ALTER PRIVILEGE GROUP

Syntax

ALTER PRIVILEGE GROUP pg-name alter-members;

alter-members is: { add-members | delete-members }

add-members is: ADD ( authid [, authid ] ... )

delete-members is: DELETE ( authid [, authid ] ... )

The ALTER PRIVILEGE GROUP statement adds or removes one or more members from explicit privilege groups.

pg-name: is the name of an existing explicit privilege group, an SQL identifier. It cannot be in the same format as a valid Guardian group name.
alter-members: specifies whether members must be added or removed from the privilege group using ADD or DELETE options.
authid: specifies an authorization ID which must be a valid existing Guardian username, enclosed in double quotes, or an External Username that is already associated with one of the Guardian users. If authid is a Guardian username, then it is not case-sensitive.

The metadata for the system catalog must be 3500 or higher.
While adding members to the privilege group, you cannot specify the same username twice or specify a user that is already a member of the privilege group.
The added members get the access rights that are granted to the privilege group. Deleting a member from the privilege group revokes the group rights.

To ALTER PRIVILEGE GROUP, you must be one of the following:
- Privilege group owner
- Security Administrator
- Super ID (if Super ID is a part of the Security Administrator’s group or if no Security Administrator’s group exists)
If the user altering the privilege group is a member of the Security Administrator’s group, then any member of the Security Administrator’s group cannot be added.

To add Guardian users to a privilege group:

ALTER PRIVILEGE GROUP temp_users ADD ( "USER1", "USER2" );

To remove a user from a privilege group:

ALTER PRIVILEGE GROUP temp_users DELETE ( "USER2" );