Manage Cluster User Authorization

On this page Carat arrow pointing down

This page documents procedures for managing the lifecycle of SQL users and roles on CockroachDB clusters.

Procedures for managing access are covered in Managing Access in CockroachDB Cloud.

Note:

The concept of Organization user is distinct from Authorization of SQL user/role on clusters is distinct from authorization of CockroachDB Cloud users within CockroachDB Cloud organizations.

Learn more: Overview of the CockroachDB Cloud authorization model

For reference documentation and explanation of related concepts, see Security Reference—Authorization.

Create CockroachDB users

Use the CREATE USER and DROP USER statements to create and remove users, the ALTER USER statement to add or change a user's password and role options, the GRANT and REVOKE statements to manage the user’s privileges, and the SHOW USERS statement to list users.

A new user must be granted the required privileges for each database and table that the user needs to access.

Note:

By default, a new user belongs to the public role and has no privileges other than those assigned to the public role.

Create and manage roles

For examples showing how to create and manage your cluster's users and roles, refer to the following documentation:

Statement Description
CREATE ROLE Create SQL roles.
DROP ROLE Remove one or more SQL roles.
ALTER ROLE Change passwords, role options, and default session variables for a role.
CREATE USER Create SQL users.
DROP USER Remove one or more SQL users.
ALTER USER Change passwords and role options for a user.
GRANT Manage each role or user's SQL privileges for interacting with specific databases and tables, or add a role or user as a member to a role.
REVOKE Revoke privileges from users and/or roles, or revoke a role or user's membership to a role.
SHOW ROLES List the roles for all databases.
SHOW GRANTS List the privileges granted to users.

See also


Yes No
On this page

Yes No