DROP ROLE (SQL)

Synopsis

DROP ROLE role-name

Description

The DROP ROLE statement deletes a role. When you drop a role, Caché revokes it from all users and roles to whom it has been granted and removes it from the database.

You can determine if a role exists by invoking the $SYSTEM.SQL.RoleExists() method. If you attempt to drop a role that does not exist (or has already been dropped), DROP ROLE issues an SQLCODE -118 error.

Privileges

The DROP ROLE command is a privileged operation. Prior to using DROP ROLE in embedded SQL, it is necessary to fulfill at least one of the following requirements:

• You must have %Admin_Secure:USE privilege.

• You are the owner of the role.

• You were granted the role WITH ADMIN OPTION.

Failing to do so results in an SQLCODE –99 error (Privilege Violation).

Use the $SYSTEM.Security.Login() method to assign a user with appropriate privileges:

   DO $SYSTEM.Security.Login("_SYSTEM","SYS")
   &sql(      )

Copy code to clipboard

You must have the %Service_Login:Use privilege to invoke the $SYSTEM.Security.Login method. For further information, refer to %SYSTEM.Security in the InterSystems Class Reference.

Examples

The following embedded SQL example creates a role named BkUser and later deletes it:

  DO $SYSTEM.Security.Login("MyName","SecretPassword")
  &sql(CREATE ROLE BkName)
  IF SQLCODE=-99 {
  WRITE !,"You don't have CREATE ROLE privileges" }
  ELSE { WRITE !,"Created a role"}
  /* Use role */
  &sql(DROP ROLE BkName)
  IF SQLCODE=-99 {
  WRITE !,"You don't have DROP ROLE privileges" }
  ELSE { WRITE !,"Dropped the role" }

Copy code to clipboard

See Also

• SQL statements: CREATE ROLE CREATE USER DROP USER GRANT REVOKE %CHECKPRIV

• “Users, Roles, and Privileges” chapter of Using Caché SQL

• SQLCODE error messages listed in the Caché Error Reference

• ObjectScript: $ROLES and $USERNAME special variables