ALTER ROLE
Valid in: SQL, ESQL, OpenAPI, ODBC, JDBC, .NET
The ALTER ROLE statement changes the attributes associated with a role identifier.
Use ADD PRIVILEGES to give the user additional privileges. Use DROP PRIVILEGES to remove privileges from the user. You cannot use either ADD PRIVILEGES or DROP PRIVILEGES if with_option is specified in the with_clause.
The ALTER ROLE statement has the following format:
[EXEC SQL] ALTER ROLE role_id {, role_id}
[ADD PRIVILEGES ( priv {,priv} ) | DROP PRIVILEGES ( priv {,priv} )]
[WITH with_option {,with_option}]
with_option = NOPASSWORD | PASSWORD = 'role_password' | EXTERNAL_PASSWORD
| NOPRIVILEGES | PRIVILEGES = ( priv {,priv} )
| NOSECURITY_AUDIT | SECURITY_AUDIT = (audit_opt {,audit_opt})
role_id
Specifies an existing role ID created with the CREATE ROLE statement. If one or more of the specified role identifiers do not exist, the DBMS Server issues a warning, but all valid role identifiers are processed.
priv
Specifies a subject privilege, as described in
CREATE USER.
Note: These are requestable privileges. They must be activated using the SET SESSION ADD PRIVILEGES statement.
role_password
Defines the password for the role.
Caution! If no password is specified, any session has access to the specified role identifier and its associated permissions.
audit_opt
Defines security audit options, as described in
CREATE USER.
Embedded Usage
In an embedded ALTER ROLE statement, the preprocessor does not validate the syntax of the WITH clause.
Permissions
You must have MAINTAIN_USERS privilege and be connected to the iidbdb database.
You must have MAINTAIN_AUDIT privilege to change security audit attributes.
Locking
The ALTER ROLE statement locks pages in the iirole catalog of the iidbdb. This can cause sessions attempting to connect to the server to suspend until the statement is completed.
Related Statements
CREATE ROLE
DROP ROLE
Last modified date: 11/28/2023