Modifying User Data¶

With the statement ALTER USER, you can modify the privileges granted to a user, change its password and/or description.

ALTER USER <name:identifier>
    [ <authentication> ]
    [ <description:literal> ]
    [ <grant> ]*

<authentication> ::=
      CURRENT_PASSWORD <current_password:literal> PASSWORD <password:literal> ENCRYPTED SHA512
    | LDAP (
          [ DATASOURCE <databaseName:identifier>.<dataSourceName:identifier> ]
          [ USERNAME <name:literal> ]
      )

<grant> ::= (see section Granting Privileges to a User/Role)

When user A attempts to change the password of user B, by default the password of user A must be provided in the clause CURRENT_PASSWORD in order to verify his identity. This behavior is controlled with the execution of SET 'com.denodo.vdb.security.LocalAuthenticator.currentPasswordEnabled' = '<boolean>':

• If the property is set to true or absent, the CURRENT_PASSWORD clause is required and it will be validated. If the clause is not provided an error will be raised.

• If the property is set to false the CURRENT_PASSWORD clause is optional and it will be validated only if it’s present.

The main uses of the ALTER USER statement are:

• Changing the password of a user. Users usually do that from the administration tool because it implies sending the password encrypted with a hash (SHA512) and not the actual password.

• Modifying the privileges granted to a user. Only administrator users or users with the role “assignprivileges” can do this. See more about this in the section Modifying the Privileges of a User).