ALTER ROLE Parameters: Fine-tuning Role Attributes and Configuration

Ordinary roles can only set defaults for themselves. Certain configuration variables cannot be set this way, or can only be set if a superuser issues the command. Only superusers can change a setting for all roles in all databases. </para> </refsect1> <refsect1 id="sql-alterrole-params"> <title>Parameters</title> <variablelist> <varlistentry id="sql-alterrole-params-name"> <term><replaceable class="parameter">name</replaceable></term> <listitem> <para> The name of the role whose attributes are to be altered. </para> </listitem> </varlistentry> <varlistentry id="sql-alterrole-params-current-role"> <term><literal>CURRENT_ROLE</literal></term> <term><literal>CURRENT_USER</literal></term> <listitem> <para> Alter the current user instead of an explicitly identified role. </para> </listitem> </varlistentry> <varlistentry id="sql-alterrole-params-session-user"> <term><literal>SESSION_USER</literal></term> <listitem> <para> Alter the current session user instead of an explicitly identified role. </para> </listitem> </varlistentry> <varlistentry id="sql-alterrole-params-superuser"> <term><literal>SUPERUSER</literal></term> <term><literal>NOSUPERUSER</literal></term> <term><literal>CREATEDB</literal></term> <term><literal>NOCREATEDB</literal></term> <term><literal>CREATEROLE</literal></term> <term><literal>NOCREATEROLE</literal></term> <term><literal>INHERIT</literal></term> <term><literal>NOINHERIT</literal></term> <term><literal>LOGIN</literal></term> <term><literal>NOLOGIN</literal></term> <term><literal>REPLICATION</literal></term> <term><literal>NOREPLICATION</literal></term> <term><literal>BYPASSRLS</literal></term> <term><literal>NOBYPASSRLS</literal></term> <term><literal>CONNECTION LIMIT</literal> <replaceable class="parameter">connlimit</replaceable></term> <term>[ <literal>ENCRYPTED</literal> ] <literal>PASSWORD</literal> '<replaceable class="parameter">password</replaceable>'</term> <term><literal>PASSWORD NULL</literal></term> <term><literal>VALID UNTIL</literal> '<replaceable class="parameter">timestamp</replaceable>'</term> <listitem> <para> These clauses alter attributes originally set by <link linkend="sql-createrole"><command>CREATE ROLE</command></link>. For more information, see the <command>CREATE ROLE</command> reference page. </para> </listitem> </varlistentry> <varlistentry id="sql-alterrole-params-new-name"> <term><replaceable>new_name</replaceable></term> <listitem> <para> The new name of the role. </para> </listitem> </varlistentry> <varlistentry id="sql-alterrole-params-database-name"> <term><replaceable>database_name</replaceable></term> <listitem> <para> The name of the database the configuration variable should be set in. </para> </listitem> </varlistentry> <varlistentry id="sql-alterrole-params-configuration-parameter"> <term><replaceable>configuration_parameter</replaceable></term> <term><replaceable>value</replaceable></term> <listitem> <para> Set this role's session default for the specified configuration parameter to the given value. If <replaceable>value</replaceable> is <literal>DEFAULT</literal> or, equivalently, <literal>RESET</literal> is used, the role-specific variable setting is removed, so the role will inherit the system-wide default setting in new sessions. Use <literal>RESET ALL</literal> to clear all role-specific settings. <literal>SET FROM CURRENT</literal> saves the session's current value of

This section specifies the parameters for the ALTER ROLE command. It details how to alter role attributes such as SUPERUSER, CREATEDB, CREATEROLE, LOGIN, REPLICATION, and BYPASSRLS, connection limits, passwords, and password validity. It also covers renaming roles and setting role-specific configuration variables for all or specific databases, including resetting to default values and setting from the current session.