ALTER USER command. For details about the system permissions, see System permissions.
Database privileges can be configured later by using GRANT and REVOKE commands. The privileges are managed at these object levels:
- Database
- Schema
- Table
- Source
- Materialized view
Users
RisingWave automatically creates three superuser accounts during cluster initialization:root- Default superuser accountpostgres- PostgreSQL-compatible superuser accountrwadmin- Reserved superuser account for cloud control plane operations
The
rwadmin user cannot be altered, renamed, or dropped to ensure system security. Only the rwadmin user itself can change its password.Create users
Syntax
Alter users
You can alter the system permissions, password, or name of a user by using theALTER USER command.
The following statement modifies the password and initial permissions of user001.
user1 to user001.
Privileges
See the table below for the privileges available in RisingWave and the corresponding object levels that they can apply to.| Privilege | Description | Object Level |
|---|---|---|
| SELECT | Permission to retrieve data from a relation object. | Table, Source, Materialized View |
| INSERT | Permission to add new rows to a table. | Table |
| UPDATE | Permission to modify existing data in a table. | Table |
| DELETE | Permission to remove rows from a table. | Table |
| CREATE | Permission to create new objects within the database. | Schema, Database |
| CONNECT | Permission to connect to a database. | Database |
| USAGE | Permission to use or look up an object’s members. | Schema |
GRANT command to grant privileges to a user, and the REVOKE command to revoke privileges from a user. For the syntaxes of these two commands, see GRANT and REVOKE.
This statement grants the SELECT privilege for materialized view mv1, which is in schema schema1 of database db1, to user user1. user1 is able to grant the SELECT privilege to other users.
SELECT and UPDATE privileges for table t1 to user user1.