thevar1able/ClickHouse
1
0
Fork 0
mirror of https://github.com/ClickHouse/ClickHouse.git synced 2024-09-24 10:40:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
2a66eab876
ClickHouse/docs/en/sql-reference/statements/create/role.md
Roman Bug 9ec78855cd
DOCSUP-2806: Add meta header in RU (#15801) 
* DOCSUP-2806: Add meta intro.

* DOCSUP-2806: Update meta intro.

* DOCSUP-2806: Fix meta.

* DOCSUP-2806: Add quotes for meta headers.

* DOCSUP-2806: Remove quotes from meta headers.

* DOCSUP-2806: Add meta headers.

* DOCSUP-2806: Fix quotes in meta headers.

* DOCSUP-2806: Update meta headers.

* DOCSUP-2806: Fix link to nowhere in EN.

* DOCSUP-2806: Fix link (settings to tune)

* DOCSUP-2806: Fix links.

* DOCSUP-2806:Fix links EN

* DOCSUP-2806: Fix build errors.

* DOCSUP-2806: Fix meta intro.

* DOCSUP-2806: Fix toc_priority in examples datasets TOC.

* DOCSUP-2806: Fix items order in toc.

* DOCSUP-2806: Fix order in toc.

* DOCSUP-2806: Fix toc order.

* DOCSUP-2806: Fix order in toc.

* DOCSUP-2806: Fix toc index in create

* DOCSUP-2806: Fix toc order in create.

Co-authored-by: romanzhukov <romanzhukov@yandex-team.ru>
Co-authored-by: alexey-milovidov <milovidov@yandex-team.ru>
2020-10-26 13:29:30 +03:00

2.0 KiB
Raw Blame History

toc_priority toc_title
40 ROLE

CREATE ROLE

Creates a new role. Role is a set of privileges. A user assigned a role gets all the privileges of this role.

Syntax:

CREATE ROLE [IF NOT EXISTS | OR REPLACE] name
    [SETTINGS variable [= value] [MIN [=] min_value] [MAX [=] max_value] [READONLY|WRITABLE] | PROFILE 'profile_name'] [,...]

Managing Roles

A user can be assigned multiple roles. Users can apply their assigned roles in arbitrary combinations by the SET ROLE statement. The final scope of privileges is a combined set of all the privileges of all the applied roles. If a user has privileges granted directly to its user account, they are also combined with the privileges granted by roles.

User can have default roles which apply at user login. To set default roles, use the SET DEFAULT ROLE statement or the ALTER USER statement.

To revoke a role, use the REVOKE statement.

To delete role, use the DROP ROLE statement. The deleted role is being automatically revoked from all the users and roles to which it was assigned.

Examples

CREATE ROLE accountant;
GRANT SELECT ON db.* TO accountant;

This sequence of queries creates the role accountant that has the privilege of reading data from the accounting database.

Assigning the role to the user mira:

GRANT accountant TO mira;

After the role is assigned, the user can apply it and execute the allowed queries. For example:

SET ROLE accountant;
SELECT * FROM db.*;