mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-11-17 13:13:36 +00:00
9ec78855cd
* DOCSUP-2806: Add meta intro. * DOCSUP-2806: Update meta intro. * DOCSUP-2806: Fix meta. * DOCSUP-2806: Add quotes for meta headers. * DOCSUP-2806: Remove quotes from meta headers. * DOCSUP-2806: Add meta headers. * DOCSUP-2806: Fix quotes in meta headers. * DOCSUP-2806: Update meta headers. * DOCSUP-2806: Fix link to nowhere in EN. * DOCSUP-2806: Fix link (settings to tune) * DOCSUP-2806: Fix links. * DOCSUP-2806:Fix links EN * DOCSUP-2806: Fix build errors. * DOCSUP-2806: Fix meta intro. * DOCSUP-2806: Fix toc_priority in examples datasets TOC. * DOCSUP-2806: Fix items order in toc. * DOCSUP-2806: Fix order in toc. * DOCSUP-2806: Fix toc order. * DOCSUP-2806: Fix order in toc. * DOCSUP-2806: Fix toc index in create * DOCSUP-2806: Fix toc order in create. Co-authored-by: romanzhukov <romanzhukov@yandex-team.ru> Co-authored-by: alexey-milovidov <milovidov@yandex-team.ru>
48 lines
2.0 KiB
Markdown
48 lines
2.0 KiB
Markdown
---
|
||
toc_priority: 40
|
||
toc_title: ROLE
|
||
---
|
||
|
||
# CREATE ROLE {#create-role-statement}
|
||
|
||
Creates a new [role](../../../operations/access-rights.md#role-management). Role is a set of [privileges](../../../sql-reference/statements/grant.md#grant-privileges). A [user](../../../sql-reference/statements/create/user.md) assigned a role gets all the privileges of this role.
|
||
|
||
Syntax:
|
||
|
||
``` sql
|
||
CREATE ROLE [IF NOT EXISTS | OR REPLACE] name
|
||
[SETTINGS variable [= value] [MIN [=] min_value] [MAX [=] max_value] [READONLY|WRITABLE] | PROFILE 'profile_name'] [,...]
|
||
```
|
||
|
||
## Managing Roles {#managing-roles}
|
||
|
||
A user can be assigned multiple roles. Users can apply their assigned roles in arbitrary combinations by the [SET ROLE](../../../sql-reference/statements/set-role.md) statement. The final scope of privileges is a combined set of all the privileges of all the applied roles. If a user has privileges granted directly to it’s user account, they are also combined with the privileges granted by roles.
|
||
|
||
User can have default roles which apply at user login. To set default roles, use the [SET DEFAULT ROLE](../../../sql-reference/statements/set-role.md#set-default-role-statement) statement or the [ALTER USER](../../../sql-reference/statements/alter/user.md#alter-user-statement) statement.
|
||
|
||
To revoke a role, use the [REVOKE](../../../sql-reference/statements/revoke.md) statement.
|
||
|
||
To delete role, use the [DROP ROLE](../../../sql-reference/statements/drop.md#drop-role-statement) statement. The deleted role is being automatically revoked from all the users and roles to which it was assigned.
|
||
|
||
## Examples {#create-role-examples}
|
||
|
||
``` sql
|
||
CREATE ROLE accountant;
|
||
GRANT SELECT ON db.* TO accountant;
|
||
```
|
||
|
||
This sequence of queries creates the role `accountant` that has the privilege of reading data from the `accounting` database.
|
||
|
||
Assigning the role to the user `mira`:
|
||
|
||
``` sql
|
||
GRANT accountant TO mira;
|
||
```
|
||
|
||
After the role is assigned, the user can apply it and execute the allowed queries. For example:
|
||
|
||
``` sql
|
||
SET ROLE accountant;
|
||
SELECT * FROM db.*;
|
||
```
|