FirebirdSQL logo

Who Can Alter a User?

To modify the account of another user, the current user must have

  • administrator privileges in the security database

  • the USER_MANAGEMENT system privilege in the security databaseUsers with the USER_MANAGEMENT system privilege can not grant or revoke the admin role.

Anyone can modify their own account, except for the GRANT/REVOKE ADMIN ROLE and ACTIVE/INACTIVE options, which require administrative privileges to change.

ALTER USER Examples

  1. Changing the password for the user bobby and granting them user management privileges:

    ALTER USER bobby PASSWORD '67-UiT_G8'
    GRANT ADMIN ROLE;
  2. Editing the optional properties (the first and last names) of the user dan:

    ALTER USER dan
    FIRSTNAME 'No_Jack'
    LASTNAME 'Kennedy';
  3. Revoking user management privileges from user dumbbell:

    ALTER USER dumbbell
    DROP ADMIN ROLE;

docnext count = 5

CREATE OR ALTER USER

Creates a Firebird user account if it doesn’t exist, or alters a Firebird user account

Available in

DSQL

Syntax
CREATE OR ALTER USER username
  [SET] [<user_option> [<user_option> ...]]
  [TAGS (<user_var> [, <user_var> ...]]

<user_option> ::=
    PASSWORD 'password'
  | FIRSTNAME 'firstname'
  | MIDDLENAME 'middlename'
  | LASTNAME 'lastname'
  | {GRANT | REVOKE} ADMIN ROLE
  | {ACTIVE | INACTIVE}
  | USING PLUGIN plugin_name

<user_var> ::=
    tag_name = 'tag_value'
  | DROP tag_name

See [fblangref50-security-user-create] and [fblangref50-security-user-alter] for details on the statement parameters.

If the user does not exist, it will be created as if executing a CREATE USER statement.If the user already exists, it will be modified as if executing an ALTER USER statement.The CREATE OR ALTER USER statement must contain at least one of the optional clauses other than USING PLUGIN.If the user does not exist yet, the PASSWORD clause is required.

Note

Remember to commit your work if you are working in an application that does not auto-commit DDL.

CREATE OR ALTER USER Examples

Creating or altering a user
CREATE OR ALTER USER john PASSWORD 'fYe_3Ksw'
FIRSTNAME 'John'
LASTNAME 'Doe'
INACTIVE;

DROP USER

Drops a Firebird user account

Available in

DSQL

Syntax
DROP USER username
  [USING PLUGIN plugin_name]
Table 1. DROP USER Statement Parameter
Parameter Description

username

Username

plugin_name

Name of the user manager plugin

The optional USING PLUGIN clause explicitly specifies the user manager plugin to use for dropping the user.Only plugins listed in the UserManager configuration for this database (firebird.conf, or overridden in databases.conf) are valid.The default user manager (first in the UserManager configuration) is applied when this clause is not specified.

Important

Users of the same name created using different user manager plugins are different objects.Therefore, the user created with one user manager plugin can only be dropped by that same plugin.

Note

Remember to commit your work if you are working in an application that does not auto-commit DDL.

Who Can Drop a User?

To drop a user, the current user must have

DROP USER Example

  1. Deleting the user bobby:

    DROP USER bobby;
  2. Removing a user created with the Legacy_UserManager plugin:

    DROP USER Godzilla
      USING PLUGIN Legacy_UserManager;