CREATE ROLE creates roles which can be assigned permissions.
ROLE can be used as a
USER if it has been granted a password and login permissions.
Learn more about the permission system in the access control guide.
See also DROP ROLE, ALTER ROLE, GRANT.
To create a role, the current role must have the
create_role_statement ::= CREATE ROLE role_name ; role_name ::= identifier
The name of the role to create, which must be unique across the cluster
SQream recommend that role names should follow these rules:
Start with either a letter or underscore
Contain only ASCII letters, numbers, or underscores
Follow rules for identifiers
A role has no permissions by default. Follow the examples below to see how to grant permissions to databases and tables.
Roles can be members of other roles.
Roles must be unique across the cluster.
Roles cannot log in by default. They do not have a password or login permissions until granted.
Creating a role with no permissions¶
CREATE ROLE new_role;
Creating a user role¶
A user role has permissions to login, and has a password.
Some DBMSs call this CREATE USER or ADD USER
CREATE ROLE new_role; GRANT LOGIN to new_role; GRANT PASSWORD 'Tr0ub4dor&3' to new_role; GRANT CONNECT ON DATABASE master to new_role; -- Repeat for other desired databases