Creating and granting a role

About this task

To support DAC, the database administrator (DBA) can define roles and assign them to users to standardize the access privileges of groups of users who need access to the same database objects. When the DBA assigns privileges to that role, every user who is granted role holds those privileges when that role is activated. In order to activate a specific role, a user must issue the SET ROLE statement. The SQL statements used for defining and manipulating roles include: CREATE ROLE, DROP ROLE, GRANT, REVOKE, and SET ROLE.

For more information on the SQL syntax statements for defining and manipulating roles, see the HCL OneDB™ Guide to SQL: Syntax.

To create and grant a role:

Procedure

  1. Use the CREATE ROLE statement to create a new role in the current database.
  2. Use the GRANT statement to grant access privileges to that role
  3. Use the GRANT statement to grant the role to a user or to PUBLIC (all users).
  4. The user must issue the SET ROLE statement to enable that role.