GRANT <roles>

On this page Carat arrow pointing down
Warning:
CockroachDB v20.1 is no longer supported as of November 12, 2021. For more details, refer to the Release Support Policy.

The GRANT <roles> statement lets you add a role or user as a member to a role.

Note:

New in v20.1 GRANT <roles> is no longer an enterprise feature and is now freely available in the core version of CockroachDB.

Synopsis

GRANT role_name , TO user_name , WITH ADMIN OPTION

Required privileges

The user granting role membership must be a role admin (i.e., members with the WITH ADMIN OPTION) or a member of the admin role.

To grant membership to the admin role, the user must have WITH ADMIN OPTION on the admin role.

Considerations

  • Users and roles can be members of roles.
  • The root user is automatically created as an admin role and assigned the ALL privilege for new databases.
  • All privileges of a role are inherited by all its members.
  • Membership loops are not allowed (direct: A is a member of B is a member of A or indirect: A is a member of B is a member of C ... is a member of A).

Parameters

Parameter Description
role_name The name of the role to which you want to add members. To add members to multiple roles, use a comma-separated list of role names.
user_name The name of the user or role to whom you want to grant membership. To add multiple members, use a comma-separated list of user and/or role names.
WITH ADMIN OPTION Designate the user as an role admin. Role admins can grant or revoke membership for the specified role.

Examples

Grant role membership

icon/buttons/copy
> GRANT design TO ernie;
icon/buttons/copy
> SHOW GRANTS ON ROLE design;
+--------+---------+---------+
|  role  | member  | isAdmin |
+--------+---------+---------+
| design | barkley | false   |
| design | ernie   | false   |
| design | lola    | false   |
| design | lucky   | false   |
+--------+---------+---------+

Grant the admin option

icon/buttons/copy
> GRANT design TO ERNIE WITH ADMIN OPTION;
icon/buttons/copy
> SHOW GRANTS ON ROLE design;
+--------+---------+---------+
|  role  | member  | isAdmin |
+--------+---------+---------+
| design | barkley | false   |
| design | ernie   | true    |
| design | lola    | false   |
| design | lucky   | false   |
+--------+---------+---------+

See also


Yes No
On this page

Yes No