User Management

KalamDB includes built-in authentication and role-based access control (RBAC).

CREATE USER

SQL

1CREATE USER '<username>'2  WITH <PASSWORD '<password>' | OIDC '<json-auth-data>'3  ROLE <user|service|dba|system>4  [EMAIL '<email>'];

Roles

Role	Description
`user`	Standard user — access to own tables
`service`	Service account — for bots and integrations
`dba`	Database administrator — full table management
`system`	System-level — unrestricted access

Examples

SQL

1-- Create a regular user with password2CREATE USER 'alice'3  WITH PASSWORD 'SecurePass123!'4  ROLE user5  EMAIL 'alice@example.com';6 7-- Create a service account8CREATE USER 'chat_bot'9  WITH PASSWORD 'BotSecret456!'10  ROLE service;11 12-- Create an OIDC-mapped user (issuer + subject are required)13CREATE USER 'google-user-123'14  WITH OIDC '{"issuer":"https://accounts.google.com","subject":"google-user-123"}'15  ROLE user16  EMAIL 'alice@example.com';17 18-- Create a DBA19CREATE USER 'admin'20  WITH PASSWORD 'AdminPass789!'21  ROLE dba22  EMAIL 'admin@example.com';

ALTER USER

SQL

1-- Change password2ALTER USER '<username>' SET PASSWORD '<new_password>';3 4-- Change role5ALTER USER '<username>' SET ROLE <user|service|dba|system>;6 7-- Update email8ALTER USER '<username>' SET EMAIL '<new_email>';

Examples

SQL

1ALTER USER 'alice' SET PASSWORD 'NewSecurePass!';2ALTER USER 'alice' SET ROLE dba;3ALTER USER 'alice' SET EMAIL 'alice.new@example.com';

DROP USER

SQL

1DROP USER '<username>';2DROP USER IF EXISTS '<username>';

Dropping a user also removes their per-user storage directory, providing GDPR-compliant data deletion.

SQL

1DROP USER IF EXISTS 'alice';