ALTER ROLE… IDENTIFIED BY v11

Name

ALTER ROLE -- change the password associated with a database role.

Synopsis

ALTER ROLE <role_name> IDENTIFIED BY <password>
          [REPLACE <prev_password>]

Description

A role without the CREATEROLE privilege may use this command to change their own password. An unprivileged role must include the REPLACE clause and their previous password if PASSWORD_VERIFY_FUNCTION is not NULL in their profile. When the REPLACE clause is used by a non-superuser, the server will compare the password provided to the existing password and raise an error if the passwords do not match.

A database superuser can use this command to change the password associated with any role. If a superuser includes the REPLACE clause, the clause is ignored; a non-matching value for the previous password will not throw an error.

If the role for which the password is being changed has the SUPERUSER attribute, then a superuser must issue this command. A role with the CREATEROLE attribute can use this command to change the password associated with a role that is not a superuser.

Parameters

role_name

The name of the role whose password is to be altered.

password

The role’s new password.

prev_password

The role’s previous password.

Examples

To change a role’s password:

ALTER ROLE john IDENTIFIED BY xyRP35z REPLACE 23PJ74a;