Roles

Syntax for authorizing role management.

Role management and role proxy permissions uses the following modelled hierarchy:

Roles > role

Synopsis

  • ALL ROLES
    GRANT permission[, permission ...] 
    ON ALL ROLES 
    TO role_name;
    where permissions ALL PERMISSIONS, ALTER, AUTHORIZE, CREATE, DESCRIBE, and DROP
  • ROLE
    GRANT permission[, permission ...] 
    ON ROLE role_name 
    TO role_name;
    where permissions ALL PERMISSIONS, ALTER, AUTHORIZE, CREATE, DESCRIBE, and DROP
  • Role as a permission set (applies if Role Manager mode: internal)
    GRANT role_name  
    TO role_name;
    Nesting roles gives all the permissions of the first role in the statement to the second. With internal role management, use permission set roles to create your own hierarchical permissions structures.

Permission matrix

Table 1. Role permission matrix
Privilege Resource Permissions
ALL PERMISSIONS ALL ROLES All role permissions.
ALTER ALL ROLES any role
ALTER ROLE role_name specified role
CREATE ALL ROLES CREATE ROLE
DESCRIBE ALL ROLES and
DESCRIBE ROLE role_name
DROP ALL ROLES DROP ROLE on any role.
DROP ROLE role_name DROP ROLE specified role.
role_name role_name Grant role (as a set of permissions) to another role. Requires AUTHORIZE permission on the permission role and target role.