<!--
doc/src/sgml/ref/alter_role.sgml
PostgreSQL documentation
-->
<refentry id="sql-alterrole">
<indexterm zone="sql-alterrole">
<primary>ALTER ROLE</primary>
</indexterm>
<refmeta>
<refentrytitle>ALTER ROLE</refentrytitle>
<manvolnum>7</manvolnum>
<refmiscinfo>SQL - Language Statements</refmiscinfo>
</refmeta>
<refnamediv>
<refname>ALTER ROLE</refname>
<refpurpose>change a database role</refpurpose>
</refnamediv>
<refsynopsisdiv>
<synopsis>
ALTER ROLE <replaceable class="parameter">role_specification</replaceable> [ WITH ] <replaceable class="parameter">option</replaceable> [ ... ]
<phrase>where <replaceable class="parameter">option</replaceable> can be:</phrase>
SUPERUSER | NOSUPERUSER
| CREATEDB | NOCREATEDB
| CREATEROLE | NOCREATEROLE
| INHERIT | NOINHERIT
| LOGIN | NOLOGIN
| REPLICATION | NOREPLICATION
| BYPASSRLS | NOBYPASSRLS
| CONNECTION LIMIT <replaceable class="parameter">connlimit</replaceable>
| [ ENCRYPTED ] PASSWORD '<replaceable class="parameter">password</replaceable>' | PASSWORD NULL
| VALID UNTIL '<replaceable class="parameter">timestamp</replaceable>'
ALTER ROLE <replaceable class="parameter">name</replaceable> RENAME TO <replaceable>new_name</replaceable>
ALTER ROLE { <replaceable class="parameter">role_specification</replaceable> | ALL } [ IN DATABASE <replaceable class="parameter">database_name</replaceable> ] SET <replaceable>configuration_parameter</replaceable> { TO | = } { <replaceable>value</replaceable> | DEFAULT }
ALTER ROLE { <replaceable class="parameter">role_specification</replaceable> | ALL } [ IN DATABASE <replaceable class="parameter">database_name</replaceable> ] SET <replaceable>configuration_parameter</replaceable> FROM CURRENT
ALTER ROLE { <replaceable class="parameter">role_specification</replaceable> | ALL } [ IN DATABASE <replaceable class="parameter">database_name</replaceable> ] RESET <replaceable>configuration_parameter</replaceable>
ALTER ROLE { <replaceable class="parameter">role_specification</replaceable> | ALL } [ IN DATABASE <replaceable class="parameter">database_name</replaceable> ] RESET ALL
<phrase>where <replaceable class="parameter">role_specification</replaceable> can be:</phrase>
<replaceable class="parameter">role_name</replaceable>
| CURRENT_ROLE
| CURRENT_USER
| SESSION_USER
</synopsis>
</refsynopsisdiv>
<refsect1 id="sql-alterrole-desc">
<title>Description</title>
<para>
<command>ALTER ROLE</command> changes the attributes of a
<productname>PostgreSQL</productname> role.
</para>
<para>
The first variant of this command listed in the synopsis can change
many of the role attributes that can be specified in
<link linkend="sql-createrole"><command>CREATE ROLE</command></link>.
(All the possible attributes are covered,
except that there are no options for adding or removing memberships; use
<link linkend="sql-grant"><command>GRANT</command></link> and
<link linkend="sql-revoke"><command>REVOKE</command></link> for that.)
Attributes not mentioned in the command retain their previous settings.
Database superusers can change any of these settings for any role, except
for changing the <literal>SUPERUSER</literal> property for the
<glossterm linkend="glossary-bootstrap-superuser">bootstrap superuser</glossterm>.
Non-superuser roles having <literal>CREATEROLE</literal> privilege can
change most of these properties, but only for non-superuser and
non-replication roles for which they have been granted
<literal>ADMIN OPTION</literal>. Non-superusers cannot change the
<literal>SUPERUSER</literal> property and can change the
<literal>CREATEDB</literal>, <literal>REPLICATION</literal>, and
<literal>BYPASSRLS</literal> properties only if they possess the
corresponding property themselves.
Ordinary roles can only change their own password.
</para>
<para>
The second variant changes the name of the role.
Database superusers