Modifying and Deleting Users¶
LIST USERS returns the list of users in the Server.
DESC USER <user name> returns information about a user,
including her access rights over the existing databases, views and
stored procedures. Administrator users can access all the data of any
user. The remaining users can only obtain their own data.
Administrator users can remove users from the server using the
DROP USER statement (see section Removing Elements from the Catalog). The predefined “admin” administrator cannot be deleted.
Modifying User Data¶
With the command
ALTER USER, you can do this:
Change your own password.
Change the password of another user account.
Change the privileges granted to a user. Only administrator users or users with the role “assignprivileges” can do this (see more about this in the page Modifying the Privileges of a User).
Unlock another user account. Only administrators can do this.
The page Password Policies in the Denodo Platform and Solution Manager explains how a user account can be locked.
ALTER USER <name:identifier> [ <authentication> ] [ <description:literal> ] [ <grant> ]* | ALTER USER <name:identifier> CURRENT_PASSWORD <current password:literal> [ SHA512 ] UNLOCK <authentication> ::= CURRENT_PASSWORD <current_password:literal> PASSWORD <password:literal> SHA512 | LDAP ( [ DATASOURCE <databaseName:identifier>.<dataSourceName:identifier> ] [ USERNAME <name:literal> ] )
<grant> ::= (see section Granting Privileges to a User/Role)
To change the password of your account or someone else’s account, or unlock an account, you have to provide your current password in the parameter
CURRENT_PASSWORD. For example:
ALTER USER jsmith CURRENT_PASSWORD 'my-current-password' PASSWORD 'My_N3w_Password' SHA512;
Users that log in without providing their password (e.g. log in with Kerberos or Denodo SSO) cannot do this. They need to log in with username and password to do any of these actions.
If you want to disable the security measure of having to enter the “CURRENT_PASSWORD” parameter, execute this command:
-- You do not need to restart to apply this change SET 'com.denodo.vdb.security.LocalAuthenticator.currentPasswordEnabled' = 'false';