Previous Topic

Next Topic

Create Role

Valid in: SQL, ESQL

The Create Role statement defines one or more role identifiers and their associated password. Role identifiers are used to associate privileges with applications. After the role identifiers are created and privileges have been granted to them, use them with the connect statement to associate those privileges with the session. For a discussion of role identifiers, see the Database Administrator Guide. For information about the privileges granted to role identifiers, see Grant (role) .

Only users who have been granted access to a role can use a role. The creator of a role is automatically granted access to that role.

Previous Topic

Next Topic

Syntax

The Create Role statement has the following format:

[EXEC SQL] CREATE ROLE role_id {, role_id}
[WITH with_option {,with_option}]

with_option = NOPASSWORD | PASSWORD = 'role_password'

| PASSWORD = X'encrypted_role_password'

               | EXTERNAL_PASSWORD

               | NO PRIVILEGES | PRIVILEGES = ( priv {,priv} )

               | NOSECURITY_AUDIT | SECURITY_AUDIT

Previous Topic

Next Topic

Embedded Usage

The with clause in an embedded Create Role statement can be specified using a host string variable (with :hostvar).

Previous Topic

Next Topic

Permissions

You must have the maintain_users privilege and be connected to the iidbdb database. Additional privileges are required to perform certain operations, as summarized in the table below:

Action

Privilege Required

Set security audit attributes

maintain_audit

Previous Topic

Next Topic

Locking

The Create Role statement locks pages in the iirole catalog of the iidbdb. This can cause sessions attempting to connect to the server to suspend until the statement is completed.

Previous Topic

Next Topic

Related Statements

Alter Role

Drop Role

Grant (role)

Previous Topic

Next Topic

Examples: Create Role

The following are Create Role statement examples:

  1. Create a role identifier and password for the inventory application of a bookstore.

    create role bks_onhand with password = 'hgwells';

  2. Create a role identifier with no password for the daily sales application of the bookstore.

    create role dly_sales with nopassword;

  3. Create a role identifier and its password for the new employee application of the bookstore.

    create role new_emp with password = 'good luck';

  4. In an application, create a role identifier and its password for an accounts payable application.

    exec sql create role acct_pay with
    password = piper;

  5. Create a role with a password and additional privileges.

    create role sysop
    with password = 'sysoppwd',
    privileges = (operator, createdb, maintain_locations);

  6. Create a role with external password verification.

    create role sysop
    with external_password;


© 2007 Ingres Corporation. All rights reserved.