Specify a role administrator when creating a new role.
For this reason, SAP strongly recommends that you consider always adding the global role administrator to the list of role administrators.
Create Type | Statement |
---|---|
Administrative rights only; no role membership |
CREATE ROLE role_name WITH ADMIN ONLY admin_name [,...] |
Role and global role administrators granted administrative rights only; no role membership* |
CREATE ROLE role_name WITH ADMIN ONLY SYS_MANAGE_ROLES_ROLE, admin_name [,...] |
Administrative rights along with role membership |
CREATE ROLE role_name WITH ADMIN admin_name [,...] |
Execute this statement to make Joe and Bob role administrators of the Sales role:
CREATE ROLE Sales WITH ADMIN Joe, Bob
Because it uses the WITH ADMIN clause, both Joe and Bob can both grant and revoke the role, as well as use the underlying system privileges of the role. If the WITH ADMIN ONLY clause were used, both Joe and Bob would be able to only grant and revoke the role.
Execute this statement to make Joe and Bob role administrators of the Sales role, as well as to allow global role administrators to manage the role:
CREATE ROLE Sales WITH ADMIN ONLY SYS_MANAGE_ROLES_ROLE, Joe, Bob