Updated on 2024-06-03 GMT+08:00

ALTER USER

Description

ALTER USER modifies the attributes of a database user.

Precautions

Session parameters modified by ALTER USER apply to a specified user and take effect in the next session.

Syntax

  • Modify user permissions or other information.
    ALTER USER user_name [ [ WITH ] option [ ... ] ];
    ALTER USER user_name
        RENAME TO new_name;
    ALTER USER user_name [ IN DATABASE database_name ]
        SET configuration_parameter {{ TO | = } { value | DEFAULT }|FROM CURRENT};
    ALTER USER user_name
        [ IN DATABASE database_name ] RESET {configuration_parameter|ALL};

    The option clause is as follows:

    { CREATEDB | NOCREATEDB }
        | { CREATEROLE | NOCREATEROLE }
        | { INHERIT | NOINHERIT }
        | { AUDITADMIN | NOAUDITADMIN }
        | { SYSADMIN | NOSYSADMIN }
        | {MONADMIN | NOMONADMIN}
        | {OPRADMIN | NOOPRADMIN}
        | {POLADMIN | NOPOLADMIN}
        | { USEFT | NOUSEFT }
        | { LOGIN | NOLOGIN }
        | { REPLICATION | NOREPLICATION }
        | {PERSISTENCE | NOPERSISTENCE}
        | CONNECTION LIMIT connlimit
        | [ ENCRYPTED | UNENCRYPTED ] PASSWORD { 'password' [EXPIRED] | DISABLE | EXPIRED }
        | [ ENCRYPTED | UNENCRYPTED ] IDENTIFIED BY { 'password' [ REPLACE 'old_password' | EXPIRED ] | DISABLE }
        | VALID BEGIN 'timestamp'
        | VALID UNTIL 'timestamp'
        | RESOURCE POOL 'respool'
        | USER GROUP 'groupuser'
        | PERM SPACE 'spacelimit'
        | TEMP SPACE 'tmpspacelimit'
        | SPILL SPACE 'spillspacelimit'
        | NODE GROUP logic_cluster_name
        | ACCOUNT { LOCK | UNLOCK }
        | PGUSER
  • Change the username.
    ALTER USER user_name 
        RENAME TO new_name;
  • Change the value of a specified parameter associated with the user.
    ALTER USER user_name [ IN DATABASE database_name ]
        SET configuration_parameter {{ TO | = } { value | DEFAULT }|FROM CURRENT};
  • Reset the value of a specified parameter associated with the user.
    ALTER USER user_name 
        [ IN DATABASE database_name ] RESET {configuration_parameter|ALL};

Parameters

  • user_name

    Specifies the current username.

    Value range: an existing username. If a username contains uppercase letters, enclose the name with double quotation marks ("").

  • new_password

    Specifies a new password.

    The new password must:

    • Differ from the old password.
    • Contain at least eight characters. This is the default length.
    • Differ from the username or the username spelled backward.
    • Contain at least three of the following four types of characters: uppercase characters (A to Z), lowercase characters (a to z), digits (0 to 9), and special characters, including: ~!@#$%^&*()-_=+\|[{}];:,<.>/? If the password contains characters other than the preceding characters, an error will be reported during statement execution.
    • Be enclosed by single quotation marks.

    Value range: a string

  • old_password

    Specifies the old password.

  • ACCOUNT { LOCK | UNLOCK }
    • ACCOUNT LOCK: locks an account to forbid login to databases.
    • ACCOUNT UNLOCK: unlocks an account to allow login to databases.
  • PGUSER

    In the current version, the PGUSER attribute of a user cannot be modified.

For details about other parameters, see "Parameters" in CREATE ROLE and ALTER ROLE.

Examples

-- Create user jim whose login password is ********.
gaussdb=# CREATE USER jim PASSWORD '********';

-- Change the login password of user jim.
gaussdb=# ALTER USER jim IDENTIFIED BY '**********' REPLACE '********';

-- Set enable_seqscan to on. (The setting will take effect in the next session.)
gaussdb=# ALTER USER jim SET enable_seqscan TO on;

-- Reset the enable_seqscan parameter for jim.
gaussdb=# ALTER USER jim RESET enable_seqscan;

-- Lock jim.
gaussdb=# ALTER USER jim ACCOUNT LOCK;

-- Unlock jim.
gaussdb=# ALTER USER jim ACCOUNT UNLOCK;

-- Change the username.
gaussdb=# ALTER USER jim RENAME TO lisa;

-- Delete the user.
gaussdb=# DROP USER lisa CASCADE;

Helpful Links

CREATE ROLE, CREATE USER, and DROP USER