Skip Headers

Oracle® Database SQL Reference
10g Release 1 (10.1)

Part Number B10759-01
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Master Index
Master Index
Go to Feedback page
Feedback

Go to previous page
Previous
Go to next page
Next
View PDF

ALTER ROLE

Purpose

Use the ALTER ROLE statement to change the authorization needed to enable a role.


See Also:

  • CREATE ROLE for information on creating a role

  • SET ROLE for information on enabling or disabling a role for your session


Prerequisites

You must either have been granted the role with the ADMIN OPTION or have ALTER ANY ROLE system privilege.

Before you alter a role to IDENTIFIED GLOBALLY, you must:

The one exception to this rule is that you should not revoke the role from the user who is currently altering the role.

Syntax


alter_role::=
Description of alter_role.gif follows
Description of the illustration alter_role.gif

Semantics

The keywords, parameters, and clauses in the ALTER ROLE statement all have the same meaning as in the CREATE ROLE statement.

Notes on Altering a Role
  • User sessions in which the role is already enabled are not affected.

  • If you change a role identified by password to an application role (with the USING package clause), then password information associated with the role is lost. Oracle Database will use the new authentication mechanism the next time the role is to be enabled.

  • If you have the ALTER ANY ROLE system privilege and you change a role that is IDENTIFIED GLOBALLY to IDENTIFIED BY password, IDENTIFIED EXTERNALLY, or NOT IDENTIFIED, then Oracle Database grants you the altered role with the ADMIN OPTION, as it would have if you had created the role identified nonglobally.

For more information, please refer to CREATE ROLE and to the examples that follow.

Examples


Changing Role Identification: Example

The following statement changes the role warehouse_user (created in "Creating a Role: Example") to NOT IDENTIFIED:

ALTER ROLE warehouse_user NOT IDENTIFIED;

Changing a Role Password: Example

This statement changes the password on the dw_manager role (created in "Creating a Role: Example") to data:

ALTER ROLE dw_manager 
   IDENTIFIED BY data; 

Users granted the dw_manager role must subsequently enter the new password data to enable the role.


Application Roles: Example

The following example changes the dw_manager role to an application role using the hr.admin package:

ALTER ROLE dw_manager IDENTIFIED USING hr.admin;