Show TOC

Background documentationRole Name (role_name)

 

A role name (role_name) identifies a role.

Structure

Syntax Syntax

  1. <role_name> ::=
  <identifier>
End of the code.

The identifier may not exceed 32 characters in length.

Examples

SQL Tutorial, Roles

Explanation

  1. The CREATE ROLE statement creates a role. This role is initially empty. Only database administrators can create roles. The new role name cannot be the same as the name of any other role, user, or user group.

  2. You use the GRANT statement to assign privileges to a role. You use the REVOKE statement to revoke privileges from a role.

  3. A role can be assigned to database users, user groups, or other roles using the GRANT statement and specifying the role name.

  4. You use the ALTER USER or ALTER USERGROUP statement to specify which roles (assigned to a user or a user group) are used when opening a database session.

  5. During a database session, you can use the SET statement to activate other roles assigned to the user or user group. If a role is activated in a session, the current user of the session has all the privileges assigned to the role. If a password has been assigned to a role, users assigned to that role can only activate it by entering the password in the SET statement.

The existence and properties of a role are registered in the database catalog as metadata. A database user that creates a role becomes the owner of this role.

The roles assigned to the user or user group as a result of the ALTER USER and ALTER-USERGROUP statements are activated as soon as a database session is opened.

All roles are inactive for the current database session while SQL statements for the data definition are being executed.

More Information

Defining a role: CREATE ROLE Statement

Assigning privileges to a role: GRANT Statement

Granting a role: GRANT Statement

Activating a role: ALTER USER Statement, ALTER USERGROUP Statement, SET Statement

Dropping a role: DROP ROLE Statement