Removing a Grantee From a User-Extended Role

Remove a user or role as a member (grantee) of a user-extended role. Grantees lose the ability to use any underlying system privileges or roles of the user-extended role.

Prerequisites
Database Version Role-Based User-Extended Role Privileges
SAP Sybase IQ 15.3 and 15.4 Not supported.
SAP Sybase IQ 16.0 You must have one of:
  • Administrative rights over the role (role administrator)
  • MANAGE ROLES system privilege if the role has a global role administrator
Task

By default, a minimum of one role administrator (or global role administrator with a login password) for each role must exist at all times. This minimum requirement is validated before you can remove a member who is a role administrator from a role.

If revoking membership in a role would result in a failure to meet the minimum number of role administrators for the selected role, an error message appears, and the removal fails.

  1. In the Perspective Resources view, select the resource, and select Resource > Administration Console.
  2. In the left pane, expand IQ Servers > Security > Role-Based, and then select User-Extended Roles.
  3. Select a role from the right pane and either:
    • Click the arrow to the right of the name and select Manage Grantees, or
    • From the Administration Console menu bar, select Resource > Manage Grantees.
      Warning!  When removing a grantee which is also a role, be sure you select the correct menu option. Each option has different inheritance outcomes. To review the differences, see Security Implications of the Managing Grantees and Managing Roles Options.
    A list of users and roles currently granted to the role appears.
  4. Highlight a user or role to be removed form the user-extended role and click Revoke.
    Note: The Revoke button is unavailable if you do not have administrative rights to the selected role.
  5. Do one of:
    • Click OK to update any changes to the database and exit the properties view.
    • Click Apply to update any changes to the database, but remain in the properties view.
    • Click Cancel to cancel any changes not updated to the database and exit the properties view.
Parent topic: User-Extended Roles
Related concepts
Manage Role Administrators of a User-Extended Role
Manage Global Role Administrators of a User-Extended Role
Security Implications of the Managing Grantees and Managing Roles Options
Related tasks
Creating a User-Extended Role
Deleting a User-Extended Role
Converting a User-Extended Role to a User
Adding a Grantee to a User-Extended Role
Changing a Grantee's Administrative Rights on a User-Extended Role
Adding a Role to a User-Extended Role
Changing Administrative Rights on an Underlying Role of a User-Extended Role
Removing a Role from a User-Extended Role
Adding a System Privilege to a User-Extended Role
Changing Administrative Rights on a User-Extended Role Granted Privilege
Removing a System Privilege from a User-Extended Role
Viewing or Modifying Role-Based User-Extended Role Options
Generating User-Extended Role DDL Commands
Viewing or Modifying User-Extended Role Properties
Changing a User-Extended Role Password
Forcing a User-Extended Role to Change their Password
Unlocking a User-Extended Role Account
Changing a User-Extended Role Login Policy
Authenticating a Login Account for a Managed Resource
Related reference
Role-Based User-Extended Role Privilege Summary