CREATE ROLE (Enterprise)

The CREATE ROLE statement creates SQL roles, which are groups containing any number of roles and users as members. You can assign privileges to roles, and all members of the role (regardless of whether if they are direct or indirect members) will inherit the role's privileges.

Note:
CREATE ROLE is an enterprise-only feature.

Considerations

• Role names:
  • Are case-insensitive
  • Must start with either a letter or underscore
  • Must contain only letters, numbers, or underscores
  • Must be between 1 and 63 characters.
• After creating roles, you must grant them privileges to databases and tables.
• Roles and users can be members of roles.
• Roles and users share the same namespace and must be unique.
• All privileges of a role are inherited by all of its members.
• There is no limit to the number of members in a role.
• Roles cannot log in. They do not have a password and cannot use certificates.
• Membership loops are not allowed (direct: A is a member of B is a member of A or indirect: A is a member of B is a member of C … is a member of A).

Required privileges

Roles can only be created by superusers, i.e., members of the admin role. The admin role exists by default with root as the member.

Synopsis

Parameters

Examples

> CREATE ROLE dev_ops;

CREATE ROLE 1

After creating roles, you can add users to the role and grant the role privileges.

See also

• Authorization
• DROP ROLE (Enterprise)
• GRANT <privileges>
• REVOKE <privileges>
• GRANT <roles> (Enterprise)
• REVOKE <roles> (Enterprise)
• SHOW ROLES
• SHOW USERS
• SHOW GRANTS
• Other SQL Statements

Was this page helpful?
YesNo