Manage Cluster User Authorization

This page documents procedures for managing the lifecycle of SQL users and roles on CockroachDB clusters.

Procedures for managing access are covered in Managing Access in CockroachDB Cloud.

For reference documentation and explanation of related concepts, see Security Reference—Authorization.

Create CockroachDB users

Use the CREATE USER and DROP USER statements to create and remove users, the ALTER USER statement to add or change a user's password and role options, the GRANT and REVOKE statements to manage the user’s privileges, and the SHOW USERS statement to list users.

A new user must be granted the required privileges for each database and table that the user needs to access.

Create and manage roles

For examples showing how to create and manage your cluster's users and roles, see the following documentation:

Statement	Description
CREATE ROLE	Create SQL roles.
DROP ROLE	Remove one or more SQL roles.
ALTER ROLE	Change passwords, role options, and default session variables for a role.
CREATE USER	Create SQL users.
DROP USER	Remove one or more SQL users.
ALTER USER	Change passwords and role options for a user.
GRANT	Manage each role or user's SQL privileges for interacting with specific databases and tables, or add a role or user as a member to a role.
REVOKE	Revoke privileges from users and/or roles, or revoke a role or user's membership to a role.
SHOW ROLES	List the roles for all databases.
SHOW GRANTS	List the privileges granted to users.

See also

• Client Connection Parameters
• SQL Statements
• CREATE USER
• ALTER USER
• DROP USER
• SHOW USERS
• CREATE ROLE
• ALTER ROLE
• DROP ROLE
• SHOW ROLES
• GRANT
• REVOKE
• SHOW GRANTS