Reference Manual: Commands

alter role

Usage

The alter role command defines mutually exclusive relationships between roles and adds, drops, and changes passwords for roles.
The all overrides parameter removes the system overrides that were set using sp_configure with any of the following parameters:
- passwd expiration
- max failed_logins
- min passwd length
Dropping the role password removes the overrides for the password expiration and the maximum failed logins options.

Mutually exclusive roles

You need not specify the roles in a mutually exclusive relationship or role hierarchy in any particular order.
You can use mutual exclusivity with role hierarchy to impose constraints on user-defined roles.
Mutually exclusive membership is a stronger restriction than mutually exclusive activation. If you define two roles as mutually exclusive at membership, they are implicitly mutually exclusive at activation.
If you define two roles as mutually exclusive at membership, defining them as mutually exclusive at activation has no effect on the membership definitions. Mutual exclusivity at activation is added and dropped independently of mutual exclusivity at membership.
You cannot define two roles as having mutually exclusive after granting both roles to users or roles. Revoke either granted role from existing grantees before attempting to define the roles as mutually exclusive on the membership level.
If two roles are defined as mutually exclusive at activation, the System Security Officer can assign both roles to the same user, but the user cannot activate both roles at the same time.
If the System Security Officer defines two roles as mutually exclusive at activation, and users have already activated both roles or, by default, have set both roles to activate at login, Adaptive Server makes the roles mutually exclusive, but issues a warning message naming specific users with conflicting roles. The users' activated roles do not change.

Changing passwords for roles


	Expand Search