Solved: What's the connection between GRANT CONNECT and CR...

VolkerBarth · ‎2010 Nov 01

For all SA versions, one can manage user accounts and passwords with

GRANT CONNECT TO MyUser IDENTIFIED BY "MyPwd";

If the user already exists, it is used (possibly by the user herself) to change the password:

GRANT CONNECT TO MyUser IDENTIFIED BY "MyNewPwd";

Users get dropped (with all their database objects) with

REVOKE CONNECT FROM MyUser;

Starting with SA 11, one can additionally use CREATE/ALTER/DROP USER for the same purpose (and furthermore, to map a login policy and the like):

CREATE USER MyUser IDENTIFIED BY "MyPwd";
ALTER USER MyUser IDENTIFIED BY "MyNewPwd";
DROP USER MyUser;

Questions:

Are these according statements identical in their semantics (when omiting a particular login policy)?
Am I supposed to use the USER statements for newer development (i.e. when compatibiitiy with pre-V11 databases is not necessary)?

MarkCulp · ‎2010 Nov 01

The CREATE/ALTER/DROP USER statements are simply a more modern form of the GRANT CONNECT statement with the added feature that the CREATE/ALTER USER statements can define/alter login policy for the user.

There is no difference between CREATE USER and GRANT CONNECT if you are not defining a login policy for a user. You can in fact switch between these two forms without any issue.

For new development it is really your choice. I would like to say that it would be nice to deprecate the GRANT CONNECT statement (for purely an attempt to keep the language "clean") but I cannot see this happening any time soon.

What's the connection between GRANT CONNECT and CREATE USER?

Know the answer?

Need more details?

Accepted Solutions (1)

Accepted Solutions (1)

Answers (0)