On this page
Warning:CockroachDB v19.2 is no longer supported. For more details, see the Release Support Policy.
CREATE ROLE statement creates SQL roles, which are groups containing any number of roles and users as members. You can assign privileges to roles, and all members of the role (regardless of whether if they are direct or indirect members) will inherit the role's privileges.
CREATE ROLEis an enterprise-only feature.
- Role names:
- Are case-insensitive
- Must start with either a letter or underscore
- Must contain only letters, numbers, or underscores
- Must be between 1 and 63 characters.
- After creating roles, you must grant them privileges to databases and tables.
- Roles and users can be members of roles.
- Roles and users share the same namespace and must be unique.
- All privileges of a role are inherited by all of its members.
- There is no limit to the number of members in a role.
- Roles cannot log in. They do not have a password and cannot use certificates.
- Membership loops are not allowed (direct:
A is a member of B is a member of Aor indirect:
A is a member of B is a member of C ... is a member of A).
Roles can only be created by superusers, i.e., members of the
admin role. The
admin role exists by default with
root as the member.
||The name of the role you want to create. Role names are case-insensitive; must start with either a letter or underscore; must contain only letters, numbers, or underscores; and must be between 1 and 63 characters.
Note that roles and users share the same namespace and must be unique.
> CREATE ROLE dev_ops;
CREATE ROLE 1
After creating roles, you can add users to the role and grant the role privileges.