Grant a role to a user or role
After you create a role, you can grant the role to other users or roles, but you cannot grant the role to yourself or grant the role in a cycle.
Currently, you can grant one role to multiple users or roles at a time, and you can grant multiple roles to one user or role at a time. You can also grant multiple roles to multiple users or roles at a time.
Prerequisites
When you want to grant a role to another user or role, you must have the role and the ADMIN OPTION privilege to grant the role to the other user or role. For more information about how to view the privileges of the current user, see View user privileges.
Examples
Grant a role to a user
-
Grant the
employeerole to thetest1user and allow the user to grant the role to other users or roles.GRANT employee TO test1 WITH ADMIN OPTION;In this example, the
WITH ADMIN OPTIONclause specifies whether the current role can be granted to other roles or users. -
Grant the
employeerole to thetest1andtest2users at the same time.GRANT employee TO test1,test2; -
Grant the
employeeanddeveloperroles to thetest1user at the same time.GRANT employee,developer TO test1;
Grant a role to a role
-
Grant the
employeerole to therole1role and allowrole1to grant the role to other roles or users.GRANT employee TO role1 WITH ADMIN OPTION;In this example, the
WITH ADMIN OPTIONclause specifies whether the current role can be granted to other roles or users. -
Grant the
employeerole to therole1androle2roles at the same time.GRANT employee TO role1,role2; -
Grant the
employeeanddeveloperroles to therole1role at the same time.GRANT employee,developer TO role1;
What to do next
After you grant a role to another user or role, the user who has the role needs to activate the role to use the privileges of the role. For more information about how to activate a role, see Activate a role.
References
For more information about the GRANT statement, see GRANT.