ALTER SERVICE ACCOUNT modifies service account settings.
ALTER SERVICE ACCOUNT serviceAccountName ENABLE- enables service account.
ALTER SERVICE ACCOUNT serviceAccountName DISABLE- disables service account.
ALTER SERVICE ACCOUNT serviceAccountName WITH PASSWORD password- sets password for the service account.
ALTER SERVICE ACCOUNT serviceAccountName WITH NO PASSWORD- removes password for the service account.
ALTER SERVICE ACCOUNT serviceAccountName CREATE TOKEN TYPE JWK- adds Json Web Key to the service account. Returns public key (x, y) and private key. The private key is not stored in QuestDB.
ALTER SERVICE ACCOUNT serviceAccountName DROP TOKEN TYPE JWK- removes Json Web Key from the service account.
ALTER USER serviceAccountName CREATE TOKEN TYPE REST WITH TTL timeUnit REFRESH- adds REST token to the service account.
ALTER USER serviceAccountName DROP TOKEN TYPE REST token- removes REST token from the service account.
Removing a password is not possible using
WITH PASSWORD '' as the database will reject
Result of commands above can be verified with
SHOW USER, e.g.
Here, the TTL (Time-to-Live) value should contain an integer and a unit, such as
1m. The supported units are:
The minimum allowable TTL value is 1 minute and the maximum value is 10 years (10 * 365 days).
REFRESH modifier is optional. When the
REFRESH modifier is specified,
the token's expiration timestamp will be refreshed on each successful
Many QuestDB Enterprise instances run within active database replication clusters. With replication enabled, the REST API token will be refreshed on successful authentication to the primary node. The token will not be refreshed during successful authentications to replica nodes.
Therefore, tokens with the
REFRESH modifier are for use only on the
The result of the above commands can be verified with
SHOW SERVICE ACCOUNT: