grant role

Grants a role to the specified logins, users, or system- or user-defined roles.

Syntax

grant role role_name
		[where pred_expression]
	to {username | rolename | login_profile_name }

Parameters

Examples

Usage

The SAP ASE server automatically activates roles granted to logins or login profiles (after evaluating any predicate) when the user logs in if create login, alter login, create login profile, or alter login profile specify the role for automatic activation. Otherwise, the SAP ASE server activates the role when set role is executed. Adaptive automatically activates a role granted to another role when the dependent role is activated.

You can use the grant command to grant permissions to all users who have been granted a specified role. The role can be either a system role, like sso_role or sa_role, or a user-defined role. The system security officers must create the user-defined roles using a create role command.

Permissions

The permission checks for grant role differ based on your granular permissions settings.

SettingDescription
Enabled

With granular permissions enabled, you must be a user with manage roles privilege.

Disabled

With granular permissions disabled, you must be a user with sso_role. To grant sa_role, you must be a user with sa_role.

Auditing

Values in event and extrainfo columns of sysaudits are:

InformationValues
Event

85

Audit option

roles

Command or access audited

create role, drop role, alter role, grant role, or revoke role

Information in extrainfo
  • Roles – current active roles

  • Keywords or options – Full command text of the grant role statement

  • Previous value – NULL

  • Current value – NULL

  • Other information – NULL

  • Proxy information – original login name, if set proxy is in effect