ALTER ROLE: Notes, Examples, Compatibility, and See Also

not process role-specific variable settings. </para> <para> See <xref linkend="sql-set"/> and <xref linkend="runtime-config"/> for more information about allowed parameter names and values. </para> </listitem> </varlistentry> </variablelist> </refsect1> <refsect1 id="sql-alterrole-notes"> <title>Notes</title> <para> Use <link linkend="sql-createrole"><command>CREATE ROLE</command></link> to add new roles, and <link linkend="sql-droprole"><command>DROP ROLE</command></link> to remove a role. </para> <para> <command>ALTER ROLE</command> cannot change a role's memberships. Use <link linkend="sql-grant"><command>GRANT</command></link> and <link linkend="sql-revoke"><command>REVOKE</command></link> to do that. </para> <para> Caution must be exercised when specifying an unencrypted password with this command. The password will be transmitted to the server in cleartext, and it might also be logged in the client's command history or the server log. <xref linkend="app-psql"/> contains a command <command>\password</command> that can be used to change a role's password without exposing the cleartext password. </para> <para> It is also possible to tie a session default to a specific database rather than to a role; see <xref linkend="sql-alterdatabase"/>. If there is a conflict, database-role-specific settings override role-specific ones, which in turn override database-specific ones. </para> </refsect1> <refsect1 id="sql-alterrole-examples"> <title>Examples</title> <para> Change a role's password: <programlisting> ALTER ROLE davide WITH PASSWORD 'hu8jmn3'; </programlisting> </para> <para> Remove a role's password: <programlisting> ALTER ROLE davide WITH PASSWORD NULL; </programlisting> </para> <para> Change a password expiration date, specifying that the password should expire at midday on 4th May 2015 using the time zone which is one hour ahead of <acronym>UTC</acronym>: <programlisting> ALTER ROLE chris VALID UNTIL 'May 4 12:00:00 2015 +1'; </programlisting> </para> <para> Make a password valid forever: <programlisting> ALTER ROLE fred VALID UNTIL 'infinity'; </programlisting> </para> <para> Give a role the ability to manage other roles and create new databases: <programlisting> ALTER ROLE miriam CREATEROLE CREATEDB; </programlisting> </para> <para> Give a role a non-default setting of the <xref linkend="guc-maintenance-work-mem"/> parameter: <programlisting> ALTER ROLE worker_bee SET maintenance_work_mem = 100000; </programlisting> </para> <para> Give a role a non-default, database-specific setting of the <xref linkend="guc-client-min-messages"/> parameter: <programlisting> ALTER ROLE fred IN DATABASE devel SET client_min_messages = DEBUG; </programlisting></para> </refsect1> <refsect1 id="sql-alterrole-compat"> <title>Compatibility</title> <para> The <command>ALTER ROLE</command> statement is a <productname>PostgreSQL</productname> extension. </para> </refsect1> <refsect1 id="sql-alterrole-see"> <title>See Also</title> <simplelist type="inline"> <member><xref linkend="sql-createrole"/></member> <member><xref linkend="sql-droprole"/></member> <member><xref linkend="sql-alterdatabase"/></member> <member><xref linkend="sql-set"/></member> </simplelist> </refsect1> </refentry>

This section provides notes on using ALTER ROLE, including password security concerns and the precedence of configuration settings (database-role-specific > role-specific > database-specific). It then gives practical examples of altering a role's password, setting expiration dates, granting privileges, and setting configuration parameters. Finally, it mentions the command's PostgreSQL extension status and lists related SQL commands for role and database management.