Create a role

You can use the CREATE ROLE statement to create a role and manage permissions through the role.

Prerequisites

• The current user must have the CREATE USER or CREATE ROLE privilege.

  For more information about how to view the privileges of the current user, see View user privileges. If you do not have the required privileges, contact your administrator to grant the privileges. For more information about how to grant privileges to a user, see Directly grant privileges.

• If the value of the system variable read_only is 1, indicating that the system is in read-only mode, the current user must also have the SUPER privilege to execute the CREATE ROLE statement.

  The system variable read_only specifies whether seekdb is in read-only mode. The default value is 0, indicating that seekdb is in read-write mode. For more information about the system variable read_only, see read_only.

Procedure

Create a role named role1.

CREATE ROLE role1;

Or

CREATE ROLE IF NOT EXISTS role1;

In the preceding examples, if you do not specify the IF NOT EXISTS clause, an error will be returned if a role named role1 already exists. If you specify the IF NOT EXISTS clause, a warning will be returned.

CREATE ROLE IF NOT EXISTS role1;

Query OK, 0 rows affected, 1 warning

Run the SHOW WARNINGS; statement to query the warning. The output is as follows:

+-------+------+---------------------------------------------+
| Level | Code | Message                                     |
+-------+------+---------------------------------------------+
| Note  | 3163 | Authorization ID 'role1'@'%' already exists |
+-------+------+---------------------------------------------+
1 row in set

What to do next

After a role is created, you can grant other roles or privileges to the role. For more information, see the following topics:

• Grant privileges to a role

• Grant a role to a user or role

References

For more information about the CREATE ROLE statement, see CREATE ROLE.