> ## Documentation Index
> Fetch the complete documentation index at: https://docs.risingwave.com/llms.txt
> Use this file to discover all available pages before exploring further.

# ALTER USER

> Use the `ALTER USER` command to modify the name, password, system permissions, and other properties of an existing user.

## Syntax

```sql Alter user name theme={null}
ALTER USER user_name
    RENAME TO new_user_name

```

```sql Alter user properties theme={null}
CREATE USER user_name [ [ WITH ] system_permission [ ... ]['PASSWORD' { password | NULL }] ];

```

```sql Alter user authentication method theme={null}
ALTER USER user_name WITH oauth (
  jwks_url = 'xxx.com',
  issuer = 'risingwave',
  other_params_should_match = 'xxx',
);
```

## Parameters

| Parameter or clause  | Description                                                                                                                        |
| :------------------- | :--------------------------------------------------------------------------------------------------------------------------------- |
| *user\_name*         | The name of the user to be modified.                                                                                               |
| *new\_user\_name*    | The new name of the user.                                                                                                          |
| *system\_permission* | See [the options for system permissions of the CREATE USER command](/sql/commands/sql-create-user#syntax-for-creating-a-new-user). |

<Note>
  The `rwadmin` user cannot be altered, renamed, or dropped except for password changes made by the `rwadmin` user itself. This restriction ensures system security for cloud control plane operations.
</Note>

For the alter user authentication method, the `jwks_url` and `issuer` parameters are mandatory. On the other hand, `other_params_should_match` is an optional parameter that will be validated against `jwt.claims`. Ensure that all keys in the options are in **lowercase**.

<Note>
  `kid` and `alg` are required in the header of JWT, and `kid` is also required in the JWKs returned by the JWKS server. All parameters set in user creation (except `jwks_url`) will be checked in the claims of JWT. Any mismatch will deny the login process.
</Note>

## Examples

The following statement renames the user `user1` to `user001`.

```sql theme={null}
ALTER USER user1 RENAME TO user001;
```

The following statement modifies the password and privileges of `user001`.

```sql theme={null}
ALTER USER user001 NOSUPERUSER CREATEDB PASSWORD '4d2Df1ee5';
```