The GRANT <roles> statement lets you add a role or user as a member to a role.

Note:
GRANT <roles> is an enterprise-only feature.

Synopsis

GRANT role_name , TO user_name , WITH ADMIN OPTION

Required privileges

The user granting role membership must be a role admin (i.e., members with the ADMIN OPTION) or a superuser (i.e., a member of the admin role).

Considerations

  • Users and roles can be members of roles.
  • The root user is automatically created as an admin role and assigned the ALL privilege for new databases.
  • All privileges of a role are inherited by all its members.
  • Membership loops are not allowed (direct: A is a member of B is a member of A or indirect: A is a member of B is a member of C ... is a member of A).

Parameters

Parameter Description
role_name The name of the role to which you want to add members. To add members to multiple roles, use a comma-separated list of role names.
user_name The name of the user or role to whom you want to grant membership. To add multiple members, use a comma-separated list of user and/or role names.
WITH ADMIN OPTION Designate the user as an role admin. Role admins can grant or revoke membership for the specified role.

Examples

Grant role membership

copy
icon/buttons/copy
> GRANT design TO ernie;
copy
icon/buttons/copy
> SHOW GRANTS ON ROLE design;
+--------+---------+---------+
|  role  | member  | isAdmin |
+--------+---------+---------+
| design | barkley | false   |
| design | ernie   | false   |
| design | lola    | false   |
| design | lucky   | false   |
+--------+---------+---------+

Grant the admin option

copy
icon/buttons/copy
> GRANT design TO ERNIE WITH ADMIN OPTION;
copy
icon/buttons/copy
> SHOW GRANTS ON ROLE design;
+--------+---------+---------+
|  role  | member  | isAdmin |
+--------+---------+---------+
| design | barkley | false   |
| design | ernie   | true    |
| design | lola    | false   |
| design | lucky   | false   |
+--------+---------+---------+

See also



Yes No