ALTER ROLE

Function

ALTER ROLE changes the attributes of a role.

Important Notes

None

Syntax

Modifying the Rights of a Role

1	ALTER ROLE role_name [ [ WITH ] option [ ... ] ];

The option clause for granting rights is as follows:

{CREATEDB | NOCREATEDB}
    | {CREATEROLE | NOCREATEROLE}
    | {INHERIT | NOINHERIT}
    | {AUDITADMIN | NOAUDITADMIN}
    | {SYSADMIN | NOSYSADMIN}
    | {USEFT | NOUSEFT}
    | {LOGIN | NOLOGIN}
    | {REPLICATION | NOREPLICATION}
    | {INDEPENDENT | NOINDEPENDENT}
    | {VCADMIN | NOVCADMIN}
    | CONNECTION LIMIT connlimit
    | [ ENCRYPTED | UNENCRYPTED ] PASSWORD 'password'
    | [ ENCRYPTED | UNENCRYPTED ] IDENTIFIED BY 'password' [ REPLACE 'old_password' ]
    | [ ENCRYPTED | UNENCRYPTED ] PASSWORD { 'password' | DISABLE }
    | [ ENCRYPTED | UNENCRYPTED ] IDENTIFIED BY { 'password' [ REPLACE 'old_password' ] | DISABLE }
    | VALID BEGIN 'timestamp'
    | VALID UNTIL 'timestamp'
    | RESOURCE POOL 'respool'
    | USER GROUP 'groupuser'
    | PERM SPACE 'spacelimit'
    | NODE GROUP logic_cluster_name
    | ACCOUNT { LOCK | UNLOCK }
    | PGUSER
    | AUTHINFO 'authinfo'
    | PASSWORD EXPIRATOIN period

Rename a role.

1 2	ALTER ROLE role_name RENAME TO new_name;

Set parameters for a role.

1 2	ALTER ROLE role_name [ IN DATABASE database_name ] SET configuration_parameter {{ TO \| = } { value \| DEFAULT } \| FROM CURRENT};

Reset parameters for a role.

1 2	ALTER ROLE role_name [ IN DATABASE database_name ] RESET {configuration_parameter\|ALL};

Parameters

role_name
Indicates a role name.

Value range: an existing user name
IN DATABASE database_name
Modifies the parameters of a role on a specified database.
SET configuration_parameter
Sets parameters for a role. The session parameters modified using the ALTER ROLE command is only for a specific role and is valid in the next session triggered by the role.

Valid value:

Values of configuration_parameter and value are listed in SET.

DEFAULT clears the value of configuration_parameter. The value of the configuration_parameter parameter will inherit the default value of the new session generated for the role.

FROM CURRENT uses the value of configuration_parameter of the current session.
RESET configuration_parameter/ALL
The effect of clearing the configuration_parameter value is the same as setting it to DEFAULT.

Value range: ALL indicates that all parameter values are cleared.
ACCOUNT LOCK | ACCOUNT UNLOCK
- ACCOUNT LOCK: locks an account to forbid login to databases.
- ACCOUNT UNLOCK: unlocks an account to allow login to databases.
PGUSER
PGUSER of a role cannot be modified in the current version.

For details about other parameters, see Parameter Description in CREATE ROLE.

Example

Change the password of role manager.

1	ALTER ROLE manager IDENTIFIED BY '{password}' REPLACE '{old_password}';

Alter role manager to a system administrator.

1	ALTER ROLE manager SYSADMIN;

Modify the fulluser information of the LDAP authentication role.

1	ALTER ROLE role2 WITH LOGIN AUTHINFO 'ldapcn=role2,cn=user2,dc=func,dc=com' PASSWORD DISABLE;

Change the validity period of the login password of the role to 90 days.

1	ALTER ROLE role3 PASSWORD EXPIRATION 90;

Links

CREATE ROLE, DROP ROLE

Parent topic: DDL Syntax

Previous topic: ALTER RESOURCE POOL

Next topic: ALTER ROW LEVEL SECURITY POLICY

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot