Confirm membership In roles and drop roles
You can find yourself in a situation where you are uncertain which user is included in a role. Perhaps you did not create the role, or the person who created the role is unavailable. Issue queries against the sysroleauth and sysusers system catalog tables to find who is authorized for which table and how many roles exist.
After
you determine which users hold which roles, you might discover that
some roles are no longer useful. To remove a role, use the DROP ROLE
statement. Before you remove a role, the following conditions must
be met:
- Only roles that are listed in the sysusers system catalog table as a role can be deleted, but you cannot drop a built-in role (such as NONE or EXTEND).
- You must have DBA privileges, or you must be given the grantable option in the role to drop a role.