ALTER ORGANIZATION USER GROUP¶
Modifies the properties of an existing organization user group.
- See also:
CREATE ORGANIZATION USER GROUP , DROP ORGANIZATION USER GROUP , SHOW ORGANIZATION USER GROUPS
Syntax¶
ALTER ORGANIZATION USER GROUP <name> ADD ORGANIZATION USERS <org_user> [ , <org_user> ... ]
ALTER ORGANIZATION USER GROUP <name> REMOVE ORGANIZATION USERS <org_user> [ , <org_user> ... ]
ALTER ORGANIZATION USER GROUP <name> SET VISIBILITY =
{ ALL
| ACCOUNTS <account> [ , <account> ... ]
| REGION GROUPS '<region_group>' [ , '<region_group>' ... ]
}
Parameters¶
nameSpecifies the identifier for the organization user group to alter.
If the identifier contains spaces or special characters, the entire string must be enclosed in double quotes. Identifiers enclosed in double quotes are also case-sensitive.
For more information, see Identifier requirements.
ADD ORGANIZATION USERS org_user [ , org_user ]Specifies the organization users that you want to add to the organization user group. A comma-delimited list of organization user objects.
Adding new organization users as members of an organization user group does not remove existing members of the group.
REMOVE ORGANIZATION USERS org_user [ , org_user ]Specifies the organization users that you want to remove from the organization user group. A comma-delimited list of organization user objects.
SET VISIBILITY = ALLor .SET VISIBILITY = ACCOUNTS account [ , account ... ]or .SET VISIBILITY = REGION GROUPS 'region_group' [ , 'region_group' ... ]}Specifies which accounts can view and add the organization user group.
Important
Setting the visibility of the organization user group overwrites previous visibility settings. Setting the visibility to a new account can result in removing the organization user group from an account that previously had access.
ALLAllows all accounts in the organization to view and add the organization user group.
ACCOUNTS account [ , account ... ]Only the specified accounts can view and add the organization user group.
Specify the account name without the name of the organization. Do not use the account locator.
REGION GROUPS 'region_group' [ , 'region_group' ... ]Only accounts in the specified region groups can view and add the organization user group.
Access control requirements¶
A role used to execute this operation must have the following privileges at a minimum:
Privilege |
Object |
Notes |
|---|---|---|
MANAGE ORGANIZATION USER GROUPS |
Account |
By default, only the GLOBALORGADMIN has this privilege. |
For instructions on creating a custom role with a specified set of privileges, see Creating custom roles.
For general information about roles and privilege grants for performing SQL actions on securable objects, see Overview of Access Control.
Examples¶
Add organization users joe and mary to an organization user group marketing.
ALTER ORGANIZATION USER GROUP marketing ADD ORGANIZATION USERS joe, mary;
Remove organization user dave from the organization user group data_stewards.
ALTER ORGANIZATION USER GROUP data_stewards REMOVE ORGANIZATION USERS dave;
Allow all accounts in the organization to add the organization user group:
ALTER ORGANIZATION USER GROUP data_stewards SET VISIBILITY = ALL;
Only allow the account qa_env to add the organization user group:
ALTER ORGANIZATION USER GROUP data_stewards SET VISIBILITY = ACCOUNTS qa_env;