GRANT ROLE

Syntax

GRANT ROLE role_name [, role_name...] {
    TO USER user_email
    | TO ROLE role_name [, role_name...]
};

Description

Grants access to Role(s) to a User or other Role(s). This allows the User to USE ROLE and inherit all the privileges granted to the Role.

The current Role requires one of the following privileges:

Ownership of Organization
MANAGE_MEMBERS privilege on Organization
OWNER privilege on both parent and child roles (when granting to Roles)

Arguments

role_name [, role_name...]

One or more Roles to grant.

user_email

Email of the User, when granting Roles to a User

role_name [, role_name...]

One or more Roles that are granted the Roles.

Examples

Grant Role to a User

<no-db>/<no-store># GRANT ROLE custom_role TO USER 'user@domain.com';
+------------+------------+------------------------------------------+
|  Type      |  Command   |  Summary                                 |
+============+============+==========================================+
| role grant | ALTER      | Role(s) "custom_role" granted to user    |
|            |            | user "user@domain.com"                   |
+------------+------------+------------------------------------------+
<no-db>/<no-store># LIST USER ROLES;
+---------------+-------------+-------------+---------------+
|  Name         |  Is Current |  Is Default |  Is Inherited |
+===============+=============+=============+===============+
| custom_role   | false       | false       | false         |
+---------------+-------------+-------------+---------------+
| orgadmin      | true        | false       | false         |
+---------------+-------------+-------------+---------------+
| public        | false       | false       | true          |
+---------------+-------------+-------------+---------------+

Grant Role to another Role

<no-db>/<no-store># GRANT ROLE useradmin TO ROLE sysadmin;
+------------+------------+------------------------------------------+
|  Type      |  Command   |  Summary                                 |
+============+============+==========================================+
| role grant | ALTER      | Role(s) "useradmin" were granted to      |
|            |            | "sysadmin"                               |
+------------+------------+------------------------------------------+
<no-db>/<no-store># DESCRIBE ROLE sysadmin;
+--------------+------------+------------------+--------------------+-------------+
|  Type        |  Name      |  Privilege       |  With Grant Option |  Granted By |
+==============+============+==================+====================+=============+
| role         | public     | usage            | false              | orgadmin    |
+--------------+------------+------------------+--------------------+-------------+
| role         | useradmin  | usage            | false              | orgadmin    |
+--------------+------------+------------------+--------------------+-------------+

PreviousGRANT PRIVILEGES NextINVITE USER

Last updated 6 months ago