ALTER PRIVILEGE GROUP
Syntax
ALTER PRIVILEGE GROUP pg-name alter-members;
alter-members is: { add-members | delete-members }
add-members is: ADD ( authid [, authid ] ... )
delete-members is: DELETE ( authid [, authid ] ... )
Description
The ALTER PRIVILEGE GROUP statement adds or removes one or more members from explicit privilege groups.
Parameters
pg-name
- is the name of an existing explicit privilege group, an SQL identifier. It cannot be in the same format as a valid Guardian group name.
alter-members
- specifies whether members must be added or removed from the privilege group using ADD or DELETE options.
authid
- specifies an authorization ID which must be a valid existing Guardian username, enclosed in double quotes, or an External Username that is already associated with one of the Guardian users. If authid is a Guardian username, then it is not case-sensitive.
Considerations
-
The metadata for the system catalog must be 3500 or higher.
-
While adding members to the privilege group, you cannot specify the same username twice or specify a user that is already a member of the privilege group.
-
The added members get the access rights that are granted to the privilege group. Deleting a member from the privilege group revokes the group rights.
Authorization Requirements
-
To ALTER PRIVILEGE GROUP, you must be one of the following:
-
Privilege group owner
-
Security Administrator
-
Super ID (if Super ID is a part of the Security Administrator’s group or if no Security Administrator’s group exists)
-
-
If the user altering the privilege group is a member of the Security Administrator’s group, then any member of the Security Administrator’s group cannot be added.
Example Command
-
To add Guardian users to a privilege group:
ALTER PRIVILEGE GROUP temp_users ADD ( "USER1", "USER2" );
-
To remove a user from a privilege group:
ALTER PRIVILEGE GROUP temp_users DELETE ( "USER2" );