Was this helpful?
ALTER USER
Valid in: SQL, ESQL, OpenAPI, ODBC, JDBC, .NET
The ALTER USER statement changes the characteristics of an existing user.
Use ADD PRIVILEGES to give the user additional privileges. Use DROP PRIVILEGES to remove privileges from the user.
Note:  You cannot use either ADD PRIVILEGES or DROP PRIVILEGES if with_item is specified in the WITH clause.
The ALTER USER statement has the following format:
[EXEC SQL] ALTER USER user_name
[ADD PRIVILEGES (priv {, priv}) |DROP PRIVILEGES (priv {, priv})]
[WITH with_item {, with_item}]
 
with_item = NOPRIVILEGES| PRIVILEGES = ( priv {, priv} )
             | NOGROUP | GROUP = default_group
             | SECURITY_AUDIT= ( audit_opt {,audit_opt})
             | NOEXPIRE_DATE | EXPIRE_DATE = 'expire_date'
             | DEFAULT_PRIVILEGES = (priv {,priv})| ALL | NODEFAULT_PRIVILEGES
             | NOPROFILE | PROFILE= profile_name
             | NOPASSWORD | PASSWORD = 'user_password'
             | PASSWORD = X'encrypted_role_password'
             | EXTERNAL_PASSWORD
             | OLDPASSWORD = 'oldpassword'
             | DBMS_AUTHENTICATION = 'REQUIRED' | 'OPTIONAL'
user_name
Specifies the user name. The user must be an existing Actian X user.
ADD PRIVILEGES = ( priv {, priv} )
Adds the specified subject privileges, as described in CREATE USER.
DROP PRIVILEGES = ( priv {, priv} )
Removes the specified subject privileges.
default group
Specifies the default group to which the user belongs. Must be an existing group. For details about groups, see CREATE GROUP. To specify that the user is not assigned to a group, use the NOGROUP option.
Default: NOGROUP if the group clause is omitted.
audit_opt
Defines security audit options, as described in CREATE USER.
expire_date
Specifies an optional expiration date associated with the user. Any valid date can be used. Once the expiration date is reached, the user is no longer able to log on.
Default: NOEXPIRE_DATE if the EXPIRE_DATE clause is omitted.
DEFAULT_PRIVILEGES
Defines the privileges initially active when connecting to the database. These must be a subset of those privileges granted to the user.
When specified in conjunction with ADD PRIVILEGE, the default privileges are added to the existing default privileges for the user; otherwise, the specified default privileges will replace the existing default privileges for the user.
NODEFAULT_PRIVILEGES
Specifies that the session is started with no privileges active. Allows default privileges to be removed.
profile_name
Allows a profile to be specified for the user.
Default: NOPROFILE if the profile clause is omitted.
user_password
Allows the user to change her own password. If the OLDPASSWORD clause is missing or invalid, the password is unchanged. In addition, users with the MAINTAIN_USERS privilege can change or remove any password.
EXTERNAL_PASSWORD
Allows the user's password to be authenticated externally to Actian X. The password is passed to an external authentication server for authentication.
oldpassword
Specifies the user's old password.
DBMS_AUTHENTICATION =
Indicates whether DBMS authentication is required or optional.
'REQUIRED'
Allows only connection requests that specify the user name and password defined at the DBMS Server level and to a dbms_authentication enabled DBMS Server to succeed; other connections fail. Users with the “security” privilege, including the installation owner, cannot be defined as DBMS_AUTHENTICATION='REQUIRED'.
'OPTIONAL'
Allows connection requests that specify a user name and password defined at the operating system level, an installation password, or a Kerberos principle to succeed. In particular, this allows a local connection to a dbms_authentication server to succeed through implicit OS login authentication, without requiring the DBMS password.
Default: 'OPTIONAL'
Embedded Usage
In an embedded ALTER USER statement, specify the WITH clause using a host string variable (with :hostvar). The privilege type can be specified using a host string variable.
Permissions
You must have MAINTAIN_USERS privilege and be connected to the iidbdb database.
You must have MAINTAIN_AUDIT privilege to change security audit attributes.
Note:  The MAINTAIN_USERS privilege is not required for users who simply want to change their own password.
Locking
The ALTER USER statement locks pages in the iiuser system catalog.
Related Statements
CREATE USER
CREATE PROFILE
ALTER PROFILE
DROP PROFILE
Last modified date: 11/09/2022