Why does a user receive a "permission denied" error when trying to update their user password in PostgreSQL?

Question

I have several users of our PostgreSQL (12) database who are not superusers. From the docs, it would appear that any "ordinary" user should be able to set their password to something new, via:

ALTER ROLE [user] WITH ENCRYPTED PASSWORD '[new password]' VALID UNTIL '2021-11-30'

However, when a non-superuser tries this, they receive a "permission denied" error.

For context, we would like to have database users update their passwords once every 3 months, for security purposes.

I don't think a regular user is allowed to change the `valid until` option. — , Aug 26 '21 at 13:28
a_horse_with_no_name -- thank you! It appears you're correct. The users can indeed set passwords, but cannot apply the VALID UNTIL option. Would you like to add this as a documented answer, so I can award you the bounty? — M. Andersen, Aug 26 '21 at 14:11

score 0 · Accepted Answer · answered Aug 26 '21 at 14:13

0

A regular user can not set the valid until option.

And if you think about it, it wouldn't make sense, as the user then could choose a much longer period.

answered Aug 26 '21 at 14:13

Why does a user receive a "permission denied" error when trying to update their user password in PostgreSQL?

1 Answers1