Creating database users

To create a database user, log in to the Netezza Performance Server database by using an account that has Create User administrative privilege. For a new Netezza Performance Server system, you would most likely log in as admin and connect to the system database to create users. For example, the following command adds a user to a system that uses local authentication:
SYSTEM.ADMIN(ADMIN)=> CREATE USER dlee WITH PASSWORD 'jw8s0F4';
CREATE USER

If you are using LDAP or Kerberos authentication, you do not have to specify a password for the account. The CREATE USER command has a number of options that you can use to specify timeout options, account expirations, rowset limits (the maximum number of rows a query can return), and priority for the user session and queries. The resulting user account is owned by the user who created the account.

When you create users and groups, you can also specify session access time limits. The access time limits specify when users can start database sessions. User might be permitted to start sessions at any time on any day, or they might be given restricted access to certain days or certain hours of the day. If a user attempts to start a session during a time when they do not have access, the system displays an error message that they are outside their access time limits. Also, if a user attempts to run an nz command that creates a database session, the command also returns the error if the user is not within the allowed access time window. For more information, see the access time information in the IBM® Netezza® Advanced Security Administrator's Guide.

Remember: Session settings such as access time restrictions, session timeouts, priority, rowset limits, and password expiration, can be set on a per-user, per-group, and in some cases a system-wide level. The Netezza Performance Server system checks the settings for a user first to find the values to use; if not set for the user, the system uses the most restrictive setting for any of the groups to which the user belongs; if not set for the group, the system uses the system-wide settings.