Oracle database administrators create user accounts in the Oracle instance and assign these accounts storage (tablespaces) and privileges.
The database administrator (sys user) can use Oracle tools to create users, a default tablespace for the user, and grant privileges to create database objects. Alternatively, the database administrator can use the Create Database User tool or script from an ArcGIS client to create a data owner user. Users created with this tool are granted the following privileges:
- CREATE SESSION
- CREATE SEQUENCE
- CREATE TABLE
- CREATE TRIGGER
- CREATE VIEW
- SELECT ON DBA_ROLES
Add a user who can create database objects
You can run the Create Database User tool from ArcGIS for Desktop or call the tool in a Python script to create a database user who can create tables, feature classes, views, triggers, and sequences.
You must be connected to the database as the Oracle sys user to run the Create Database User tool.
Use the Create Database User tool
- Start ArcMap or ArcCatalog.
- Connect to the database or geodatabase as the sys user.
- Open the Create Database User tool.
The tool is in the Geodatabase Administration toolset of the Data Management toolbox.
- Specify the database connection for the Input Database Connection.
- Type a name for the user and schema that the tool will create.
- Type a password for the database user.
- If you already have a group role that you want this user to be a member of, specify the role.
- Type the name of the tablespace you want to set as the user's default tablespace. If the tablespace does not already exist, the tool will create it in the Oracle default storage location. The tool creates a 400 MB tablespace.
If you do not specify a tablespace, the Oracle default tablespace is used.
- Click OK to run the tool.
Run a Python script
To script user creation, follow these steps:
- Create a text file on an ArcGIS client machine, and copy the following script into the file.
""" Name: create_database_user.py Description: Provide connection information to a database user. Type create_database_user.py -h or create_database_user.py --help for usage Author: Esri """ # Import system modules import arcpy import os import optparse import sys # Define usage and version parser = optparse.OptionParser(usage = "usage: %prog [Options]", version="%prog 1.0 for 10.1 release") #Define help and options parser.add_option ("--DBMS", dest="Database_type", type="choice", choices=['SQLSERVER', 'ORACLE', 'POSTGRESQL', ''], default="", help="Type of enterprise DBMS: SQLSERVER, ORACLE, or POSTGRESQL.") parser.add_option ("-i", dest="Instance", type="string", default="", help="DBMS instance name") parser.add_option ("-D", dest="Database", type="string", default="none", help="Database name: Not required for Oracle") parser.add_option ("--auth", dest="Account_authentication", type ="choice", choices=['DATABASE_AUTH', 'OPERATING_SYSTEM_AUTH'], default='DATABASE_AUTH', help="Authentication type options (case-sensitive): DATABASE_AUTH, OPERATING_SYSTEM_AUTH. Default=DATABASE_AUTH") parser.add_option ("-U", dest="Dbms_admin", type="string", default="", help="DBMS administrator user") parser.add_option ("-P", dest="Dbms_admin_pwd", type="string", default="", help="DBMS administrator password") parser.add_option ("--utype", dest="user_type", type ="choice", choices=['DATABASE_USER', 'OPERATING_SYSTEM_USER'], default='DATABASE_USER', help="Authentication type options (case-sensitive): DATABASE_USER, OPERATING_SYSTEM_USER. Default=DATABASE_USER") parser.add_option ("-u", dest="dbuser", type="string", default="", help="database user name") parser.add_option ("-p", dest="dbuser_pwd", type="string", default="", help="database user password") parser.add_option ("-r", dest="role", type="string", default="", help="role to be granted to the user") parser.add_option ("-t", dest="Tablespace", type="string", default="", help="Tablespace name") # Check if value entered for option try: (options, args) = parser.parse_args() #Check if no system arguments (options) entered if len(sys.argv) == 1: print "%s: error: %s\n" % (sys.argv[0], "No command options given") parser.print_help() sys.exit(3) #Usage parameters for spatial database connection database_type = options.Database_type.upper() instance = options.Instance database = options.Database.lower() account_authentication = options.Account_authentication.upper() dbms_admin = options.Dbms_admin dbms_admin_pwd = options.Dbms_admin_pwd dbuser = options.dbuser dbuser_pwd = options.dbuser_pwd tablespace = options.Tablespace user_type = options.user_type role = options.role if (database_type == "SQLSERVER"): database_type = "SQL_SERVER" if( database_type ==""): print(" \n%s: error: \n%s\n" % (sys.argv[0], "DBMS type (--DBMS) must be specified.")) parser.print_help() sys.exit(3) if(database_type == "SQL_SERVER"): if( account_authentication == "DATABASE_AUTH" and dbms_admin == ""): print("\n%s: error: %s\n" % (sys.argv[0], "DBMS administrator must be specified with database authentication")) sys.exit(3) if( account_authentication == "OPERATING_SYSTEM_AUTH" and dbms_admin != ""): print("\nWarning: %s\n" % ("Ignoring DBMS administrator specified when using operating system authentication...")) else: if( dbuser.lower() == ""): print("\n%s: error: %s\n" % (sys.argv[0], "Database user must be specified.")) sys.exit(3) if( dbms_admin == ""): print("\n%s: error: %s\n" % (sys.argv[0], "DBMS administrator must be specified!")) sys.exit(3) if ( user_type == "DATABASE_USER" and (dbuser =="" or dbuser_pwd =="")): print(" \n%s: error: \n%s\n" % (sys.argv[0], "To create database authenticated user, user name and password must be specified!")) parser.print_help() sys.exit(3) # Get the current product license product_license=arcpy.ProductInfo() # Checks required license level if product_license.upper() == "ARCVIEW" or product_license.upper() == 'ENGINE': print("\n" + product_license + " license found!" + " Creating a user in an enterprise geodatabase or database requires an ArcGIS for Desktop Standard or Advanced, ArcGIS Engine with the Geodatabase Update extension, or ArcGIS for Server license.") sys.exit("Re-authorize ArcGIS before creating a database user.") else: print("\n" + product_license + " license available! Continuing to create...") arcpy.AddMessage("+++++++++") # Local variables instance_temp = instance.replace("\\","_") instance_temp = instance_temp.replace("/","_") instance_temp = instance_temp.replace(":","_") Conn_File_NameT = instance_temp + "_" + database + "_" + dbms_admin if os.environ.get("TEMP") == None: temp = "c:\\temp" else: temp = os.environ.get("TEMP") if os.environ.get("TMP") == None: temp = "/usr/tmp" else: temp = os.environ.get("TMP") Connection_File_Name = Conn_File_NameT + ".sde" Connection_File_Name_full_path = temp + os.sep + Conn_File_NameT + ".sde" # Check for the .sde file and delete it if present arcpy.env.overwriteOutput=True if os.path.exists(Connection_File_Name_full_path): os.remove(Connection_File_Name_full_path) try: print("\nCreating Database Connection File...\n") # Process: Create Database Connection File... # Usage: out_file_location, out_file_name, DBMS_TYPE, instnace, database, account_authentication, username, password, save_username_password(must be true) #arcpy.CreateDatabaseConnection_management(temp , Connection_File_Name, database_type, instance, database, account_authentication, dbms_admin, dbms_admin_pwd, "TRUE") arcpy.CreateDatabaseConnection_management(out_folder_path=temp, out_name=Connection_File_Name, database_platform=database_type, instance=instance, database=database, account_authentication=account_authentication, username=dbms_admin, password=dbms_admin_pwd, save_user_pass="TRUE") for i in range(arcpy.GetMessageCount()): if "000565" in arcpy.GetMessage(i): #Check if database connection was successful arcpy.AddReturnMessage(i) arcpy.AddMessage("\n+++++++++") arcpy.AddMessage("Exiting!!") arcpy.AddMessage("+++++++++\n") sys.exit(3) else: arcpy.AddReturnMessage(i) arcpy.AddMessage("+++++++++\n") print("Creating database user...\n") arcpy.CreateDatabaseUser_management(input_workspace=Connection_File_Name_full_path, user_authentication_type=user_type, user_name=dbuser, user_password=dbuser_pwd, role=role, tablespace_name=tablespace) for i in range(arcpy.GetMessageCount()): arcpy.AddReturnMessage(i) arcpy.AddMessage("+++++++++\n") except: for i in range(arcpy.GetMessageCount()): arcpy.AddReturnMessage(i) #Check if no value entered for option except SystemExit as e: if e.code == 2: parser.usage = "" print("\n") parser.print_help() parser.exit(2)
You can run the script from a computer where ArcGIS for Desktop (Standard or Advanced), ArcGIS for Server (Standard or Advanced), or ArcGIS Engine with the Geodatabase Update extension is installed.
- Save the file with a .py extension.
- Run the script, providing options and information specific to your Oracle database and the user you want to create.
In the following example run from a Windows server, the script name is create_database_user.py. A database-authenticated user (geodata) is created in the database using the Oracle connection string, dbsrv/orcl. The user is not added to a role.
create_database_user.py --DBMS ORACLE -i dbsrv/orcl -U sys -P $hHhH --utype DATABASE_USER -u geodata -p 0wn1t
This is an example of running the script on a Linux machine:
./create_database_user.py --DBMS ORACLE -i dbsrv/orcl -U sys -P $hHhH --utype DATABASE_USER -u geodata -p 0wn1t
Your database now has a user that can create tables.
There are a number of ways that this user can create tables in the database or geodatabase. For information on creating tables using ArcGIS, see An overview of adding datasets to the geodatabase.
Once the datasets exist, the owner can grant SELECT privileges on the datasets to the users who need to view the data and SELECT, INSERT, UPDATE, and DELETE privileges on the datasets to users who need to edit the data. See Grant and revoke dataset privileges for instructions.
Create users with Oracle tools
If you want to create a user who has different privileges than those granted by the Create Database User tool or has no privileges granted directly to the user, you can use Oracle tools to do that. Here are some things to keep in mind when you are creating your own accounts to be used with ArcGIS:
- Geodatabases in Oracle use shared log file tables to maintain lists of selected records. These types of log file tables require that all users have privileges to create tables. If you want to create users who cannot create tables in the geodatabase, you must change your log file table settings to use pools of log file tables owned by the sde user. See Log file table options for geodatabases in Oracle for a description of log file pools. To change log file table settings, follow the instructions in Alter log file table settings.
- If you choose to use OS authentication with an Oracle database, you need to make specific settings to the user account and Oracle configuration files within the Oracle instance to use OS authentication. Consult your Oracle documentation for the specific steps necessary for your database release.
For instructions on using Oracle tools to create database users, see the Oracle documentation.