Amazon Redshift is one of the trusted and most popular Data Warehouse solutions currently available in the market. It works flawlessly with SQL commands and provides a wide range of functionality ranging from storing the data to analyzing it.
Amazon Redshift Users are created by users with privileges known as Superusers and they use the command known as Redshift CREATE USER command.
This article gives a comprehensive guide on the Redshift CREATE USER command, showing its syntax, parameters, and use cases.
What is Amazon Redshift?
Redshift is a columnar database that provides OLAP (Online Analytical Processing). It is designed on PostgreSQL version 8.0.2. This means allows the users to use regular SQL queries with Redshift. It utilizes the concept of massively parallel processing that allows for Fast queries. This technology was developed by ParAccel. The MPP technology uses multiple computer processors that work in parallel to provide the necessary calculations. Even the processors located in multiple servers are used collectively to process heavy tasks. The main benefit of using AWS Redshift is the cost-benefit to your business. The cost is one-fifth (about one-twentieth) of competitors such as Teradata and Oracle.
Learn more about Amazon redshift.
Are you having trouble migrating your data into Redshift? With our no-code platform and competitive pricing, Hevo makes the process seamless and cost-effective.
- Easy Integration: Connect and migrate data into Redshift without any coding.
- Auto-Schema Mapping: Automatically map schemas to ensure smooth data transfer.
- In-Built Transformations: Transform your data on the fly with Hevo’s powerful transformation capabilities.
- 150+ Data Sources: Access data from over 150 sources, including 60+ free sources.
You can see it for yourselves by looking at our 2000+ happy customers, such as Meesho, Cure.Fit, and Pelago.
Get Started with Hevo for Free
Redshift CREATE USER command
Redshift Create user command is used to create a new user account for the database. Only a superuser has the privilege to run this command and create a new user.
Syntax
CREATE USER name [ WITH ]
PASSWORD { 'plain text' | 'md5hash' | 'sha256hash' | DISABLE }
[ option [ ... ] ]
Basic Parameters
NAME: this parameter defines the name of the user that is created using the Redshift Create user command for the database.
PASSWORD: set the user Password in the Redshift Create User Command and store in secure password manager. the default settings ensure the user can change their password, but it can be disabled.
- the DISABLE is used to disable the option to restrict the user from changing his password. The password is deleted from the system When a user’s password is disabled. The user can log on only using temporary AWS Identity and Access Management (IAM) user credentials. The authority to enable or disable passwords is with the superuser. You can’t disable a superuser’s password.
- If the password is plain text, it needs to meet certain criteria:
- the length of the password must be 8 to 64 characters in length.
- The password must include at least one numeric value, one lowercase alphabet, and one uppercase alphabet.
- All the ASCII characters with codes ranging from 33-126 exception being single quote (‘), double quote (“),,/ or @.
- The password of Redshift Create User can also be an MD5 hast of strings which is much better than plain text. The process to use MD5 as the password:
- Concatenate Username and password. For example, if the user name is USER1 and the Password is EZ, the concatenated string will follow the structure of PASSWORD+USERNAME, this results in ezuser1.
- The concatenated string then needs to be converted into an MD5, 32-character hash string. there are many options that can be used to create a string to MD5, the following example uses Amazon’s MD5 function present in Redshift. The concatenation function (||) is also used to return a 32-character string.
select md5('ez' || 'user1');
md5
--------------------------------
153c434b4b77c89e6b94f12c5393af5b
- continue…
- By adding ‘md5’ and concatenating it to the front of MD5 sting in the previous step and passing the Concatenated string as md5hash argument
create user user1 password 'md5153c434b4b77c89e6b94f12c5393af5b';
- continue…
- Log in to the Amazon account using the generated hash password.
- SHA-256 hash is also a secure option that can be used instead of a plain text password. SHA-256 consists of two parts, SALT and DIGEST.
- valid SHA-256 digest and 256-bit salt that was used to create the digest will be used to create a valid SHA-256 Hash Password.
- The Digest is the output of a hashing function.
- Salt is Randomly generated data that is combined with the password to help reduce patterns in the hashing function output.
- the syntax for SHA-256:
'sha256|Mypassword'
or
'sha256|digest|256-bit-salt'
- examples for SHA-256 passwords
- In this example, the amazon redshift self manages SALT and DIGEST aspects.
CREATE USER admin PASSWORD 'sha256|Mypassword1';
- example
- In this example, valid SALT and DIGEST were used to generate password
CREATE USER admin PASSWORD 'sha256|fe95f2bc7c4a111b6f0f7d0b60bfedd1935fb295f8dce1d62708ab8d2f564baf|c721bff5d9042cf541ff7b9d48fa8a6e545c19a763e3710151f9513038b0f6c6';
NOTE: If you set a password in plain text without specifying the hashing function, then an MD5 digest is generated using the username as the salt.
Integrate MongoDB to Redshift
Integrate MS SQL Server to Redshift
Integrate HubSpot to Redshift
Options
there are multiple parameters or options that can be used in Redshift CREATE USER.
Parameter | Description |
CREATEDB | NOCREATEDB | This parameter gives privileges to a new user to create databases. by default it is NOCREATEDB hence for providing permission it needs to be mentioned initially. |
CREATEUSER | NOCREATEUSER | The CREATEUSER option can be used to create a superuser that has all the database privileges, including Redshift CREATE USER. The default is NOCREATEUSER. |
SYSLOG ACCESS { RESTRICTED | UNRESTRICTED } | It states the level of access a user has on Amazon Tables. RESTRICTED: Only the rows in the user-visible table can be seen by the user. UNRESTRICTED: all the rows including the rows generated by other users can be seen in user-visible system tables and views. UNRESTRICTED doesn’t give a regular user access to superuser-visible tables. Only superusers can see superuser-visible tables. |
IN GROUP groupname | This parameter defines the name of the group that the user will belong to. multiple groups can be listed at once. |
VALID UNTIL abstime | This parameter defines the maximum time password will stay valid after creation. by default, there is no time limit. |
CONNECTION LIMIT { limit | UNLIMITED } | This parameter defines the maximum number of database connections that can be opened concurrently. Superusers have UNLIMITED database connections. |
SESSION TIMEOUT limit | This parameter defines the maximum th=ime the session stays active. The minimum time for the session is 60sec (1 min) to 1,728,000 seconds (20 days). the default is decided by the cluster. |
Examples
Redshift CREATE USER Creates a user with the name hevo, with the password “abcD1234”, database creation privileges, and a connection limit of 30.
CREATE USER hevo with password 'abcD1234' createdb connection limit 30;
when the PG_USER_INFO catalog table is queried, it views the details of all the database users.
select * from pg_user_info;
usename | usesysid | usecreatedb | usesuper | usecatupd | passwd |
----------+----------+-------------+----------+-----------+----------+
rdsdb | 1 | true | true | true | ******** |
adminuser| 100 | true | true | false | ******** |
hevo | 102 | true | false | false | ******** |
valuntil | useconfig | useconnlimit
---------+-----------+-------------
infinity | |
| | UNLIMITED
| | 30
the account password is valid until DEC 10, 2022.
CREATE USER hevo with password 'abcD1234' valid until '2022-12-10';
Redshift CREATE USER creates a user with username hevo with a case-sensitive password that contains special characters.
CREATE USER hevo with password '@AbC4321!';
To use a backslash (”) in your MD5 password in the Redshift CREATE USER command, escape the backslash with a backslash in your source string. The following example creates a user named hevo with a single backslash ( ”) as the password.
select md5(''||'slashpass');
md5
--------------------------------
0c983d1a624280812631c5389e60d48c
CREATE USER hevo password 'md50c983d1a624280812631c5389e60d48c';
Redshift CREATE USER command creates a user named hevo with session timeout set to 120 seconds.
CREATE USER hevo password 'abcD1234' SESSION TIMEOUT 120;
Learn More About:
Load your Data from any Source to Redshift in minutes
No credit card required
Conclusion
Redshift CREATE USER command offers a wide range of options that can allow providing privileges to a new user that has been added to the database.
Redshift is a trusted data warehouse that a lot of companies use and store data as it provides many benefits but transferring data into it is a hectic task. The Automated data pipeline helps in solving this issue and this is where Hevo comes into the picture. Hevo Data is a No-code Data Pipeline and has awesome 100+ pre-built Integrations that you can choose from.
Hevo can help you Integrate your data from numerous sources and load them into a destination to Analyze real-time data with a BI tool such as Tableau. It will make your life easier and data migration hassle-free. It is user-friendly, reliable, and secure.
FAQ on Redshift Create User Command
How to create the user in Redshift?
To create a user in Amazon Redshift, you typically need appropriate privileges (e.g., CREATEUSER or SUPERUSER).
Can I create a function in Redshift?
Amazon Redshift supports creating functions using SQL. These can include Scalar User-Defined Functions (UDFs), Stored Procedures, and User-Defined Aggregates (UDAs). Note that UDFs in Redshift are typically written in SQL or PL/pgSQL
Does Redshift support UDF?
Amazon Redshift supports User-Defined Functions (UDFs), but they are limited compared to traditional SQL databases like PostgreSQL due to the nature of Redshift being a massively parallel processing (MPP) data warehouse. UDFs in Redshift are mainly focused on Scalar UDFs and can be written in SQL or PL/pgSQL.
Arsalan is a research analyst at Hevo and a data science enthusiast with over two years of experience in the field. He completed his B.tech in computer science with a specialization in Artificial Intelligence and finds joy in sharing the knowledge acquired with data practitioners. His interest in data analysis and architecture drives him to write nearly a hundred articles on various topics related to the data industry.