GRANT DATABASE ROLE

Assigns a database role to an account role or another database role.

This action creates a “parent-child” relationship between the database role and the role it is granted to (also referred to as a role hierarchy).

Database roles cannot be granted directly to users.

For more details, see Overview of Access Control.

See also:

REVOKE DATABASE ROLE

GRANT ROLE , REVOKE ROLE

GRANT <privileges>

Syntax

GRANT DATABASE ROLE <name> TO ROLE <parent_role_name>
Copy

Parameters

name

Specifies the identifier (name) for the database role; must be unique in the database in which the database role is created.

If the identifier contains spaces or special characters, the entire string must be enclosed in double quotes. Identifiers enclosed in double quotes are also case-sensitive.

For more information, see Identifier requirements.

If the identifier is not fully qualified in the form of db_name.database_role_name, the command looks for the database role in the current database for the session.

ROLE parent_role_name

Grants the database role to the specified account role or database role.

A database role can be granted to either an account role or another database role in the same database. If the parent role is a database role and the identifier is not fully qualified in the form of db_name.database_role_name, the command looks for the database role in the current database for the session.

Access control requirements

A role used to execute this SQL command must have the following privileges at a minimum:

Privilege or role

Object

Notes

OWNERSHIP

Database role

OWNERSHIP is a special privilege on an object that is automatically granted to the role that created the object, but can also be transferred using the GRANT OWNERSHIP command to a different role by the owning role (or any role with the MANAGE GRANTS privilege).

Examples

GRANT DATABASE ROLE analyst TO ROLE SYSADMIN;
Copy
Language: English