GRANT ROLE

Syntax

GRANT ROLE role_name [, role_name...] {
    TO USER user_email
    | TO ROLE role_name [, role_name...]
};

Description

Grants access to role(s) to a user or other role(s). This allows the user to USE ROLE and inherit all the privileges granted to the role.

The current role requires one of the following privileges:

Ownership of organization
MANAGE_MEMBERS privilege on organization
OWNER privilege on both parent and child roles (when granting to roles)

Arguments

role_name [, role_name...]

One or more roles to grant.

user_email

Email of the user when granting roles to a user.

role_name [, role_name...]

One or more roles that are granted the roles.

Examples

Grant role to a user

<no-db>/<no-store># GRANT ROLE custom_role TO USER 'user@domain.com';
+------------+------------+------------------------------------------+
|  Type      |  Command   |  Summary                                 |
+============+============+==========================================+
| role grant | ALTER      | Role(s) "custom_role" granted to user    |
|            |            | user "user@domain.com"                   |
+------------+------------+------------------------------------------+
<no-db>/<no-store># LIST USER ROLES;
+---------------+-------------+-------------+---------------+
|  Name         |  Is Current |  Is Default |  Is Inherited |
+===============+=============+=============+===============+
| custom_role   | false       | false       | false         |
+---------------+-------------+-------------+---------------+
| orgadmin      | true        | false       | false         |
+---------------+-------------+-------------+---------------+
| public        | false       | false       | true          |
+---------------+-------------+-------------+---------------+

Grant role to another role

<no-db>/<no-store># GRANT ROLE useradmin TO ROLE sysadmin;
+------------+------------+------------------------------------------+
|  Type      |  Command   |  Summary                                 |
+============+============+==========================================+
| role grant | ALTER      | Role(s) "useradmin" were granted to      |
|            |            | "sysadmin"                               |
+------------+------------+------------------------------------------+
<no-db>/<no-store># DESCRIBE ROLE sysadmin;
+--------------+------------+------------------+--------------------+-------------+
|  Type        |  Name      |  Privilege       |  With Grant Option |  Granted By |
+==============+============+==================+====================+=============+
| role         | public     | usage            | false              | orgadmin    |
+--------------+------------+------------------+--------------------+-------------+
| role         | useradmin  | usage            | false              | orgadmin    |
+--------------+------------+------------------+--------------------+-------------+

PreviousGRANT PRIVILEGES NextINVITE USER

Last updated 11 days ago