When granting and revoking privileges included as part of system-defined roles:
Any privileges explicitly granted to a system defined role may be revoked from the role. Once a privilege is revoked, the role holder can no longer perform operations related to the privilege on the server.
enable granular permissions configuration parameter should be enabled for explicitly granted privileges to take effect. If enable granular permissions is disabled, system defined roles have the same privileges as in Adaptive Server versions earlier than 15.7 ESD #2. These privileges are implicitly vested in the roles and cannot be revoked.
Use sp_restore_system_role to restore a modified system-defined role to its default privilege configuration.