> ## Documentation Index
> Fetch the complete documentation index at: https://cockroachlabs.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# DROP USER

export const InternalLink = ({version, path = "", children, ...props}) => {
  let detectedVersion = version || "stable";
  if (typeof window !== 'undefined' && !version) {
    const match = window.location.pathname.match(/\/docs\/([^/]+)/);
    if (match) {
      detectedVersion = match[1];
    }
  }
  const normalizedPath = path.startsWith("/") ? path.slice(1) : path;
  return <a href={`/docs/${detectedVersion}/${normalizedPath}`} {...props}>
      {children}
    </a>;
};

The `DROP USER` <InternalLink path="sql-statements">statement</InternalLink> removes one or more SQL users. You can use the keywords `ROLE` and `USER` interchangeably. `DROP USER` is an alias for <InternalLink path="drop-role">`DROP ROLE`</InternalLink>.

The `DROP USER` statement performs a schema change. For more information about how online schema changes work in CockroachDB, see <InternalLink path="online-schema-changes">Online Schema Changes</InternalLink>.

## Considerations

* The `admin` user/role cannot be dropped, and `root` must always be a member of `admin`.
* A user/role cannot be dropped if it has privileges. Use <InternalLink path="revoke">`REVOKE`</InternalLink> to remove privileges.
* Users/roles that <InternalLink path="security-reference/authorization#object-ownership">own objects</InternalLink> (such as databases, tables, schemas, and types) cannot be dropped until the <InternalLink path="alter-database">ownership is transferred to another user/role</InternalLink>.
* If a user/role is logged in while a <InternalLink path="show-sessions">different session</InternalLink> drops that user, CockroachDB checks that the user exists before allowing it to inherit privileges from <InternalLink path="security-reference/authorization">the `public` role</InternalLink>. In addition, any active <InternalLink path="ui-overview#authentication">web</InternalLink> <InternalLink path="cockroach-auth-session">sessions</InternalLink> are revoked when a user is dropped.

## Required privileges

Non-admin users cannot drop admin users. To drop non-admin users, the user must be a member of the `admin` role or have the <InternalLink path="create-user#create-a-user-that-can-create-other-users-and-manage-authentication-methods-for-the-new-users">`CREATEROLE`</InternalLink> parameter set.

## Synopsis

See <InternalLink path="drop-role#synopsis">`DROP ROLE`: Synopsis</InternalLink>.

## Parameters

| Parameter    | Description                                                                                                                                                                                   |
| ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `user\_name` | The name of the user to remove. To remove multiple users, use a comma-separate list of usernames.  You can use <InternalLink path="show-users">`SHOW USERS`</InternalLink> to find usernames. |

## Example

### Remove privileges

All of a user's privileges must be revoked before the user can be dropped.

In this example, first check a user's privileges. Then, revoke the user's privileges before removing the user.

```sql theme={"theme":{"light":"catppuccin-mocha","dark":"catppuccin-mocha"}}
CREATE DATABASE test;
CREATE TABLE customers (k int, v int);
CREATE USER max;
GRANT ALL ON TABLE customers TO max;
```

```sql theme={"theme":{"light":"catppuccin-mocha","dark":"catppuccin-mocha"}}
SHOW GRANTS ON customers FOR max;
```

```text theme={"theme":{"light":"catppuccin-mocha","dark":"catppuccin-mocha"}}
  database_name | schema_name | table_name | grantee | privilege_type | is_grantable
----------------+-------------+------------+---------+----------------+---------------
  test          | public      | customers  | max     | ALL            |      f
(1 row)
```

```sql theme={"theme":{"light":"catppuccin-mocha","dark":"catppuccin-mocha"}}
REVOKE CREATE,INSERT,UPDATE ON customers FROM max;
```

### Remove default privileges

In addition to removing a user's privileges, a user's <InternalLink path="security-reference/authorization#default-privileges">default privileges</InternalLink> must be removed prior to dropping the user. If you attempt to drop a user with modified default privileges, you will encounter an error like the following:

```sql theme={"theme":{"light":"catppuccin-mocha","dark":"catppuccin-mocha"}}
DROP USER max;
```

```text theme={"theme":{"light":"catppuccin-mocha","dark":"catppuccin-mocha"}}
ERROR: cannot drop role/user max: grants still exist on test.public.customers
SQLSTATE: 2BP01
```

To see what privileges the user still has remaining on the table, issue the following statement:

```sql theme={"theme":{"light":"catppuccin-mocha","dark":"catppuccin-mocha"}}
SHOW GRANTS ON TABLE test.customers FOR max;
```

```text theme={"theme":{"light":"catppuccin-mocha","dark":"catppuccin-mocha"}}
  database_name | schema_name | table_name | grantee | privilege_type | is_grantable
----------------+-------------+------------+---------+----------------+---------------
  test          | public      | customers  | max     | BACKUP         |      f
  test          | public      | customers  | max     | CHANGEFEED     |      f
  test          | public      | customers  | max     | DELETE         |      f
  test          | public      | customers  | max     | DROP           |      f
  test          | public      | customers  | max     | SELECT         |      f
  test          | public      | customers  | max     | ZONECONFIG     |      f
(6 rows)
```

To drop the user you must revoke all of the user's remaining privileges:

```sql theme={"theme":{"light":"catppuccin-mocha","dark":"catppuccin-mocha"}}
REVOKE ALL ON TABLE public.customers FROM max;
```

Now dropping the user should succeed:

```sql theme={"theme":{"light":"catppuccin-mocha","dark":"catppuccin-mocha"}}
DROP USER max;
```

## See also

* <InternalLink path="create-user">`CREATE USER`</InternalLink>
* <InternalLink path="alter-user">`ALTER USER`</InternalLink>
* <InternalLink path="show-users">`SHOW USERS`</InternalLink>
* <InternalLink path="grant">`GRANT`</InternalLink>
* <InternalLink path="show-grants">`SHOW GRANTS`</InternalLink>
* <InternalLink path="cockroach-cert">Create Security Certificates</InternalLink>
* <InternalLink path="sql-statements">SQL Statements</InternalLink>
