ALTER USER|ROLE… PROFILE MANAGEMENT CLAUSES v10

Name

ALTER USER|ROLE

Synopsis

ALTER USER|ROLE <name> [[WITH] option[…]

where option can be the following compatible clauses:

  PROFILE <profile_name>
| ACCOUNT {LOCK|UNLOCK}
| PASSWORD EXPIRE [AT '<timestamp>']

or option can be the following non-compatible clauses:

| PASSWORD SET AT '<timestamp>'
| LOCK TIME '<timestamp>'
| STORE PRIOR PASSWORD {'<password>' '<timestamp>} [, ...]

For information about the administrative clauses of the ALTER USER or ALTER ROLE command that are supported by Advanced Server, see the PostgreSQL core documentation available at:

https://www.postgresql.org/docs/10/static/sql-commands.html

Only a database superuser can use the ALTER USER|ROLE clauses that enforce profile management. The clauses enforce the following behaviors:

  • Include the PROFILE clause and a profile_name to associate a pre-defined profile with a role, or to change which pre-defined profile is associated with a user.

  • Include the ACCOUNT clause and the LOCK or UNLOCK keyword to specify that the user account should be placed in a locked or unlocked state.

  • Include the LOCK TIME 'timestamp' clause and a date/time value to lock the role at the specified time, and unlock the role at the time indicated by the PASSWORD_LOCK_TIME parameter of the profile assigned to this role. If LOCK TIME is used with the ACCOUNT LOCK clause, the role can only be unlocked by a database superuser with the ACCOUNT UNLOCK clause.

  • Include the PASSWORD EXPIRE clause with the AT 'timestamp' keywords to specify a date/time when the password associated with the role will expire. If you omit the AT 'timestamp' keywords, the password will expire immediately.

  • Include the PASSWORD SET AT 'timestamp' keywords to set the password modification date to the time specified.

  • Include the STORE PRIOR PASSWORD {'password' 'timestamp} [, ...] clause to modify the password history, adding the new password and the time the password was set.

Each login role may only have one profile. To discover the profile that is currently associated with a login role, query the profile column of the DBA_USERS view.

Parameters

name

The name of the role with which the specified profile will be associated.

password

The password associated with the role.

profile_name

The name of the profile that will be associated with the role.

timestamp

The date and time at which the clause will be enforced. When specifying a value for timestamp, enclose the value in single-quotes.

Notes

For information about the Postgres-compatible clauses of the ALTER USER or ALTER ROLE command, see the PostgreSQL core documentation available at:

https://www.postgresql.org/docs/10/static/sql-alterrole.html

Examples

The following command uses the ALTER USER… PROFILE command to associate a profile named acctg with a user named john:

ALTER USER john PROFILE acctg_profile;

The following command uses the ALTER ROLE… PROFILE command to associate a profile named acctg with a user named john:

ALTER ROLE john PROFILE acctg_profile;

See Also

CREATE USER|ROLE… PROFILE MANAGEMENT CLAUSES