286286[source, syntax, role="noheader"]
287287----
288288ALTER USER name [IF EXISTS]
289+ [REMOVE HOME DATABASE]
290+ [REMOVE { AUTH [PROVIDER[S]] provider[, ...] \| ALL AUTH [PROVIDER[S]] }]...
289291 [SET [PLAINTEXT \| ENCRYPTED] PASSWORD 'password']
290292 [[SET PASSWORD] CHANGE [NOT] REQUIRED]
291293 [SET STATUS {ACTIVE \| SUSPENDED} ]
292294 [SET HOME DATABASE name]
293295 [SET AUTH [PROVIDER] 'provider' "{"{SET <key> <value>}..."}"]...
294- [REMOVE HOME DATABASE]
295- [REMOVE { AUTH [PROVIDER[S]] provider[, ...] \| ALL AUTH [PROVIDER[S]] }]...
296296----
297297`<key><value>` pairs for the `SET AUTH` clause could include:
298298[source, syntax, role="noheader"]
@@ -309,7 +309,10 @@ SET AUTH [PROVIDER] 'provider' "{"
309309| Description
310310a|
311311Modifies the settings for an existing user.
312- At least one `SET` or `REMOVE` clause is required.
312+
313+ * At least one `SET` or `REMOVE` clause is required.
314+ * Any `REMOVE` clause(s) must appear before the first `SET` clause.
315+
313316
314317For more information, see xref:authentication-authorization/manage-users.adoc#access-control-alter-users[Modifying users].
315318
@@ -676,7 +679,7 @@ SHOW USERS WITH AUTH
676679|<null>
677680|"native"
678681|{
679- "password": "***",
682+ "password": "********* ",
680683"changeRequired": false
681684}
682685|"jack"
@@ -686,7 +689,7 @@ SHOW USERS WITH AUTH
686689|<null>
687690|"native"
688691|{
689- "password": "***",
692+ "password": "********* ",
690693"changeRequired": false
691694}
692695|"jack"
@@ -973,13 +976,13 @@ Users can be modified with `ALTER USER`.
973976[source, syntax, role="noheader"]
974977----
975978ALTER USER name [IF EXISTS]
979+ [REMOVE HOME DATABASE]
980+ [REMOVE { AUTH [PROVIDER[S]] provider[, ...] \| ALL AUTH [PROVIDER[S]] }]...
976981 [SET [PLAINTEXT | ENCRYPTED] PASSWORD 'password']
977982 [[SET PASSWORD] CHANGE [NOT] REQUIRED]
978983 [SET STATUS {ACTIVE | SUSPENDED}]
979984 [SET HOME DATABASE name]
980985 [SET AUTH [PROVIDER] 'provider' "{"{SET <key> <value>}..."}"]...
981- [REMOVE HOME DATABASE]
982- [REMOVE { AUTH [PROVIDER[S]] provider[, ...] \| ALL AUTH [PROVIDER[S]] }]...
983986----
984987`<key><value>` pairs for the `SET AUTH` clause could include:
985988[source, syntax, role="noheader"]
@@ -1061,6 +1064,31 @@ SET AUTH 'native' {SET PASSWORD CHANGE REQUIRED}
10611064----
10621065======
10631066
1067+ [role=label--new-5.24]
1068+ [role=label--enterprise-edition]
1069+ .Modify the user `bob` to remove his native (username / password) auth and add an external OIDC Auth Provider:
1070+ ======
1071+ [source,cypher,role=noplay]
1072+ ----
1073+ ALTER USER bob
1074+ REMOVE AUTH 'native'
1075+ SET AUTH 'oidc-mysso1' {SET ID 'bobsUniqueMySso1Id'}
1076+ ----
1077+ ======
1078+
1079+ [role=label--new-5.24]
1080+ [role=label--enterprise-edition]
1081+ .Modify the user `bob` to remove any/all of his existing Auth Providers and add two external OIDC Auth Providers:
1082+ ======
1083+ [source,cypher,role=noplay]
1084+ ----
1085+ ALTER USER bob
1086+ REMOVE ALL AUTH
1087+ SET AUTH 'oidc-mysso1' {SET ID 'bobsUniqueMySso1Id'}
1088+ SET AUTH 'oidc-mysso2' {SET ID 'bobsUniqueMySso2Id'}
1089+ ----
1090+ ======
1091+
10641092.Assign the user `bob` a different home database:
10651093======
10661094[source,cypher,role=noplay]
@@ -1070,12 +1098,13 @@ SET HOME DATABASE anotherDbOrAlias
10701098----
10711099======
10721100
1073- .Remove the home database from the user `bob`:
1101+ .Remove the home database from the user `bob` and set their status to suspended :
10741102======
10751103[source,cypher,role=noplay]
10761104----
10771105ALTER USER bob
10781106REMOVE HOME DATABASE
1107+ SET STATUS SUSPENDED
10791108----
10801109======
10811110
0 commit comments