On this page
The DROP ROLE
statement removes one or more SQL roles. You can use the keywords ROLE
and USER
interchangeably. DROP USER
is an alias for DROP ROLE
.
Note:
The DROP ROLE
statement performs a schema change. For more information about how online schema changes work in CockroachDB, see Online Schema Changes.
Considerations
- The
admin
user/role cannot be dropped, androot
must always be a member ofadmin
. - A user/role cannot be dropped if it has privileges. Use
REVOKE
to remove privileges. - Users/roles that own objects (such as databases, tables, schemas, and types) cannot be dropped until the ownership is transferred to another user/role.
- If a user/role is logged in while a different session drops that user, CockroachDB checks that the user exists before allowing it to inherit privileges from the
public
role. In addition, any active web sessions are revoked when a user is dropped.
Required privileges
Non-admin roles cannot drop admin roles. To drop non-admin roles, the role must be a member of the admin
role or have the CREATEROLE
parameter set.
Synopsis
Parameters
Parameter | Description |
---|---|
name |
The name of the role to remove. To remove multiple roles, use a comma-separate list of roles. You can use SHOW ROLES to find the names of roles. |
Example
In this example, first check a role's privileges. Then, revoke the role's privileges and remove the role.
> SHOW GRANTS ON documents FOR dev_ops;
+------------+--------+-----------+---------+------------+
| Database | Schema | Table | User | Privileges |
+------------+--------+-----------+---------+------------+
| jsonb_test | public | documents | dev_ops | INSERT |
+------------+--------+-----------+---------+------------+
> REVOKE INSERT ON documents FROM dev_ops;
Note:
All of a role's privileges must be revoked before the role can be dropped.> DROP ROLE dev_ops;