FirebirdSQL logo
 User AuthenticationSQL Privileges 

ALTER USER

Alters a Firebird user account

Available in

DSQL

Syntax
ALTER {USER username | CURRENT USER}
  [SET] [<user_option> [<user_option> ...]]
  [TAGS (<user_var> [, <user_var> ...]]

<user_option> ::=
    PASSWORD 'password'
  | FIRSTNAME 'firstname'
  | MIDDLENAME 'middlename'
  | LASTNAME 'lastname'
  | {GRANT | REVOKE} ADMIN ROLE
  | {ACTIVE | INACTIVE}
  | USING PLUGIN plugin_name

<user_var> ::=
    tag_name = 'tag_value'
  | DROP tag_name

See [fblangref50-security-user-create] for details on the statement parameters.

Any user can alter their own account, except that only an administrator may use GRANT/REVOKE ADMIN ROLE and ACTIVE/INACTIVE.

All clauses are optional, but at least one other than USING PLUGIN must be present:

  • The PASSWORD parameter is for changing the password for the user

  • FIRSTNAME, MIDDLENAME and LASTNAME update these optional user properties, such as the person’s first name, middle name and last name respectively

  • GRANT ADMIN ROLE grants the user the privileges of the RDB$ADMIN role in the security database ({secdb}), enabling them to manage the accounts of other users.It does not grant the user any special privileges in regular databases.

  • REVOKE ADMIN ROLE removes the user’s administrator in the security database which, once the transaction is committed, will deny that user the ability to alter any user account except their own

  • ACTIVE will enable a disabled account (not supported for Legacy_UserManager)

  • INACTIVE will disable an account (not supported for Legacy_UserManager).This is convenient to temporarily disable an account without deleting it.

  • USING PLUGIN specifies the user manager plugin to use

  • TAGS can be used to add, update or remove (DROP) additional custom attributes (not supported for Legacy_UserManager).Attributes not listed will not be changed.

See [fblangref50-security-user-create] for more details on the clauses.

If you need to change your own account, then instead of specifying the name of the current user, you can use the CURRENT USER clause.

Warning

The ALTER CURRENT USER statement follows the normal rules for selecting the user manager plugin.If the current user was created with a non-default user manager plugin, they will need to explicitly specify the user manager plugins with USING PLUGIN plugin_name, or they will receive an error that the user is not found.Or, if a user with the same name exists for the default user manager, they will alter that user instead.
Note

Remember to commit your work if you are working in an application that does not auto-commit DDL.

Who Can Alter a User?

To modify the account of another user, the current user must have

  • administrator privileges in the security database

  • the USER_MANAGEMENT system privilege in the security databaseUsers with the USER_MANAGEMENT system privilege can not grant or revoke the admin role.

Anyone can modify their own account, except for the GRANT/REVOKE ADMIN ROLE and ACTIVE/INACTIVE options, which require administrative privileges to change.