Categories:

Context functions (Session Object)

IS_GRANTED_TO_INVOKER_ROLE¶

Returns TRUE if the role returned by the INVOKER_ROLE function inherits the privileges of the specified role in the argument based on the context in which the function is called.

The INVOKER_ROLE function only identifies and returns the account role of the object executing a SQL statement. Database roles are not supported.

Syntax¶

IS_GRANTED_TO_INVOKER_ROLE( '<string_literal>' )

Arguments¶

'string_literal'

The name of the role.

Usage notes¶

• If using the IS_GRANTED_TO_INVOKER_ROLE function with masking policy or a row access policy, verify that your Snowflake account is Enterprise Edition or higher.

• Only one role name can be passed as an argument.

• The following table summarizes the context in which you can call the function and the role hierarchy Snowflake evaluates.

  Context	Evaluated role
  User	CURRENT_ROLE
  Table	CURRENT_ROLE.
  View	View owner role.
  UDF	UDF owner role.
  Stored procedure with caller’s right	CURRENT_ROLE.
  Stored procedure with owner’s right	Stored procedure owner role.
  Task	Task owner role.
  Stream	The role that queries a given stream.

  Expand

  Show lessSee more

• If prefer to evaluate the role hierarchy for the current session, call IS_ROLE_IN_SESSION instead.

Example¶

Call the function directly:

Copy codeExpand code block

IS_GRANTED_TO_INVOKER_ROLE('ANALYST')

--------------------------------------+
IS_GRANTED_TO_INVOKER_ROLE('ANALYST') |
--------------------------------------+
                TRUE                  |
--------------------------------------+

Show lessSee more

Scroll to top

Specify the function in the masking policy body:

CREATE OR REPLACE MASKING POLICY mask_string AS
(val string) RETURNS string ->
CASE
  WHEN IS_GRANTED_TO_INVOKER_ROLE('ANALYST') then val
  ELSE '*******'
END;