ALTER ROLE
ALTER ROLE
alters the attributes of an existing role.
WARNING! Role-based access control (RBAC) is under development (#11579).
Currently, no role attributes or privileges are considered when executing
CREATE ROLE
statements, but these attributes are saved and will be considered
in a future release.
Syntax
Field | Use |
---|---|
role_name | A name for the role. |
INHERIT | Grants the role the ability to inheritance of privileges of other roles. |
CREATEROLE | Grants the role the ability to create, alter, and delete roles. |
NOCREATEROLE | Denies the role the ability to create, alter, and delete roles. |
CREATEDB | Grants the role the ability to create databases. |
NOCREATEDB | Denies the role the ability to create databases. |
CREATECLUSTER | Grants the role the ability to create clusters. |
NOCREATECLUSTER | Denies the role the ability to create clusters. |
Details
Unlike PostgreSQL, materialize derives the LOGIN
and SUPERUSER
attributes for a role during authentication, every time that role tries
to connect to Materialize. Therefore, you cannot specify either
attribute when creating a new role. Additionally, we do not support
CREATE USER
because it implies a LOGIN
attribute for the role.
Unlike PostgreSQL, materialize does not currently support NOINHERIT
.
You may not specify redundant or conflicting sets of options. For example,
Materialize will reject the statement CREATE ROLE ... CREATEDB NOCREATEDB
because
the CREATEDB
and NOCREATEDB
options conflict.
Examples
ALTER ROLE rj CREATEDB NOCREATECLUSTER;
SELECT name, create_db, create_cluster FROM mz_roles WHERE name = 'rj';
rj true false