On this page
Warning:
CockroachDB v19.2 is no longer supported as of May 12, 2021. For more details, refer to the Release Support Policy.
The CREATE ROLE
statement creates SQL roles, which are groups containing any number of roles and users as members. You can assign privileges to roles, and all members of the role (regardless of whether if they are direct or indirect members) will inherit the role's privileges.
Considerations
- Role names:
- Are case-insensitive
- Must start with either a letter or underscore
- Must contain only letters, numbers, or underscores
- Must be between 1 and 63 characters.
- After creating roles, you must grant them privileges to databases and tables.
- Roles and users can be members of roles.
- Roles and users share the same namespace and must be unique.
- All privileges of a role are inherited by all of its members.
- There is no limit to the number of members in a role.
- Roles cannot log in. They do not have a password and cannot use certificates.
- Membership loops are not allowed (direct:
A is a member of B is a member of A
or indirect:A is a member of B is a member of C ... is a member of A
).
Required privileges
Roles can only be created by superusers, i.e., members of the admin
role. The admin
role exists by default with root
as the member.
Synopsis
Parameters
Parameter | Description |
---|---|
name |
The name of the role you want to create. Role names are case-insensitive; must start with either a letter or underscore; must contain only letters, numbers, or underscores; and must be between 1 and 63 characters. Note that roles and users share the same namespace and must be unique. |
Examples
> CREATE ROLE dev_ops;
CREATE ROLE 1
After creating roles, you can add users to the role and grant the role privileges.