ALTER ROLE
¶
Alter an existing database user or role.
Table of contents
Synopsis¶
ALTER ROLE name
SET ( parameter = value [, ...] )
| RESET [parameter | ALL]
Description¶
ALTER ROLE SET
applies a change to an existing database user or role.
Superusers and users with AL
privileges can modify other roles. Every role
has permission to modify themselves.
ALTER ROLE RESET
resets modifiable
session settings to their default value.
Arguments¶
name
¶
The name by which the user or role is identified inside the database.
SET
¶
Changes a user parameter to a different value. The following parameter
are supported to alter an existing user account:
- password:
The password as cleartext entered as string literal.
NULL
removes the password from the user.
Caution
Passwords cannot be set for the crate
superuser.
For security reasons it is recommended to authenticate as crate
using a
client certificate.
- jwt:
JWT properties map (
iss
,username
andaud
) entered as a string literal. e.g.:ALTER USER john WITH (jwt = {"iss" = 'new_issuer', "username" = 'john.smith', "aud" = 'new_aud'})
New JWT properties must not coincide with JWT properties of another user.
NULL
removes the JWT properties from the user.
Note
jwt = {...}
overrides existing jwt properties. If an optional property
is not provided, an existing value will be discarded.
Note
Passwords and JWT properties can be changed only for existing database users, but not to roles.
- session settings:
Any of the modifiable session settings. The value set is used for the user when logins to the database, instead of the default value, thus, there is no need to use
SET
statements to modify the setting value on its user session.
Note
The session settings can only be set to a user and not on a role and are therefore are not inherited to other users.
Changes to session settings are only applied to new sessions opened by the user.
RESET
¶
Resets modifiable session settings to their default value.
- parameter:
Any of the modifiable session settings.
- ALL:
Resets all the modifiable session settings of the user to their default values.