ALTER ROLE

ALTER ROLE alters the attributes of an existing role.

WARNING! Role-based access control (RBAC) is under development (#11579). Currently, no role attributes or privileges are considered when executing CREATE ROLE statements, but these attributes are saved and will be considered in a future release.

Syntax

ALTER ROLE role_name WITH INHERIT CREATEROLE NOCREATEROLE CREATEDB NOCREATEDB CREATECLUSTER NOCREATECLUSTER
Field Use
role_name A name for the role.
INHERIT Grants the role the ability to inheritance of privileges of other roles.
CREATEROLE Grants the role the ability to create, alter, and delete roles.
NOCREATEROLE Denies the role the ability to create, alter, and delete roles.
CREATEDB Grants the role the ability to create databases.
NOCREATEDB Denies the role the ability to create databases.
CREATECLUSTER Grants the role the ability to create clusters.
NOCREATECLUSTER Denies the role the ability to create clusters.

Details

Unlike PostgreSQL, materialize derives the LOGIN and SUPERUSER attributes for a role during authentication, every time that role tries to connect to Materialize. Therefore, you cannot specify either attribute when creating a new role. Additionally, we do not support CREATE USER because it implies a LOGIN attribute for the role.

Unlike PostgreSQL, materialize does not currently support NOINHERIT.

You may not specify redundant or conflicting sets of options. For example, Materialize will reject the statement CREATE ROLE ... CREATEDB NOCREATEDB because the CREATEDB and NOCREATEDB options conflict.

Examples

ALTER ROLE rj CREATEDB NOCREATECLUSTER;
SELECT name, create_db, create_cluster FROM mz_roles WHERE name = 'rj';
rj  true  false
Back to top ↑