Name
CREATE ROLE Statement
CREATE ROLE allows the creation of a named set of privileges that may be assigned to users of a database. When a role is granted to a user, that user gets all the privileges and permissions of that role. Roles are generally accepted as one of the best means for maintaining security and controlling privileges within a database.
Platform | Command |
MySQL | Not supported |
Oracle | Supported, with variations |
PostgreSQL | Supported, with variations |
SQL Server | Supported, with variations |
SQL2003 Syntax
CREATE ROLE role_name [WITH ADMIN {CURRENT_USER | CURRENT_ROLE}]Keywords
- CREATE ROLE
role_name Creates a new role and differentiates that role from a host DBMS user and other roles. A role can be assigned any permission that a user can be assigned. The important difference is that a role can then be assigned to one or more users, thus giving them all the permissions of that role.
- WITH ADMIN {CURRENT_USER | CURRENT_ROLE}
Assigns a role immediately to the currently active user or currently active role along with the privilege to pass the use of the role on to other users. By default, the statement defaults to WITH ADMIN CURRENT_USER.
Rules at a Glance
Using roles for database security can greatly ease administration and user maintenance. The general steps for using roles in database security are:
Assess the needs for roles and pick the role names (e.g., administrator, manager, data_entry, report_writer, etc.).
Assign permissions to each role as if it were a standard database user, using the
Get SQL in a Nutshell, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
