Adding a Role Administrator when Creating a Role

Specify a role administrator when creating a new role.

Prerequisites
Requires the MANAGE ROLES system privilege.
Task
If at least one role administrator is specified during creation, global role administrators will be unable to manage the role unless explicitly specified.

For this reason, it is strongly recommended that you consider always adding the global role administrator to the list of role administrators during the creation process.

To add role administrators during the creation process, execute one of these statements:
Create Type Statement

Administrative rights only;

no role membership

CREATE ROLE role_name

WITH ADMIN ONLY admin_name [,...]

Role and global role administrators granted

administrative rights only; no role membership*

CREATE ROLE role_name

WITH ADMIN ONLY SYS_MANAGE_ROLES_ROLE, admin_name [,...]

Administrative rights along

with role membership

CREATE ROLE role_name

WITH ADMIN admin_name [,...]
*Since global role administrators cannot be granted membership in a role, you cannot include SYS_MANAGE_ROLES_ROLE in the administrators list when creating a role with role administrators granted membership in the role (WITH ADMIN option).

Example:

Execute this statement to make Joe and Bob role administrators of the Sales role:

CREATE ROLE Sales WITH ADMIN Joe, Bob

Because it uses the WITH ADMIN clause, both Joe and Bob can both grant and revoke the role, as well as use the underlying system privileges of the role. If the WITH ADMIN ONLY clause were used, both Joe and Bob would be able to only grant and revoke the role.

Execute this statement to make Joe and Bob role administrators of the Sales role as well as allow global role administrators to manage the role:

CREATE ROLE Sales WITH ADMIN ONLY SYS_MANAGE_ROLES_ROLE, Joe, Bob
Parent topic: Role and Global Role Administrators
Related reference
CREATE ROLE Statement