Removing a Grantee from a Standalone Role

Remove a user or role as a member (grantee) of a standalone role. Grantees lose the ability to use any underlying system privileges or roles of the standalone role.

Prerequisites
Database Version Role-Based Standalone Role Privileges
SAP Sybase IQ 15.3 and 15.4 Not supported.
SAP Sybase IQ 16.0 You must have one of:
  • Administrative rights over the role (role administrator)
  • MANAGE ROLES system privilege if the role has a global role administrator
Task

By default, a minimum of one role administrator (or global role administrator with a login password) for each role must exist at all times. This minimum requirement is validated before you can remove a member who is a role administrator from a role.

If revoking membership in a role would result in a failure to meet the minimum number of role administrators for the selected role, an error message appears, and the removal fails.

  1. In the Perspective Resources view, select the resource, and select Resource > Administration Console.
  2. In the left pane, expand IQ Servers > Security > Role-Based, and then select Standalone Roles.
  3. Select a role from the right pane and either:
    • Click the arrow to the right of the name and select Manage Grantees, or
    • From the Administration Console menu bar, select Resource > Manage Grantees.
      Warning!  When removing a grantee which is also a role, be sure you select the correct menu option. Each option has different inheritance outcomes. To review the differences, see Security Implications of the Managing Grantees and Managing Roles Options.
    A list of users and roles currently granted to the role appears.
  4. Highlight a user or role to be removed from the standalone role and click Revoke.
  5. Do one of:
    • Click OK to update any changes to the database and exit the properties view.
    • Click Apply to update any changes to the database, but remain in the properties view.
    • Click Cancel to cancel any changes not updated to the database and exit the properties view.
Parent topic: Standalone Roles
Related concepts
Manage Standalone Role Administrators
Manage Global Role Administrators of a Standalone Role
Security Implications of the Managing Grantees and Managing Roles Options
Related tasks
Creating a Standalone Role
Deleting a Standalone Role
Adding a Grantee to a Standalone Role
Changing a Grantee's Administrative Rights on a Standalone Role
Adding a Role to a Standalone Role
Changing Administrative Rights on an Underlying Role of a Standalone Role
Removing a Role from a Standalone Role
Adding a System Privilege to a Standalone Role
Changing Administrative Rights on a Privilege Granted to a Standalone Role
Removing a System Privilege from a Standalone Role
Generating Standalone Role DDL Commands
Viewing or Modifying Role-Based Standalone Role Properties
Authenticating a Login Account for a Managed Resource
Related reference
Role-Based Standalone Role Privilege Summary