ALTER ROLE
ALTER ROLE alters the attributes of an existing role.
WARNING! Role-based access control (RBAC) is under development (#11579).
Currently, no role attributes or privileges are considered when executing
CREATE ROLE statements, but these attributes are saved and will be considered
in a future release.
Syntax
| Field | Use |
|---|---|
| role_name | A name for the role. |
| INHERIT | Grants the role the ability to inheritance of privileges of other roles. |
| CREATEROLE | Grants the role the ability to create, alter, and delete roles. |
| NOCREATEROLE | Denies the role the ability to create, alter, and delete roles. |
| CREATEDB | Grants the role the ability to create databases. |
| NOCREATEDB | Denies the role the ability to create databases. |
| CREATECLUSTER | Grants the role the ability to create clusters. |
| NOCREATECLUSTER | Denies the role the ability to create clusters. |
Details
Unlike PostgreSQL, materialize derives the LOGIN and SUPERUSER
attributes for a role during authentication, every time that role tries
to connect to Materialize. Therefore, you cannot specify either
attribute when creating a new role. Additionally, we do not support
CREATE USER because it implies a LOGIN attribute for the role.
Unlike PostgreSQL, materialize does not currently support NOINHERIT.
You may not specify redundant or conflicting sets of options. For example,
Materialize will reject the statement CREATE ROLE ... CREATEDB NOCREATEDB because
the CREATEDB and NOCREATEDB options conflict.
Examples
ALTER ROLE rj CREATEDB NOCREATECLUSTER;
SELECT name, create_db, create_cluster FROM mz_roles WHERE name = 'rj';
rj true false