Support for roles and user identity
- to grant discretionary access privileges to roles,
- or grant label-based access credentials (LBAC) to roles,
- or grant other roles to roles.
Access privileges, roles, and LBAC credentials that a user has acquired in an SPL routine by enabling a role or by a SET SESSION AUTHORIZATION statement are not automatically relinquished after the SPL routine that granted the privilege, role, or LBAC credential completes execution. What was granted persists until a subsequent REVOKE operation cancels the effect of the GRANT operation.
For further information about roles, see the CREATE ROLE statement, DROP ROLE statement, GRANT statement, REVOKE statement, and SET ROLE statement in Chapter 2.