# GRANT ROLE

## Syntax

```sql
GRANT ROLE role_name [, role_name...] {
    TO USER user_email
    | TO ROLE role_name [, role_name...]
};
```

## Description

Grants access to [role](https://docs.deltastream.io/overview/core-concepts/access-control#_role)(s) to a [user](https://docs.deltastream.io/overview/core-concepts/access-control#_user) or other role(s). This allows the user to [USE ROLE](https://docs.deltastream.io/reference/sql-syntax/command/use) and inherit all the [privileges](https://docs.deltastream.io/overview/core-concepts/access-control#_privilege) granted to the role.

The current role requires one of the following privileges:

* Ownership of organization
* `MANAGE_MEMBERS` privilege on organization
* `OWNER` privilege on both parent and child roles (when granting to roles)

### Arguments

#### role\_name \[, role\_name...]

One or more [roles](https://docs.deltastream.io/overview/core-concepts/access-control#_role) to grant.

#### user\_email

Email of the user when granting roles to a user.

#### role\_name \[, role\_name...]

One or more [roles](https://docs.deltastream.io/overview/core-concepts/access-control#_role) that are granted the roles.

## Examples

#### Grant role to a user

```sh
<no-db>/<no-store># GRANT ROLE custom_role TO USER 'user@domain.com';
+------------+------------+------------------------------------------+
|  Type      |  Command   |  Summary                                 |
+============+============+==========================================+
| role grant | ALTER      | Role(s) "custom_role" granted to user    |
|            |            | user "user@domain.com"                   |
+------------+------------+------------------------------------------+
<no-db>/<no-store># LIST USER ROLES;
+---------------+-------------+-------------+---------------+
|  Name         |  Is Current |  Is Default |  Is Inherited |
+===============+=============+=============+===============+
| custom_role   | false       | false       | false         |
+---------------+-------------+-------------+---------------+
| orgadmin      | true        | false       | false         |
+---------------+-------------+-------------+---------------+
| public        | false       | false       | true          |
+---------------+-------------+-------------+---------------+
```

#### Grant role to another role

```sh
<no-db>/<no-store># GRANT ROLE useradmin TO ROLE sysadmin;
+------------+------------+------------------------------------------+
|  Type      |  Command   |  Summary                                 |
+============+============+==========================================+
| role grant | ALTER      | Role(s) "useradmin" were granted to      |
|            |            | "sysadmin"                               |
+------------+------------+------------------------------------------+
<no-db>/<no-store># DESCRIBE ROLE sysadmin;
+--------------+------------+------------------+--------------------+-------------+
|  Type        |  Name      |  Privilege       |  With Grant Option |  Granted By |
+==============+============+==================+====================+=============+
| role         | public     | usage            | false              | orgadmin    |
+--------------+------------+------------------+--------------------+-------------+
| role         | useradmin  | usage            | false              | orgadmin    |
+--------------+------------+------------------+--------------------+-------------+
```