GRANT <roles>

GRANT <roles>

The GRANT <roles> statement lets you add a role or user as a member to a role.

Note:
GRANT <roles> is an enterprise-only feature.

Synopsis

Required privileges

The user granting role membership must be a role admin (i.e., members with the ADMIN OPTION) or a superuser (i.e., a member of the admin role).

Considerations

Users and roles can be members of roles.
The root user is automatically created as an admin role and assigned the ALL privilege for new databases.
All privileges of a role are inherited by all its members.
Membership loops are not allowed (direct: A is a member of B is a member of A or indirect: A is a member of B is a member of C … is a member of A).

Parameters

Parameter	Description
`role_name`	The name of the role to which you want to add members. To add members to multiple roles, use a comma-separated list of role names.
`user_name`	The name of the user or role to whom you want to grant membership. To add multiple members, use a comma-separated list of user and/or role names.
`WITH ADMIN OPTION`	Designate the user as an role admin. Role admins can grant or revoke membership for the specified role.

Examples

Grant role membership

> GRANT design TO ernie;

> SHOW GRANTS ON ROLE design;

+--------+---------+---------+
|  role  | member  | isAdmin |
+--------+---------+---------+
| design | barkley | false   |
| design | ernie   | false   |
| design | lola    | false   |
| design | lucky   | false   |
+--------+---------+---------+

Grant the admin option

> GRANT design TO ERNIE WITH ADMIN OPTION;

> SHOW GRANTS ON ROLE design;

+--------+---------+---------+
|  role  | member  | isAdmin |
+--------+---------+---------+
| design | barkley | false   |
| design | ernie   | true    |
| design | lola    | false   |
| design | lucky   | false   |
+--------+---------+---------+

GRANT <roles> (Enterprise)