A role is a collection of privileges that can be assigned to database users, user groups, or other roles.
Whereas privileges always apply, roles have to be explicitly activated for individual database sessions. Every user who has been assigned a role can also decide which of the roles is to be active in each of his or her database sessions. This setting can also be changed when the user opens a database session.
Open a database session for database administrator MONA and use the CREATE ROLE statement to create a role.
CREATE ROLE role_1
//
CREATE ROLE role_2
//
CREATE ROLE role_3
The roles ROLE_1, ROLE_2, and ROLE_3 are created.
See also:
CREATE ROLE Statement (create_role_statement)
Open a database session for database administrator MONA and use the GRANT statement to grant privileges.
GRANT SELECT, UPDATE, INSERT ON city TO role_1
Database user MONA manages the city table. He or she decides that ROLE_1 is to be assigned the SELECT, UPDATE, and INSERT authorizations for the city table.
GRANT DELETE ON city TO role_2
ROLE_2 is assigned DELETE authorization for the city table.
GRANT DELETE, ALTER ON city TO role_3
ROLE_3 is assigned DELETE and ALTER authorizations for the city table.
See also:
GRANT Statement (grant_statement)
Open a database session for database administrator MONA and use the GRANT statement to assign the required roles to a different database user.
GRANT role_1 TO david
//
GRANT role_2 TO david
The roles ROLE_1 and ROLE_2 are assigned to database user DAVID.
Open a database session for database administrator MONA. Use the ALTER USER statement to specify which of the roles assigned to a database user is to be used when a database session is opened.
ALTER USER david DEFAULT ROLE role_1
The role ROLE_1 is to be activated for database user DAVID when a database session is opened.
See also:
ALTER USER Statement (alter_user_statement)
You can use the SET statement to activate further roles assigned to a database user during a database session.
Open a database session for database user DAVID.
SET ROLE ALL
All of the roles (ROLE_1 and ROLE_2) are to be activated.
See also:
Open a database session for database administrator MONA and use the REVOKE statement to revoke privileges.
REVOKE DELETE ON city FROM ROLE_3
The DELETE privilege is revoked from ROLE_3.
See also:
REVOKE Statement (revoke_statement)
Open a database session for database administrator MONA and use the DROP ROLE statement to delete roles.
DROP ROLE ROLE_3
ROLE_3 is deleted.
See also:
DROP ROLE Statement (drop_role_statement)