Roles
Syntax for authorizing role management.
Role management and role proxy permissions uses the following modelled hierarchy:
Synopsis
- ALL
ROLES
GRANT permission[, permission ...] ON ALL ROLES TO role_name;
where permissions ALL PERMISSIONS, ALTER, AUTHORIZE, CREATE, DESCRIBE, and DROP - ROLE
GRANT permission[, permission ...] ON ROLE role_name TO role_name;
where permissions ALL PERMISSIONS, ALTER, AUTHORIZE, CREATE, DESCRIBE, and DROP - Role as a permission set (applies if Role Manager
mode: internal
)GRANT role_name TO role_name;
Nesting roles gives all the permissions of the first role in the statement to the second. With internal role management, use permission set roles to create your own hierarchical permissions structures.
Permission matrix
Privilege | Resource | Permissions |
---|---|---|
ALL PERMISSIONS | ALL ROLES | All role permissions. |
ALTER | ALL ROLES | any role |
ALTER | ROLE role_name | specified role |
CREATE | ALL ROLES | CREATE ROLE |
DESCRIBE | ALL ROLES | and |
DESCRIBE | ROLE role_name | |
DROP | ALL ROLES | DROP ROLE on any role. |
DROP | ROLE role_name | DROP ROLE specified role. |
role_name | role_name | Grant role (as a set of permissions) to another role. Requires AUTHORIZE permission on the permission role and target role. |