ALTER ROLE
¶
Alter an existing database user or role.
Table of contents
Synopsis¶
ALTER ROLE name
SET ( parameter = value [, ...] )
Description¶
ALTER ROLE
applies a change to an existing database user or role. Only
existing superusers or the user itself have the privilege to alter an existing
database user.
Arguments¶
name
¶
The name by which the user or role is identified inside the database.
SET
¶
Changes a user parameter to a different value. The following parameter
are supported to alter an existing user account:
- password:
The password as cleartext entered as string literal.
NULL
removes the password from the user.
Caution
Passwords cannot be set for the crate
superuser.
For security reasons it is recommended to authenticate as crate
using a
client certificate.
- jwt:
JWT properties map (
iss
,username
andaud
) entered as a string literal. e.g.:ALTER USER john WITH (jwt = {"iss" = 'new_issuer', "username" = 'john.smith', "aud" = 'new_aud'})
New JWT properties must not coincide with JWT properties of another user.
NULL
removes the JWT properties from the user.
Note
jwt = {...}
overrides existing jwt properties. If an optional property
is not provided, an existing value will be discarded.
Note
Passwords and JWT properties can be changed only for existing database users, but not to roles.