Create Database User (Data Management)

Summary

Creates a database user with privileges sufficient to create data in the database.

Usage

  • This tool can be used only with Oracle, Microsoft SQL Server, PostgreSQL, or SAP HANA. This tool is not supported with cloud databases such as Amazon Relational Database Services (RDS), Microsoft Azure SQL Database, or Azure Database for PostgreSQL.

  • For Oracle and SQL Server, if an operating system login already exists, the Create Database User tool can add that login as a user to the specified database.

  • You cannot create a database user for a Windows group.

  • This tool creates shared log file tables for the user when run on a geodatabase in Oracle.

  • Users created in the database have the following privileges granted to them:

    DBMSPrivileges

    Oracle

    CREATE PROCEDURE

    CREATE SESSION

    CREATE SEQUENCE

    CREATE TABLE

    CREATE TRIGGER

    CREATE VIEW

    SELECT ON DBA_ROLES

    PostgreSQL

    CONNECT

    TEMPORARY

    USAGE on the sde schema if the user is created in a geodatabase or a database that has the ST_Geometry type installed

    SELECT, INSERT, UPDATE, and DELETE on the geometry_columns and geography_columns views and SELECT on the spatial_ref_sys view if PostGIS is installed in the database

    SQL Server

    CREATE TABLE

    CREATE PROCEDURE

    CREATE VIEW

    SAP HANA

    The tool creates an SAP HANA standard user.

  • If the login does not exist in the SQL Server instance or PostgreSQL database cluster, the Create Database User tool adds the login, creates a user in the database specified for the Input Database Connection, and creates a schema for the user in the database. The specified database is set as the user's default database in SQL Server.

  • If the login already exists in the SQL Server instance, the Create Database User tool adds the user to the database specified for the Input Database Connection and creates a matching schema. The user's default database is not changed in SQL Server.

  • If the login already exists in the PostgreSQL database cluster, the Create Database User tool creates a matching schema in the database specified for the Input Database Connection.

  • You cannot create a user named sde with this tool. The sde user is a geodatabase administrator user and requires more privileges than the Create Database User tool grants.

  • You cannot use delimiters, such as double quotation marks, when specifying a user name. The user name can only contain characters supported by the underlying database management system when provided without delimiters.

Syntax

CreateDatabaseUser(input_database, {user_authentication_type}, user_name, {user_password}, {role}, {tablespace_name})
ParameterExplanationData Type
input_database

Specify the connection file to an enterprise geodatabase in Oracle, PostgreSQL, or SQL Server. Be sure the connection is made as a database administrator user. When connecting to Oracle, you must connect as the sys user.

Workspace
user_authentication_type
(Optional)

Specify the authentication type for the user. If you specify OPERATING_SYSTEM_USER, an operating system login must already exist for the user you want to create. Operating system users are only supported for SQL Server and Oracle databases.

  • DATABASE_USERCreate a database-authenticated user. This is the default. If your database management system is not configured to allow database authentication, do not use this option.
  • OPERATING_SYSTEM_USERCreate an operating system-authenticated user. The corresponding login must already exist. If your database management system is not configured to allow operating system authentication, do not use this option.
Boolean
user_name

Type a name for the new database user.

If you chose to create a database user for an operating system login, the user name must match the login name.

String
user_password
(Optional)

Type a password for the new user. The password policy of the underlying database is enforced.

If you chose to create a database user for an operating system login, no input is required.

Encrypted String
role
(Optional)

If you want to add the new user to an existing database role, specify the name of the role.

String
tablespace_name
(Optional)

When creating a user in an Oracle database, type the name of the tablespace to be used as the default tablespace for the user. You can specify a preconfigured tablespace, or, if the tablespace does not already exist, it will be created in the Oracle default storage location with its size set to 400 MB. If no tablespace is specified, the user's default tablespace will be set to the Oracle default tablespace.

String

Derived Output

NameExplanationData Type
out_result

Whether the tool completed successfully.

Boolean

Code sample

CreateDatabaseUser example 1 (Python window)

Sample script uses a predefined database connection file (oracledb1.sde) to create a database user in Oracle, and creates a default tablespace (sdetbs) for the user.

import arcpy
arcpy.CreateDatabaseUser_management("C:/myconnections/oracledb1.sde", 
                                    "DATABASE_USER", "map", "Pam987", "sdetbs")
CreateDatabaseUser example 2 (Python window)

Sample script creates an input workspace (pgconn.sde) in a folder named connections, and creates a database login role and schema in PostgreSQL.

import arcpy
arcpy.CreateDatabaseConnection_management("C:/connections", "pgconn.sde", 
                                          "POSTGRESQL", myserver, mypgdb, 
                                          "DATABASE_AUTH", "ela", "3L@pwd", 
                                          "SAVE_USERNAME")
arcpy.CreateDatabaseUser_management("C:/connections/pgconn.sde", 
                                    "DATABASE_USER", "dataowner", "N0look")
CreateDatabaseUser example 3 (Python window)

Sample script creates a database user mapped to an existing operating system login (mynet\vorhoos) in SQL Server and uses a predefined database connection file (connection_ssi.sde).

import arcpy
arcpy.CreateDatabaseUser_management("C:/gdbconnections/connection_ssi.sde", 
                                    "OPERATING_SYSTEM_USER", "mynet\\vorhoos")
CreateDatabaseUser example 4 (stand-alone script)

The following stand-alone script allows you to provide information specific to your site using options to create a database user.

"""
Name: create_database_user.py
Description: Provide connection information to a database user.
Type create_database_user.py -h or create_database_user.py --help for usage
"""

# Import system modules
import arcpy
import os
import optparse
import sys


# Define usage and version
parser = optparse.OptionParser(usage = "usage: %prog [Options]", version="%prog 1.0 for 10.1 release")

#Define help and options
parser.add_option ("--DBMS", dest="Database_type", type="choice", choices=['SQLSERVER', 'ORACLE', 'POSTGRESQL', ''], default="", help="Type of enterprise DBMS:  SQLSERVER, ORACLE, or POSTGRESQL.")                   
parser.add_option ("-i", dest="Instance", type="string", default="", help="DBMS instance name")
parser.add_option ("-D", dest="Database", type="string", default="none", help="Database name:  Not required for Oracle")
parser.add_option ("--auth", dest="Account_authentication", type ="choice", choices=['DATABASE_AUTH', 'OPERATING_SYSTEM_AUTH'], default='DATABASE_AUTH', help="Authentication type options (case-sensitive):  DATABASE_AUTH, OPERATING_SYSTEM_AUTH.  Default=DATABASE_AUTH")
parser.add_option ("-U", dest="Dbms_admin", type="string", default="", help="DBMS administrator user")
parser.add_option ("-P", dest="Dbms_admin_pwd", type="string", default="", help="DBMS administrator password")
parser.add_option ("--utype", dest="user_type", type ="choice", choices=['DATABASE_USER', 'OPERATING_SYSTEM_USER'], default='DATABASE_USER', help="Authentication type options (case-sensitive):  DATABASE_USER, OPERATING_SYSTEM_USER.  Default=DATABASE_USER")
parser.add_option ("-u", dest="dbuser", type="string", default="", help="database user name")
parser.add_option ("-p", dest="dbuser_pwd", type="string", default="", help="database user password")
parser.add_option ("-r", dest="role", type="string", default="", help="role to be granted to the user")
parser.add_option ("-t", dest="Tablespace", type="string", default="", help="Tablespace name")
# Check if value entered for option
try:
	(options, args) = parser.parse_args()

	#Check if no system arguments (options) entered
	if len(sys.argv) == 1:
		print "%s: error: %s\n" % (sys.argv[0], "No command options given")
		parser.print_help()
		sys.exit(3)

	#Usage parameters for spatial database connection
	database_type = options.Database_type.upper()
	instance = options.Instance
	database = options.Database.lower()	
	account_authentication = options.Account_authentication.upper()
	dbms_admin = options.Dbms_admin
	dbms_admin_pwd = options.Dbms_admin_pwd
	dbuser = options.dbuser
	dbuser_pwd = options.dbuser_pwd	
	tablespace = options.Tablespace
	user_type = options.user_type
	role = options.role

	
	if (database_type == "SQLSERVER"):
		database_type = "SQL_SERVER"
	
	if( database_type ==""):	
		print(" \n%s: error: \n%s\n" % (sys.argv[0], "DBMS type (--DBMS) must be specified."))
		parser.print_help()
		sys.exit(3)		
	
	if(database_type == "SQL_SERVER"):
		if( account_authentication == "DATABASE_AUTH" and dbms_admin == ""):
			print("\n%s: error: %s\n" % (sys.argv[0], "DBMS administrator must be specified with database authentication"))
			sys.exit(3)
		if( account_authentication == "OPERATING_SYSTEM_AUTH" and dbms_admin != ""):
			print("\nWarning: %s\n" % ("Ignoring DBMS administrator specified when using operating system authentication..."))
	else:		
		if( dbuser.lower() == ""):
			print("\n%s: error: %s\n" % (sys.argv[0], "Database user must be specified."))
			sys.exit(3)		
		if( dbms_admin == ""):
			print("\n%s: error: %s\n" % (sys.argv[0], "DBMS administrator must be specified!"))
			sys.exit(3)

	if ( user_type == "DATABASE_USER" and (dbuser =="" or dbuser_pwd =="")):
		print(" \n%s: error: \n%s\n" % (sys.argv[0], "To create database authenticated user, user name and password must be specified!"))
		parser.print_help()
		sys.exit(3)	

	# Get the current product license
	product_license=arcpy.ProductInfo()
	
	# Checks required license level
	if product_license.upper() == "ARCVIEW" or product_license.upper() == 'ENGINE':
		print("\n" + product_license + " license found!" + "  Creating a user in an enterprise geodatabase or database requires an ArcGIS Desktop Standard or Advanced, ArcGIS Engine with the Geodatabase Update extension, or ArcGIS Server license.")
		sys.exit("Re-authorize ArcGIS before creating a database user.")
	else:
		print("\n" + product_license + " license available!  Continuing to create...")
		arcpy.AddMessage("+++++++++")

	# Local variables
	instance_temp = instance.replace("\\","_")
	instance_temp = instance_temp.replace("/","_")
	instance_temp = instance_temp.replace(":","_")
	Conn_File_NameT = instance_temp + "_" + database + "_" + dbms_admin   

	if os.environ.get("TEMP") == None:
		temp = "c:\\temp"	
	else:
		temp = os.environ.get("TEMP")
	
	if os.environ.get("TMP") == None:
		temp = "/usr/tmp"		
	else:
		temp = os.environ.get("TMP")  

	Connection_File_Name = Conn_File_NameT + ".sde"
	Connection_File_Name_full_path = temp + os.sep + Conn_File_NameT + ".sde"
	
	# Check for the .sde file and delete it if present
	arcpy.env.overwriteOutput=True
	if os.path.exists(Connection_File_Name_full_path):
		os.remove(Connection_File_Name_full_path)

	try:
		print("\nCreating Database Connection File...\n")
		# Process: Create Database Connection File...
		# Usage:  out_file_location, out_file_name, DBMS_TYPE, instnace, database, account_authentication, username, password, save_username_password(must be true)
		#arcpy.CreateDatabaseConnection_management(temp , Connection_File_Name, database_type, instance, database, account_authentication, dbms_admin, dbms_admin_pwd, "TRUE")
		arcpy.CreateDatabaseConnection_management(out_folder_path=temp, out_name=Connection_File_Name, database_platform=database_type, instance=instance, database=database, account_authentication=account_authentication, username=dbms_admin, password=dbms_admin_pwd, save_user_pass="TRUE")
	        for i in range(arcpy.GetMessageCount()):
			if "000565" in arcpy.GetMessage(i):   #Check if database connection was successful
				arcpy.AddReturnMessage(i)
				arcpy.AddMessage("\n+++++++++")
				arcpy.AddMessage("Exiting!!")
				arcpy.AddMessage("+++++++++\n")
				sys.exit(3)            
			else:
				arcpy.AddReturnMessage(i)
				arcpy.AddMessage("+++++++++\n")

		print("Creating database user...\n")
		arcpy.CreateDatabaseUser_management(input_workspace=Connection_File_Name_full_path, user_authentication_type=user_type, user_name=dbuser, user_password=dbuser_pwd, role=role, tablespace_name=tablespace)
		for i in range(arcpy.GetMessageCount()):
			arcpy.AddReturnMessage(i)
		arcpy.AddMessage("+++++++++\n")
	except:
		for i in range(arcpy.GetMessageCount()):
			arcpy.AddReturnMessage(i)
			
#Check if no value entered for option	
except SystemExit as e:
	if e.code == 2:
		parser.usage = ""
		print("\n")
		parser.print_help()   
		parser.exit(2)

Environments

Licensing information

  • Basic: No
  • Standard: Yes
  • Advanced: Yes

Related topics