Changes the password for the specified user.

Syntax

ALTER USER { 'username'|'username@domain_name' }, 
    
{FOR SQL ONLY|NOT FOR SQL ONLY};
ALTER USER { 'username'|'username@domain_name' }
'old_password', 'new_password'

Parameters

username

Specifies the username. The username must be enclosed in a single quote.

domain_name

Specifies the domain name that the user is associated with. The username@domain_name must be enclosed in single quotes.

old_password

Specifies the current password for the user. The password must be enclosed in quotes.

new_password

Specifies a new password for the user. The password must be enclosed in quotes.

To set a new password without specifying the old password, use the following syntax:

ALTER USER 'username', 'new_password';

Notes

  • Used in conjunction with CREATE USER and DROP USER, the ALTER USER statement provides a way to change a user password.
  • When you change a password, the new hash is generated using Password-Based Key Derivation Function 2 (PBKDF2). PBKDF2-based hashing is applied by default, regardless of whether FIPS mode is enabled or disabled on the OpenEdge installation. If FIPS mode is enabled, only users with PBKDF2-based passwords can log in. Users created in OpenEdge Releases 12.8 or earlier, whose passwords were hashed using non-FIPS-compliant algorithms, fail to log in. To ensure all users are FIPS-compliant, DBAs should use the ALTER USER statement to reset or update the passwords of legacy users. This action regenerates the password using PBKDF2, making the account compatible with FIPS requirements.

    For more information, see FIPS mode.

  • The old_password specification must match the current password for username.
  • The phrase FOR SQL ONLY is optional and if you use the phrase while issuing the ALTER USER statement, the user that is altered is used only by OE SQL. This user is no longer available to ABL and is referred to as a SQL only user. SQL only users do not affect ABL. If an OpenEdge Database contains only SQL only users, ABL treats the database as if there are no users in it. To revert this attribute, use the NOT FOR SQL ONLY phrase and this causes the user to be a multi-purpose user. Only users with DBA priviliges can execute the ALTER USER statement with the FOR SQL ONLY or the NOT FOR SQL ONLY attribute.

Examples

ALTER USER to change the account password

In this example, the ALTER USER statement Jasper changes the Jasper account password from normandy to brittany:

ALTER USER 'Jasper', 'normandy', 'brittany' ;

ALTER USER to change the account password and make the user SQL ONLY

In this example, the ALTER USER statement Jasper changes the Jasper account password from normandy to brittany and also changes the user to a SQL ONLY user:

ALTER USER 'Jasper', 'normandy', 'brittany' FOR SQL ONLY;

ALTER USER to change the account password and change the user to Multi-purpose from SQL ONLY

In this example, the ALTER USER statement Jasper changes the Jasper account password from normandy to brittany and also changes the user to a Multi-purpose user from SQL ONLY user:

ALTER USER 'Jasper', 'normandy', 'brittany' NOT FOR SQL ONLY ;

ALTER USER to change the password for a user associated with a domain

The example displayed below shows how to change the password for a user associated with a domain. The following ALTER USER statement changes the password from normandy to brittany for the user Jasper associated with mtdomain domain:

ALTER USER 'Jasper@mtdomain', 'normandy', 'brittany' ;