ALTER USER

Purpose

Use this statement to alter a user’s authentication details.

Prerequisites

  • If a user is authenticating with password, the user can always change their password.
  • To set a new password for other users or to define Kerberos/LDAP/OpenID authentication, you need the system privilege ALTER USER.

Syntax

alter_user::=

Alter User

Alter User

Usage notes

  • If you have the system privilege ALTER USER the REPLACE clause is optional and the old password is not verified.

  • For security reasons, the old password must be specified if a user wishes to change their own password, unless the user has the system privilege ALTER USER).

  • Passwords are treated as SQL identifiers and are governed by the same rules regarding allowed characters, case sensitivity, etc. For more information, see SQL identifier.

  • For details about the expected string values for the PASSWORD_EXPIRY_POLICY parameter, see Password expiry policy.

  • For information about Kerberos/LDAP/OpenID authentication and the rules for password creation, see CREATE USER.

Examples

Copy 
ALTER USER user_1 IDENTIFIED BY "h22_xhz" REPLACE "h12_xhz";
Copy 
-- ALTER USER privilege necessary for next commands
ALTER USER user_1 IDENTIFIED BY "h12_xhz";
Copy 
ALTER USER user_2 IDENTIFIED BY KERBEROS PRINCIPAL "<user>@<realm>";
Copy 
ALTER USER user_3 IDENTIFIED AT LDAP
AS 'cn=user_3,dc=authorization,dc=exasol,dc=com';
Copy 
ALTER USER oidctestuser IDENTIFIED BY OPENID SUBJECT 'database-user@exasol.example';