GRANT DATABASE ROLE¶
Assigns a database role to an account role or another database role. A user with OWNERSHIP privilege on a database role can grant that database role to either an account role or another database role in the same database. Granting a database role to another role creates a “parent-child” relationship (also referred to as a role hierarchy) between the database role and the other role. For specific limitations on database roles, see Database roles and role hierarchies.
Database roles cannot be granted directly to users.
- See also:
REVOKE DATABASE ROLE , GRANT ROLE , REVOKE ROLE , GRANT <privileges>
Syntax¶
GRANT DATABASE ROLE <name> TO { ROLE | DATABASE ROLE } <parent_role_name>
Parameters¶
nameSpecifies the identifier (name) for the database role; must be unique in the database in which the database role is created.
If the identifier contains spaces or special characters, the entire string must be enclosed in double quotes. Identifiers enclosed in double quotes are also case-sensitive.
For more information, see Identifier requirements.
If the identifier is not fully qualified in the form of
db_name.database_role_name, the command looks for the database role in the current database for the session.DATABASE ROLE parent_role_nameGrants the database role to the specified database role. If the parent role is a database role and the identifier is not fully qualified in the form of
db_name.database_role_name, the command looks for the database role in the current database for the session.ROLE parent_role_nameGrants the database role to the specified account role.
Access control requirements¶
A role used to execute this operation must have the following privileges at a minimum:
Privilege or role |
Object |
Notes |
|---|---|---|
OWNERSHIP |
Database role |
OWNERSHIP is a special privilege on an object that is automatically granted to the role that created the object, but can also be transferred using the GRANT OWNERSHIP command to a different role by the owning role (or any role with the MANAGE GRANTS privilege). |
Examples¶
GRANT DATABASE ROLE analyst TO ROLE SYSADMIN;
GRANT DATABASE ROLE dr1 TO DATABASE ROLE dr2;