CREATE ROLE
CREATE ROLE
creates roles which can be assigned permissions.
A ROLE
can be used as a USER
if it has been granted a password and login permissions.
Learn more about the permission system in the access control guide.
See also DROP ROLE, ALTER ROLE, GRANT.
Permissions
To create a role, the current role must have the SUPERUSER
permission.
Syntax
create_role_statement ::=
CREATE ROLE role_name ;
role_name ::= identifier
Parameters
Parameter |
Description |
---|---|
|
The name of the role to create, which must be unique across the cluster |
Notes
SQream recommend that role names should follow these rules:
Are case-insensitive
Start with either a letter or underscore
Contain only ASCII letters, numbers, or underscores
Follow rules for identifiers
A role has no permissions by default. Follow the examples below to see how to grant permissions to databases and tables.
Roles can be members of other roles.
Roles must be unique across the cluster.
Roles cannot log in by default. They do not have a password or login permissions until granted.
Examples
Creating a role with no permissions
CREATE ROLE new_role;
Creating a user role
A user role has permissions to login, and has a password.
Tip
Some DBMSs call this CREATE USER or ADD USER
CREATE ROLE new_role;
GRANT LOGIN to new_role;
GRANT PASSWORD 'Tr0ub4dor&3' to new_role;
GRANT CONNECT ON DATABASE master to new_role; -- Repeat for other desired databases