Creates a role for managing user access privileges on database objects. A role is a shell database object to which sets of privileges can be granted using GRANT requests.
You can use a role to grant a set of privileges that are commonly needed by a group of users, for example, users in the Finance department.
After creating a role and granting database privileges to the role, you can grant role membership to the users that require those privileges.
Required Privileges
You must have the CREATE ROLE privilege to create a standard database role or EXTERNAL role.
New users do not implicitly have the CREATE ROLE privilege.
User DBC or a user who has the CREATE ROLE WITH GRANT OPTION privilege can grant this privilege to another user, but you cannot grant the WITH GRANT OPTION privilege to a role.
Type of Role | WITH ADMIN OPTION Privilege |
---|---|
Database | Granted implicitly to its creator. This permits the creator to grant the role to other users and roles. |
External | Not granted to its creator, because you cannot grant an external role to database users or roles. For information on assigning database external roles to directory users, see Security Administration |
Privileges Granted Automatically
None.