diff --git a/docs-2.0/7.data-security/1.authentication/2.management-user.md b/docs-2.0/7.data-security/1.authentication/2.management-user.md
index af8a030f851..ef6c89bcb6f 100644
--- a/docs-2.0/7.data-security/1.authentication/2.management-user.md
+++ b/docs-2.0/7.data-security/1.authentication/2.management-user.md
@@ -172,17 +172,33 @@ The `root` user with the **GOD** role can run `ALTER USER` to set a new password
 - Syntax with enterprise edition
   
   ```ngql
-    ALTER USER <user_name> WITH PASSWORD '<password>' [WITH IP WHITELIST <ip_list>];
+    ALTER USER <user_name> [WITH PASSWORD '<password>'] [WITH IP WHITELIST <ip_list>];
   ```
 
 - Example with enterprise edition
 
   !!! enterpriseonly
 
-        When `WITH IP WHITELIST` is not used, the IP address whitelist is removed and the user can connect to the NebulaGraph by any IP address.
+        Using `WITH IP WHITELIST` without any IP after it means whitelisting is canceled and users can connect to NebulaGraph using any IP.
 
   ```ngql
+  nebula> ALTER USER user2 WITH PASSWORD 'change_password';
   nebula> ALTER USER user2 WITH PASSWORD 'nebula' WITH IP WHITELIST 192.168.10.10;
+  nebula> SHOW USERS;
+  +---------+-----------------+
+  | Account | IP Whitelist    |
+  +---------+-----------------+
+  | "root"  | ""              |
+  | "user2" | "192.168.10.10" |
+  +---------+-----------------+
+  nebula> ALTER USER user2 WITH IP WHITELIST;
+  nebula> SHOW USERS;
+  +---------+--------------+
+  | Account | IP Whitelist |
+  +---------+--------------+
+  | "root"  | ""           |
+  | "user2" | ""           |
+  +---------+--------------+
   ```
 
 {{ ent.ent_end }}