USER MANUALS

Modifying and Deleting Users

The command LIST USERS returns the list of users in the Server.

The command DESC USER <user name> returns information about a user, including her access rights over the existing databases, views and stored procedures. Administrator users can access all the data of any user. The remaining users can only obtain their own data.

Administrator users can remove users from the server using the DROP USER statement (see section Removing Elements from the Catalog). The default administrator user “admin” can be deleted, but you need to have at least one administrator user at any moment.

Modifying User Data

With the command ALTER USER, you can do this:

  • Change your own password.

  • Change the password of another user account.

  • Change the privileges granted to a user. Only administrator users or users with the role “assignprivileges” can do this (see more about this in the page Modifying the Privileges of a User).

  • Unlock another user account. Only administrators can do this.

    The page Password Policies in the Denodo Platform and Solution Manager explains how a user account can be locked.

Syntax of the ALTER USER statement
ALTER USER <name:identifier>
    [ <authentication> ]
    [ <description:literal> ]
    [ <grant> ]*
| ALTER USER <name:identifier>
    CURRENT_PASSWORD <current password:literal> [ SHA512 ]
    UNLOCK

<authentication> ::=
      CURRENT_PASSWORD <current_password:literal> PASSWORD <password:literal> SHA512
    | LDAP (
          [ DATASOURCE <databaseName:identifier>.<dataSourceName:identifier> ]
          [ USERNAME <name:literal> ]
      )

<grant> ::= (see section Granting Privileges to a User/Role)

To change the password of your account or someone else’s account, or unlock an account, you have to provide your current password in the parameter CURRENT_PASSWORD. For example:

ALTER USER jsmith
    CURRENT_PASSWORD 'my-current-password'
    PASSWORD 'My_N3w_Password' SHA512;

Users that log in without providing their password (e.g. log in with Kerberos or Denodo SSO) cannot do this. They need to log in with username and password to do any of these actions.

If you want to disable the security measure of having to enter the “CURRENT_PASSWORD” parameter, execute this command:

-- You do not need to restart to apply this change
SET 'com.denodo.vdb.security.LocalAuthenticator.currentPasswordEnabled' = 'false';
Add feedback