Modifying and Deleting Users¶
The command LIST USERS
returns the list of users in the Server.
The command DESC USER <user name>
returns information about a user,
including her access rights over the existing databases, views and
stored procedures. Administrator users can access all the data of any
user. The remaining users can only obtain their own data.
Administrator users can remove users from the server using the
DROP USER
statement (see section Removing Elements from the Catalog). The predefined “admin” administrator cannot be deleted.
Modifying User Data¶
With the statement ALTER USER
, you can modify the privileges granted to a user, change its password and/or description.
ALTER USER <name:identifier>
[ <authentication> ]
[ <description:literal> ]
[ <grant> ]*
<authentication> ::=
CURRENT_PASSWORD <current_password:literal> PASSWORD <password:literal> ENCRYPTED SHA512
| LDAP (
[ DATASOURCE <databaseName:identifier>.<dataSourceName:identifier> ]
[ USERNAME <name:literal> ]
)
<grant> ::= (see section Granting Privileges to a User/Role)
When user A attempts to change the password of user B, by default the password of user A must be provided in the clause CURRENT_PASSWORD
in order to verify his identity. This behavior is controlled with the execution of SET 'com.denodo.vdb.security.LocalAuthenticator.currentPasswordEnabled' = '<boolean>'
:
If the property is set to true or absent, the
CURRENT_PASSWORD
clause is required and it will be validated. If the clause is not provided an error will be raised.If the property is set to false the
CURRENT_PASSWORD
clause is optional and it will be validated only if it’s present.
The main uses of the ALTER USER
statement are:
Changing the password of a user. Users usually do that from the administration tool because it implies sending the password encrypted with a hash (SHA512) and not the actual password.
Modifying the privileges granted to a user. Only administrator users or users with the role “assignprivileges” can do this. See more about this in the section Modifying the Privileges of a User).