ALTER ROLE

Changes password or hashed password. Allows superuser or login options to be set.

Syntax

ALTER ROLE <role_name>
  ( WITH PASSWORD = '<role_password>'
  ifdef::dse69,dse68,cass50[]
  | WITH HASHED PASSWORD = '<hashed_role_password>'
  endif::dse69,dse68,cass50[]
  [ [ WITH | AND ] LOGIN = ( true | false ) ]
  [ [ WITH | AND ] SUPERUSER = ( true | false ) ]
    ifdef::cass50[]
  [ ( WITH | AND ) ACCESS TO DATACENTERS { 'dc_name' } | ( WITH | AND ) ACCESS TO ALL DATACENTERS
  | ( WITH | AND ) ACCESS FROM CIDRS { 'region1' } | ( WITH | AND ) ACCESS FROM ALL CIDRS']
  endif::cass50[]
  [ [ WITH | AND ] OPTIONS = { <custom_options_map> } ] ] ;
Syntax legend
Legend
Syntax conventions Description

UPPERCASE

Literal keyword.

Lowercase

Not literal.

< >

Variable value. Replace with a user-defined value.

[]

Optional. Square brackets ([]) surround optional command arguments. Do not type the square brackets.

( )

Group. Parentheses ( ( ) ) identify a group to choose from. Do not type the parentheses.

|

Or. A vertical bar (|) separates alternative elements. Type any one of the elements. Do not type the vertical bar.

...

Repeatable. An ellipsis ( ... ) indicates that you can repeat the syntax element as often as required.

'<Literal string>'

Single quotation (') marks must surround literal strings in CQL statements. Use single quotation marks to preserve upper case.

{ <key> : <value> }

Map collection. Braces ({ }) enclose map collections or key value pairs. A colon separates the key and the value.

<datatype2

Set, list, map, or tuple. Angle brackets ( < > ) enclose data types in a set, list, map, or tuple. Separate the data types with a comma.

<cql_statement>;

End CQL statement. A semicolon (;) terminates all CQL statements.

[--]

Separate the command line options from the command arguments with two hyphens ( -- ). This syntax is useful when arguments might be mistaken for command line options.

' <<schema\> ... </schema\>> '

Search CQL only: Single quotation marks (') surround an entire XML schema declaration.

@<xml_entity>='<xml_entity_type>'

Search CQL only: Identify the entity and literal value to overwrite the XML element in the schema and solrConfig files.

Parameters

Parameter Description Default

role_name

Identifier of the role. CQL forces all names to lowercase. If you need to preserve case or use special characters in the role name, enclose <role_name> in quotes.

role_password

Change a password for the role. Enclose the password in single quotes. Superusers (and roles with appropriate ALTER PERMISSION) can change the password of other roles.

hashed_password

Change a hashed password for the role. Enclose the hashed password in single quotes. Superusers (and roles with appropriate ALTER PERMISSION) can change the hashed password of other roles.

SUPERUSER

Optional. Enable or disable SUPERUSER status for another role, that is any role other than the one that is currently logged in. Setting SUPERUSER to false, revokes permission to create new roles; disabling does not automatically revoke the AUTHORIZE, ALTER, and DROP permissions that may already exist. Use true to create a superuser role.

false

LOGIN

Optional. Enable or disable LOGIN for roles other than currently logged in role.

false

OPTIONS = { <option_map> }

Optional. Change or add a map of custom options. Reserved for use with authentication plug-ins. Refer to the authenticator documentation for details.

Example

Change the password for a role

A role can change the password or hashed password for itself, or another role that it has permission to modify. A superuser can change the password or hashed password of any role. Use ALTER to change a role’s password:

ALTER ROLE sandy WITH PASSWORD = 'bestTeam';

or with a hashed password:

  ALTER ROLE sandy
  WITH HASHED PASSWORD = '$2a$10$Mvs4GDHlNG8MhYe5SFi7ge1R1SMbScIPVtKReSEKpqwcQOvep0Zqq';

Alter a role to with SUPERUSER status

ALTER ROLE sandy WITH SUPERUSER=true;

Alter a role to with LOGIN status

ALTER ROLE team_manager WITH LOGIN=true;

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2024 DataStax | Privacy policy | Terms of use

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com