-1.9.4.5.7"><h2>Environment</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term"><code class="envar">PGHOST</code><br /></span><span class="term"><code class="envar">PGPORT</code><br /></span><span class="term"><code class="envar">PGUSER</code></span></dt><dd><p>
153 Default connection parameters
154 </p></dd><dt><span class="term"><code class="envar">PG_COLOR</code></span></dt><dd><p>
155 Specifies whether to use color in diagnostic messages. Possible values
156 are <code class="literal">always</code>, <code class="literal">auto</code> and
157 <code class="literal">never</code>.
158 </p></dd></dl></div><p>
159 This utility, like most other <span class="productname">PostgreSQL</span> utilities,
160 also uses the environment variables supported by <span class="application">libpq</span>
161 (see <a class="xref" href="libpq-envars.html" title="32.15. Environment Variables">Section 32.15</a>).
162 </p></div><div class="refsect1" id="id-1.9.4.5.8"><h2>Diagnostics</h2><p>
163 In case of difficulty, see <a class="xref" href="sql-createrole.html" title="CREATE ROLE"><span class="refentrytitle">CREATE ROLE</span></a>
164 and <a class="xref" href="app-psql.html" title="psql"><span class="refentrytitle"><span class="application">psql</span></span></a> for
165 discussions of potential problems and error messages.
166 The database server must be running at the
167 targeted host. Also, any default connection settings and environment
168 variables used by the <span class="application">libpq</span> front-end
170 </p></div><div class="refsect1" id="id-1.9.4.5.9"><h2>Examples</h2><p>
171 To create a user <code class="literal">joe</code> on the default database
173 </p><pre class="screen">
174 <code class="prompt">$ </code><strong class="userinput"><code>createuser joe</code></strong>
177 To create a user <code class="literal">joe</code> on the default database
178 server with prompting for some additional attributes:
179 </p><pre class="screen">
180 <code class="prompt">$ </code><strong class="userinput"><code>createuser --interactive joe</code></strong>
181 <code class="computeroutput">Shall the new role be a superuser? (y/n) </code><strong class="userinput"><code>n</code></strong>
182 <code class="computeroutput">Shall the new role be allowed to create databases? (y/n) </code><strong class="userinput"><code>n</code></strong>
183 <code class="computeroutput">Shall the new role be allowed to create more new roles? (y/n) </code><strong class="userinput"><code>n</code></strong>
186 To create the same user <code class="literal">joe</code> using the
187 server on host <code class="literal">eden</code>, port 5000, with attributes explicitly specified,
188 taking a look at the underlying command:
189 </p><pre class="screen">
190 <code class="prompt">$ </code><strong class="userinput"><code>createuser -h eden -p 5000 -S -D -R -e joe</code></strong>
191 <code class="computeroutput">CREATE ROLE joe NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;</code>
194 To create the user <code class="literal">joe</code> as a superuser,
195 and assign a password immediately:
196 </p><pre class="screen">
197 <code class="prompt">$ </code><strong class="userinput"><code>createuser -P -s -e joe</code></strong>
198 <code class="computeroutput">Enter password for new role: </code><strong class="userinput"><code>xyzzy</code></strong>
199 <code class="computeroutput">Enter it again: </code><strong class="userinput"><code>xyzzy</code></strong>
200 <code class="computeroutput">CREATE ROLE joe PASSWORD 'md5b5f5ba1a423792b526f799ae4eb3d59e' SUPERUSER CREATEDB CREATEROLE INHERIT LOGIN;</code>
202 In the above example, the new password isn't actually echoed when typed,
203 but we show what was typed for clarity. As you see, the password is
204 encrypted before it is sent to the client.
205 </p></div><div class="refsect1" id="id-1.9.4.5.10"><h2>See Also</h2><span class="simplelist"><a class="xref" href="app-dropuser.html" title="dropuser"><span class="refentrytitle"><span class="application">dropuser</span></span></a>, <a class="xref" href="sql-createrole.html" title="CREATE ROLE"><span class="refentrytitle">CREATE ROLE</span></a>, <a class="xref" href="runtime-config-client.html#GUC-CREATEROLE-SELF-GRANT">createrole_self_grant</a></span></div></div><div class="navfooter"><hr /><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="app-createdb.html" title="createdb">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="reference-client.html" title="PostgreSQL Client Applications">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="app-dropdb.html" title="dropdb">Next</a></td></tr><tr><td width="40%" align="left" valign="top"><span class="application">createdb</span> </td><td width="20%" align="center"><a accesskey="h" href="index.html" title="PostgreSQL 18.0 Documentation">Home</a></td><td width="40%" align="right" valign="top"> <span class="application">dropdb</span></td></tr></table></div></body></html>
begriffs.com / projects / ai-pg / blob