Open topic with navigation
CREATE ROLE —define a new database role
CREATE ROLE [
ROLE is an entity that can own database objects and be assigned database privileges. Any user can create a
DROP ROLE to drop a
REVOKE to assign and remove privileges from roles. (See
REVOKE.) The user granting privileges on database objects to a
ROLE must own both the
ROLE and that database object for which they are granting privileges. It is recommended that you create roles, assign privileges to those roles, and then assign those roles to users, rather than assigning privileges directly to users. Users can assigned any number of roles.
Name of the schema in which the role will be created. The default is the current schema as defined by the
USE command. If
schema is provided, and the schema does not exist, it will be created.
Name (optionally schema-qualified) of the new role. If the schema does not exist it will be created. Roles cannot be created in the
SYSTEM schema. This schema is reserved for database metadata.
SELECT on a table to the
ROLE. Assign the
ROLE to a
CREATE ROLE account_manager; CREATE TABLE accounts_payable (id INTEGER, account_no STRING, amount NUMBER); GRANT SELECT ON accounts_payable TO ROLE account_manager; CREATE USER payroll_clerk password 'jd&dtk9'; GRANT account_manager TO payroll_clerk;