Modifying User Data¶

With the command ALTER USER, you can do this:

• Change your own password.

• Change the password of another user account.

• Change the privileges granted to a user. Only administrator users or users with the role “assignprivileges” can do this (see more about this in the page Modifying the Privileges of a User).

• Unlock another user account. Only administrators can do this.

  The page Password Policies in the Denodo Platform and Solution Manager explains how a user account can be locked.

ALTER USER <name:identifier>
    [ <authentication> ]
    [ <description:literal> ]
    [ <grant> ]*
| ALTER USER <name:identifier>
    CURRENT_PASSWORD <current password:literal> [ SHA512 ]
    UNLOCK

<authentication> ::=
      CURRENT_PASSWORD <current_password:literal> PASSWORD <password:literal> SHA512
    | LDAP (
          [ DATASOURCE <databaseName:identifier>.<dataSourceName:identifier> ]
          [ USERNAME <name:literal> ]
      )

<grant> ::= (see section Granting Privileges to a User/Role)

To change the password of your account or someone else’s account, or unlock an account, you have to provide your current password in the parameter CURRENT_PASSWORD. For example:

ALTER USER jsmith
    CURRENT_PASSWORD 'my-current-password'
    PASSWORD 'My_N3w_Password' SHA512;

Users that log in without providing their password (e.g. log in with Kerberos or Denodo SSO) cannot do this. They need to log in with username and password to do any of these actions.

If you want to disable the security measure of having to enter the “CURRENT_PASSWORD” parameter, execute this command:

-- You do not need to restart to apply this change
SET 'com.denodo.vdb.security.LocalAuthenticator.currentPasswordEnabled' = 'false';