We have migrated to new Google sites!
ALTER ROLE name RENAME TO newname
ALTER ROLE name SET config_parameter {TO | =} {value | DEFAULT}
ALTER ROLE name RESET config_parameter
ALTER ROLE name RESOURCE QUEUE {queue_name | NONE}
ALTER ROLE name [ [WITH] option [ ... ] ]
where option can be:
SUPERUSER | NOSUPERUSER | CREATEDB | NOCREATEDB | CREATEROLE | NOCREATEROLE | CREATEEXTTABLE | NOCREATEEXTTABLE [ ( attribute='value'[, ...] ) ] where attributes and value are: type='readable'|'writable' protocol='gpfdist'|'http' | INHERIT | NOINHERIT | LOGIN | NOLOGIN | CONNECTION LIMIT connlimit | [ENCRYPTED | UNENCRYPTED] PASSWORD 'password' | VALID UNTIL 'timestamp' | [ DENY deny_point ] | [ DENY BETWEEN deny_point AND deny_point] | [ DROP DENY FOR deny_point ]
When a non super user role is created in Greenplum, it does not have privilege to create external (readable or writable ) table. Grant options is not good to allow a role to create external table. It is done through alter role command. For example
create role etlroleext;
alter role etlroleext with CREATEEXTTABLE (type='readable',protocol='gpfdist');
alter role etlroleext with CREATEEXTTABLE (type='writable',protocol='gpfdist');
Please note that etlroleext is a group role. If you want to grant external priv directly to individual etl users you can do so by,
create role etluser1 login;
alter role etluser1 with CREATEEXTTABLE (type='readable',protocol='gpfdist');
alter role etluser1 with CREATEEXTTABLE (type='writable',protocol='gpfdist');