ALTER USER reference
ALTER USER modifies user settings.
Syntax#
Description#
ALTER USER username ENABLE- enables user account.ALTER USER username DISABLE- disables user account.ALTER USER username WITH PASSWORD password- sets password for the user account.ALTER USER username WITH NO PASSWORD- removes password for the user account.ALTER USER username CREATE TOKEN TYPE JWK- adds Json Web Key to user account. Returns public key (x, y) and private key. The private key is not stored in QuestDB.ALTER USER username DROP TOKEN TYPE JWK- removes Json Web Key from user account.
Examples#
Enable user#
Disable user#
Set password#
Remove password#
Removing user's password is not possible with WITH PASSWORD '' because it
rejects empty passwords.
Add Json Web Key#
Remove Json Web Key#
Result of commands above can be verified with SHOW USER, e.g.
| auth_type | enabled |
|---|---|
| Password | true |
| JWK Token | false |
| REST Token | false |
Add REST API token#
Here, the TTL (Time-to-Live) value should contain an integer and a unit, e.g.
1m. The supported units are:
s- secondm- minuteh- hourd- day
The minimal allowed TTL value is 1 minute, the maximum value is 10 years (10 * 365 days).
The REFRESH modifier is optional. When the REFRESH modifier is specified, the token's expiration timestamp will be refreshed on each successful authentication.
note
When replication is used, the token will not be refreshed on successful authentication on replicas, but only on the primary node. This makes tokens with the REFRESH modifier meaningful for use on the primary node only.
Remove REST API token#
Result of commands above can be verified with SHOW USER, e.g.
| auth_type | enabled |
|---|---|
| Password | true |
| JWK Token | false |
| REST Token | false |