On this page 
Warning:
As of May 12, 2021, CockroachDB v19.2 is no longer supported. For more details, refer to the Release Support Policy.
The CREATE ROLE statement creates SQL roles, which are groups containing any number of roles and users as members. You can assign privileges to roles, and all members of the role (regardless of whether if they are direct or indirect members) will inherit the role's privileges.
Considerations
- Role names:
- Are case-insensitive
- Must start with either a letter or underscore
- Must contain only letters, numbers, or underscores
- Must be between 1 and 63 characters.
- After creating roles, you must grant them privileges to databases and tables.
- Roles and users can be members of roles.
- Roles and users share the same namespace and must be unique.
- All privileges of a role are inherited by all of its members.
- There is no limit to the number of members in a role.
- Roles cannot log in. They do not have a password and cannot use certificates.
- Membership loops are not allowed (direct:
A is a member of B is a member of Aor indirect:A is a member of B is a member of C ... is a member of A).
Required privileges
Roles can only be created by superusers, i.e., members of the admin role. The admin role exists by default with root as the member.
Synopsis
Parameters
| Parameter | Description |
|---|---|
name |
The name of the role you want to create. Role names are case-insensitive; must start with either a letter or underscore; must contain only letters, numbers, or underscores; and must be between 1 and 63 characters. Note that roles and users share the same namespace and must be unique. |
Examples
> CREATE ROLE dev_ops;
CREATE ROLE 1
After creating roles, you can add users to the role and grant the role privileges.
See also
- Authorization
DROP ROLE(Enterprise)GRANT <privileges>REVOKE <privileges>GRANT <roles>REVOKE <roles>SHOW ROLESSHOW USERSSHOW GRANTS- Other SQL Statements
Was this helpful?
