Granting and Revoking Authentication Methods

Before Vertica can validate a user or client through an authentication method, you must first associate that authentication method with the user or role that requires it. To do this, use GRANT AUTHENTICATION. When that user or role no longer needs to connect to Vertica using that method, you can disassociate that authentication from that user with REVOKE AUTHENTICATION.

Grant Authentication Methods

You can grant an authentication method to a specific user or role. You can also specify the default authentication method by granting an authentication method to Public. Use the GRANT (Authentication) statement as follows:

This example uses a GRANT AUTHENTICATION statement to associate v_ldap authentication with user jsmith:

=> GRANT AUTHENTICATION v_ldap TO jsmith;

This example uses a GRANT AUTHENTICATION statement to associate v_gss authentication to the role DBprogrammer:

=> CREATE ROLE DBprogrammer;
=> GRANT AUTHENTICATION v_gss to DBprogrammer;

This example sets the default client authentication method to v_localpwd:

=> GRANT AUTHENTICATION v_localpwd TO Public;

Revoke Authentication Methods

If you no longer want to authenticate a user or client with a given authentication method, use the REVOKE (Authentication) statement as follows:

This example revokes v_ldap authentication from user jsmith:

=> REVOKE AUTHENTICATION v_ldap FROM jsmith;

This example revokes v_gss authentication from the role DBprogrammer:

=> REVOKE AUTHENTICATION v_gss FROM DBprogrammer;

This example removes localpwd as the default client authentication method:

=> REVOKE AUTHENTICATION localpwd from Public;