GRANT ROLE
Assigns the privileges of one role to another role. The role granted will have the same permissions to database resources. Privileges are applied immediately, even to active client sessions.
See GRANT PERMISSION to grant permission to resources to a role.
Syntax
GRANT <role_name> TO <role_name> ;
Syntax legend
Syntax conventions | Description |
---|---|
UPPERCASE |
Literal keyword. |
Lowercase |
Not literal. |
|
Variable value. Replace with a user-defined value. |
|
Optional.
Square brackets ( |
|
Group.
Parentheses ( |
|
Or.
A vertical bar ( |
|
Repeatable.
An ellipsis ( |
|
Single quotation ( |
|
Map collection.
Braces ( |
Set, list, map, or tuple.
Angle brackets ( |
|
|
End CQL statement.
A semicolon ( |
|
Separate the command line options from the command arguments with two hyphens ( |
|
Search CQL only: Single quotation marks ( |
|
Search CQL only: Identify the entity and literal value to overwrite the XML element in the schema and solrConfig files. |
Parameters
Parameter | Description | Default |
---|---|---|
|
Identifier of the role. CQL forces all names to lowercase. If you need to preserve case or use special characters in the role name, enclose <role_name> in quotes. |
Examples
Manage permissions using GRANT
and REVOKE
.
A role can only modify permissions of another role and can only modify ( |
-
Assign a role
cycling_admin
full access to the cycling keyspace:GRANT ALL PERMISSIONS ON KEYSPACE cycling TO cycling_admin;
-
Now assign that role to
coach
.GRANT cycling_admin TO coach;
The assignment gives the
coach
role the same permissions as thecycling_admin
role. All roles that require that level of access can be assigned thecycling_admin
role. -
View the coach’s permissions, to see that
coach
now has thecycling_admin
permissions.LIST ALL PERMISSIONS OF coach;
role | username | resource | permission
---------------+---------------+--------------------+------------
cycling_admin | cycling_admin | <keyspace cycling> | CREATE
cycling_admin | cycling_admin | <keyspace cycling> | ALTER
cycling_admin | cycling_admin | <keyspace cycling> | DROP
cycling_admin | cycling_admin | <keyspace cycling> | SELECT
cycling_admin | cycling_admin | <keyspace cycling> | MODIFY
cycling_admin | cycling_admin | <keyspace cycling> | AUTHORIZE
(6 rows)