Baoding-FenShuaJiang
/
Green_GoodERP18_FSJ_Standard
关注 1
点赞 0
百科 捐赠
gooderp18绿色标准版
您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符
分支: master
分支列表 标签列表
${ item.name }
创建分支 ${ searchTerm }
从 'master'
${ noResults }
Green_GoodERP18_FSJ_Standard/PostgreSQL/doc/postgresql/html/sql-alterrole.html

186 行
16KB
原始文件 永久链接 Blame 文件历史 

  1. <?xml version="1.0" encoding="UTF-8" standalone="no"?>

  2. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>ALTER ROLE</title><link rel="stylesheet" type="text/css" href="stylesheet.css" /><link rev="made" href="pgsql-docs@lists.postgresql.org" /><meta name="generator" content="DocBook XSL Stylesheets V1.79.1" /><link rel="prev" href="sql-alterpublication.html" title="ALTER PUBLICATION" /><link rel="next" href="sql-alterroutine.html" title="ALTER ROUTINE" /></head><body><div xmlns="http://www.w3.org/TR/xhtml1/transitional" class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="5" align="center">ALTER ROLE</th></tr><tr><td width="10%" align="left"><a accesskey="p" href="sql-alterpublication.html" title="ALTER PUBLICATION">Prev</a> </td><td width="10%" align="left"><a accesskey="u" href="sql-commands.html" title="SQL Commands">Up</a></td><th width="60%" align="center">SQL Commands</th><td width="10%" align="right"><a accesskey="h" href="index.html" title="PostgreSQL 12.4 Documentation">Home</a></td><td width="10%" align="right"> <a accesskey="n" href="sql-alterroutine.html" title="ALTER ROUTINE">Next</a></td></tr></table><hr></hr></div><div class="refentry" id="SQL-ALTERROLE"><div class="titlepage"></div><a id="id-1.9.3.26.1" class="indexterm"></a><div class="refnamediv"><h2><span class="refentrytitle">ALTER ROLE</span></h2><p>ALTER ROLE — change a database role</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><pre class="synopsis">

  3. ALTER ROLE <em class="replaceable"><code>role_specification</code></em> [ WITH ] <em class="replaceable"><code>option</code></em> [ ... ]

  4. 

  5. <span class="phrase">where <em class="replaceable"><code>option</code></em> can be:</span>

  6. 

  7.       SUPERUSER | NOSUPERUSER

  8.     | CREATEDB | NOCREATEDB

  9.     | CREATEROLE | NOCREATEROLE

  10.     | INHERIT | NOINHERIT

  11.     | LOGIN | NOLOGIN

  12.     | REPLICATION | NOREPLICATION

  13.     | BYPASSRLS | NOBYPASSRLS

  14.     | CONNECTION LIMIT <em class="replaceable"><code>connlimit</code></em>

  15.     | [ ENCRYPTED ] PASSWORD '<em class="replaceable"><code>password</code></em>' | PASSWORD NULL

  16.     | VALID UNTIL '<em class="replaceable"><code>timestamp</code></em>'

  17. 

  18. ALTER ROLE <em class="replaceable"><code>name</code></em> RENAME TO <em class="replaceable"><code>new_name</code></em>

  19. 

  20. ALTER ROLE { <em class="replaceable"><code>role_specification</code></em> | ALL } [ IN DATABASE <em class="replaceable"><code>database_name</code></em> ] SET <em class="replaceable"><code>configuration_parameter</code></em> { TO | = } { <em class="replaceable"><code>value</code></em> | DEFAULT }

  21. ALTER ROLE { <em class="replaceable"><code>role_specification</code></em> | ALL } [ IN DATABASE <em class="replaceable"><code>database_name</code></em> ] SET <em class="replaceable"><code>configuration_parameter</code></em> FROM CURRENT

  22. ALTER ROLE { <em class="replaceable"><code>role_specification</code></em> | ALL } [ IN DATABASE <em class="replaceable"><code>database_name</code></em> ] RESET <em class="replaceable"><code>configuration_parameter</code></em>

  23. ALTER ROLE { <em class="replaceable"><code>role_specification</code></em> | ALL } [ IN DATABASE <em class="replaceable"><code>database_name</code></em> ] RESET ALL

  24. 

  25. <span class="phrase">where <em class="replaceable"><code>role_specification</code></em> can be:</span>

  26. 

  27.     <em class="replaceable"><code>role_name</code></em>

  28.   | CURRENT_USER

  29.   | SESSION_USER

  30. </pre></div><div class="refsect1" id="id-1.9.3.26.5"><h2>Description</h2><p>

  31.    <code class="command">ALTER ROLE</code> changes the attributes of a

  32.    <span class="productname">PostgreSQL</span> role.

  33.   </p><p>

  34.    The first variant of this command listed in the synopsis can change

  35.    many of the role attributes that can be specified in

  36.    <a class="xref" href="sql-createrole.html" title="CREATE ROLE"><span class="refentrytitle">CREATE ROLE</span></a>.

  37.    (All the possible attributes are covered,

  38.    except that there are no options for adding or removing memberships; use

  39.    <a class="xref" href="sql-grant.html" title="GRANT"><span class="refentrytitle">GRANT</span></a> and

  40.    <a class="xref" href="sql-revoke.html" title="REVOKE"><span class="refentrytitle">REVOKE</span></a> for that.)

  41.    Attributes not mentioned in the command retain their previous settings.

  42.    Database superusers can change any of these settings for any role.

  43.    Roles having <code class="literal">CREATEROLE</code> privilege can change any of these

  44.    settings, but only for non-superuser and non-replication roles.

  45.    Ordinary roles can only change their own password.

  46.   </p><p>

  47.    The second variant changes the name of the role.

  48.    Database superusers can rename any role.

  49.    Roles having <code class="literal">CREATEROLE</code> privilege can rename non-superuser

  50.    roles.

  51.    The current session user cannot be renamed.

  52.    (Connect as a different user if you need to do that.)

  53.    Because <code class="literal">MD5</code>-encrypted passwords use the role name as

  54.    cryptographic salt, renaming a role clears its password if the

  55.    password is <code class="literal">MD5</code>-encrypted.

  56.   </p><p>

  57.    The remaining variants change a role's session default for a configuration

  58.    variable, either for all databases or, when the <code class="literal">IN

  59.    DATABASE</code> clause is specified, only for sessions in the named

  60.    database.  If <code class="literal">ALL</code> is specified instead of a role name,

  61.    this changes the setting for all roles.  Using <code class="literal">ALL</code>

  62.    with <code class="literal">IN DATABASE</code> is effectively the same as using the

  63.    command <code class="literal">ALTER DATABASE ... SET ...</code>.

  64.   </p><p>

  65.    Whenever the role subsequently

  66.    starts a new session, the specified value becomes the session

  67.    default, overriding whatever setting is present in

  68.    <code class="filename">postgresql.conf</code> or has been received from the <code class="command">postgres</code>

  69.    command line. This only happens at login time; executing

  70.    <a class="xref" href="sql-set-role.html" title="SET ROLE"><span class="refentrytitle">SET ROLE</span></a> or

  71.    <a class="xref" href="sql-set-session-authorization.html" title="SET SESSION AUTHORIZATION"><span class="refentrytitle">SET SESSION AUTHORIZATION</span></a> does not cause new

  72.    configuration values to be set.

  73.    Settings set for all databases are overridden by database-specific settings

  74.    attached to a role.  Settings for specific databases or specific roles override

  75.    settings for all roles.

  76.   </p><p>

  77.    Superusers can change anyone's session defaults. Roles having

  78.    <code class="literal">CREATEROLE</code> privilege can change defaults for non-superuser

  79.    roles. Ordinary roles can only set defaults for themselves.

  80.    Certain configuration variables cannot be set this way, or can only be

  81.    set if a superuser issues the command.  Only superusers can change a setting

  82.    for all roles in all databases.

  83.   </p></div><div class="refsect1" id="id-1.9.3.26.6"><h2>Parameters</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term"><em class="replaceable"><code>name</code></em></span></dt><dd><p>

  84.         The name of the role whose attributes are to be altered.

  85.        </p></dd><dt><span class="term"><code class="literal">CURRENT_USER</code></span></dt><dd><p>

  86.         Alter the current user instead of an explicitly identified role.

  87.        </p></dd><dt><span class="term"><code class="literal">SESSION_USER</code></span></dt><dd><p>

  88.         Alter the current session user instead of an explicitly identified

  89.         role.

  90.        </p></dd><dt><span class="term"><code class="literal">SUPERUSER</code><br /></span><span class="term"><code class="literal">NOSUPERUSER</code><br /></span><span class="term"><code class="literal">CREATEDB</code><br /></span><span class="term"><code class="literal">NOCREATEDB</code><br /></span><span class="term"><code class="literal">CREATEROLE</code><br /></span><span class="term"><code class="literal">NOCREATEROLE</code><br /></span><span class="term"><code class="literal">INHERIT</code><br /></span><span class="term"><code class="literal">NOINHERIT</code><br /></span><span class="term"><code class="literal">LOGIN</code><br /></span><span class="term"><code class="literal">NOLOGIN</code><br /></span><span class="term"><code class="literal">REPLICATION</code><br /></span><span class="term"><code class="literal">NOREPLICATION</code><br /></span><span class="term"><code class="literal">BYPASSRLS</code><br /></span><span class="term"><code class="literal">NOBYPASSRLS</code><br /></span><span class="term"><code class="literal">CONNECTION LIMIT</code> <em class="replaceable"><code>connlimit</code></em><br /></span><span class="term">[ <code class="literal">ENCRYPTED</code> ] <code class="literal">PASSWORD</code> '<em class="replaceable"><code>password</code></em>'<br /></span><span class="term"><code class="literal">PASSWORD NULL</code><br /></span><span class="term"><code class="literal">VALID UNTIL</code> '<em class="replaceable"><code>timestamp</code></em>'</span></dt><dd><p>

  91.         These clauses alter attributes originally set by

  92.         <a class="xref" href="sql-createrole.html" title="CREATE ROLE"><span class="refentrytitle">CREATE ROLE</span></a>. For more information, see the

  93.         <code class="command">CREATE ROLE</code> reference page.

  94.        </p></dd><dt><span class="term"><em class="replaceable"><code>new_name</code></em></span></dt><dd><p>

  95.         The new name of the role.

  96.        </p></dd><dt><span class="term"><em class="replaceable"><code>database_name</code></em></span></dt><dd><p>

  97.            The name of the database the configuration variable should be set in.

  98.          </p></dd><dt><span class="term"><em class="replaceable"><code>configuration_parameter</code></em><br /></span><span class="term"><em class="replaceable"><code>value</code></em></span></dt><dd><p>

  99.         Set this role's session default for the specified configuration

  100.         parameter to the given value.  If

  101.         <em class="replaceable"><code>value</code></em> is <code class="literal">DEFAULT</code>

  102.         or, equivalently, <code class="literal">RESET</code> is used, the

  103.         role-specific variable setting is removed, so the role will

  104.         inherit the system-wide default setting in new sessions.  Use

  105.         <code class="literal">RESET ALL</code> to clear all role-specific settings.

  106.         <code class="literal">SET FROM CURRENT</code> saves the session's current value of

  107.         the parameter as the role-specific value.

  108.         If <code class="literal">IN DATABASE</code> is specified, the configuration

  109.         parameter is set or removed for the given role and database only.

  110.        </p><p>

  111.         Role-specific variable settings take effect only at login;

  112.         <a class="xref" href="sql-set-role.html" title="SET ROLE"><span class="refentrytitle">SET ROLE</span></a> and

  113.         <a class="xref" href="sql-set-session-authorization.html" title="SET SESSION AUTHORIZATION"><span class="refentrytitle">SET SESSION AUTHORIZATION</span></a>

  114.         do not process role-specific variable settings.

  115.        </p><p>

  116.         See <a class="xref" href="sql-set.html" title="SET"><span class="refentrytitle">SET</span></a> and <a class="xref" href="runtime-config.html" title="Chapter 19. Server Configuration">Chapter 19</a> for more information about allowed

  117.         parameter names and values.

  118.        </p></dd></dl></div></div><div class="refsect1" id="id-1.9.3.26.7"><h2>Notes</h2><p>

  119.    Use <a class="xref" href="sql-createrole.html" title="CREATE ROLE"><span class="refentrytitle">CREATE ROLE</span></a>

  120.    to add new roles, and <a class="xref" href="sql-droprole.html" title="DROP ROLE"><span class="refentrytitle">DROP ROLE</span></a> to remove a role.

  121.   </p><p>

  122.    <code class="command">ALTER ROLE</code> cannot change a role's memberships.

  123.    Use <a class="xref" href="sql-grant.html" title="GRANT"><span class="refentrytitle">GRANT</span></a> and

  124.    <a class="xref" href="sql-revoke.html" title="REVOKE"><span class="refentrytitle">REVOKE</span></a>

  125.    to do that.

  126.   </p><p>

  127.    Caution must be exercised when specifying an unencrypted password

  128.    with this command.  The password will be transmitted to the server

  129.    in cleartext, and it might also be logged in the client's command

  130.    history or the server log.  <a class="xref" href="app-psql.html" title="psql"><span class="refentrytitle"><span class="application">psql</span></span></a>

  131.    contains a command

  132.    <code class="command">\password</code> that can be used to change a

  133.    role's password without exposing the cleartext password.

  134.   </p><p>

  135.    It is also possible to tie a

  136.    session default to a specific database rather than to a role; see

  137.    <a class="xref" href="sql-alterdatabase.html" title="ALTER DATABASE"><span class="refentrytitle">ALTER DATABASE</span></a>.

  138.    If there is a conflict, database-role-specific settings override role-specific

  139.    ones, which in turn override database-specific ones.

  140.   </p></div><div class="refsect1" id="id-1.9.3.26.8"><h2>Examples</h2><p>

  141.    Change a role's password:

  142. 

  143. </p><pre class="programlisting">

  144. ALTER ROLE davide WITH PASSWORD 'hu8jmn3';

  145. </pre><p>

  146.   </p><p>

  147.    Remove a role's password:

  148. 

  149. </p><pre class="programlisting">

  150. ALTER ROLE davide WITH PASSWORD NULL;

  151. </pre><p>

  152.   </p><p>

  153.    Change a password expiration date, specifying that the password

  154.    should expire at midday on 4th May 2015 using

  155.    the time zone which is one hour ahead of <acronym class="acronym">UTC</acronym>:

  156. </p><pre class="programlisting">

  157. ALTER ROLE chris VALID UNTIL 'May 4 12:00:00 2015 +1';

  158. </pre><p>

  159.   </p><p>

  160.    Make a password valid forever:

  161. </p><pre class="programlisting">

  162. ALTER ROLE fred VALID UNTIL 'infinity';

  163. </pre><p>

  164.   </p><p>

  165.    Give a role the ability to create other roles and new databases:

  166. 

  167. </p><pre class="programlisting">

  168. ALTER ROLE miriam CREATEROLE CREATEDB;

  169. </pre><p>

  170.   </p><p>

  171.    Give a role a non-default setting of the

  172.    <a class="xref" href="runtime-config-resource.html#GUC-MAINTENANCE-WORK-MEM">maintenance_work_mem</a> parameter:

  173. 

  174. </p><pre class="programlisting">

  175. ALTER ROLE worker_bee SET maintenance_work_mem = 100000;

  176. </pre><p>

  177.   </p><p>

  178.    Give a role a non-default, database-specific setting of the

  179.    <a class="xref" href="runtime-config-client.html#GUC-CLIENT-MIN-MESSAGES">client_min_messages</a> parameter:

  180. 

  181. </p><pre class="programlisting">

  182. ALTER ROLE fred IN DATABASE devel SET client_min_messages = DEBUG;

  183. </pre></div><div class="refsect1" id="id-1.9.3.26.9"><h2>Compatibility</h2><p>

  184.    The <code class="command">ALTER ROLE</code> statement is a

  185.    <span class="productname">PostgreSQL</span> extension.

  186.   </p></div><div class="refsect1" id="id-1.9.3.26.10"><h2>See Also</h2><span class="simplelist"><a class="xref" href="sql-createrole.html" title="CREATE ROLE"><span class="refentrytitle">CREATE ROLE</span></a>, <a class="xref" href="sql-droprole.html" title="DROP ROLE"><span class="refentrytitle">DROP ROLE</span></a>, <a class="xref" href="sql-alterdatabase.html" title="ALTER DATABASE"><span class="refentrytitle">ALTER DATABASE</span></a>, <a class="xref" href="sql-set.html" title="SET"><span class="refentrytitle">SET</span></a></span></div></div><div class="navfooter"><hr /><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="sql-alterpublication.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="sql-commands.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="sql-alterroutine.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">ALTER PUBLICATION </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> ALTER ROUTINE</td></tr></table></div></body></html>
上海开阖软件有限公司 沪ICP备12045867号-1