doc/user/content/sql/alter-role.md
ALTER ROLE alters the attributes of an existing role.1
{{< tabs >}}
{{< tab "Cloud" >}}
{{% include-syntax file="examples/rbac-cloud/alter_roles" example="alter-role-syntax" %}}
Note: {{% include-example file="examples/rbac-cloud/alter_roles" example="alter-role-details" %}} {{< /tab >}} {{< tab "Self-Managed" >}}
{{% include-syntax file="examples/rbac-sm/alter_roles" example="alter-role-syntax" %}}
Note: {{% include-example file="examples/rbac-sm/alter_roles" example="alter-role-details" %}} {{< /tab >}} {{< /tabs >}}
You may not specify redundant or conflicting sets of options. For example,
Materialize will reject the statement ALTER ROLE ... INHERIT INHERIT.
ALTER ROLE rj INHERIT;
SELECT name, inherit FROM mz_roles WHERE name = 'rj';
rj true
SHOW cluster;
quickstart
ALTER ROLE rj SET cluster TO rj_compute;
-- Role parameters only take effect for new sessions.
SHOW cluster;
quickstart
-- Start a new SQL session with the role 'rj'.
SHOW cluster;
rj_compute
-- In a new SQL session with a role that is not 'rj'.
SHOW cluster;
quickstart
Unlike regular roles, superusers have unrestricted access to all objects in the system and can perform any action on them.
ALTER ROLE rj SUPERUSER;
To verify that the role has superuser privileges, you can query the pg_authid system catalog:
SELECT name, rolsuper FROM pg_authid WHERE rolname = 'rj';
rj t
NOSUPERUSER will remove the superuser attribute from a role, preventing it from having unrestricted access to all objects in the system.
ALTER ROLE rj NOSUPERUSER;
SELECT name, rolsuper FROM pg_authid WHERE rolname = 'rj';
rj f
{{< warning >}} Setting a NULL password removes the password. {{< /warning >}}
ALTER ROLE rj PASSWORD NULL;
ALTER ROLE rj PASSWORD 'new_password';
The privileges required to execute this statement are:
{{% include-headless "/headless/sql-command-privileges/alter-role" %}}
Materialize does not support the SET ROLE command. ↩