On this page 
The DROP ROLE statement removes one or more SQL roles. You can use the keywords ROLE and USER interchangeably. DROP USER is an alias for DROP ROLE.
Note:
The DROP ROLE statement performs a schema change. For more information about how online schema changes work in CockroachDB, see Online Schema Changes.
Considerations
- The
adminuser/role cannot be dropped, androotmust always be a member ofadmin. - A user/role cannot be dropped if it has privileges. Use
REVOKEto remove privileges. - Users/roles that own objects (such as databases, tables, schemas, and types) cannot be dropped until the ownership is transferred to another user/role.
- If a user/role is logged in while a different session drops that user, CockroachDB checks that the user exists before allowing it to inherit privileges from the
publicrole. In addition, any active web sessions are revoked when a user is dropped.
Required privileges
Non-admin roles cannot drop admin roles. To drop non-admin roles, the role must be a member of the admin role or have the CREATEROLE parameter set.
Synopsis
Parameters
| Parameter | Description |
|---|---|
name |
The name of the role to remove. To remove multiple roles, use a comma-separate list of roles. You can use SHOW ROLES to find the names of roles. |
Example
In this example, first check a role's privileges. Then, revoke the role's privileges and remove the role.
> SHOW GRANTS ON documents FOR dev_ops;
+------------+--------+-----------+---------+------------+
| Database | Schema | Table | User | Privileges |
+------------+--------+-----------+---------+------------+
| jsonb_test | public | documents | dev_ops | INSERT |
+------------+--------+-----------+---------+------------+
> REVOKE INSERT ON documents FROM dev_ops;
Note:
All of a role's privileges must be revoked before the role can be dropped.> DROP ROLE dev_ops;
See also
- Authorization
- Authorization Best Practices
CREATE ROLESHOW ROLESGRANTSHOW GRANTS- SQL Statements
- Online Schema Changes
Was this helpful?
