Creates a role for managing user access privileges on database objects. A role is a shell database object to which sets of privileges can be granted using GRANT requests.
You can use a role to grant a set of privileges that are commonly needed by a group of users, for example, users in the Finance department.
After creating a role and granting database privileges to the role, you can grant role membership to the users that require those privileges.
ANSI Compliance
This statement is ANSI SQL:2011 compliant.
Required Privileges
You must have the CREATE ROLE privilege to create a standard database role or EXTERNAL role.
New users do not implicitly have the CREATE ROLE privilege.
User DBC or a user who has the CREATE ROLE WITH GRANT OPTION privilege can grant this privilege to another user, but you cannot grant the WITH GRANT OPTION privilege to a role.
Type of Role | WITH ADMIN OPTION Privilege |
---|---|
Database | Granted implicitly to its creator. This permits the creator to grant the role to other users and roles. |
External | Not granted to its creator, because you cannot grant an external role to database users or roles. For information on assigning database external roles to directory users, see Security Administration |
Privileges Granted Automatically
None.