Entering content frame

This graphic is explained in the accompanying text Roles Locate the document in its SAP Library structure

A role is a collection of privileges that can be assigned to database users, user groups, or other roles.

Whereas privileges always apply, roles have to be explicitly activated for individual database sessions. Every user who has been assigned a role can also decide which of the roles is to be active in each of his or her database sessions. This setting can also be changed when the user opens a database session.

Creating a Role

Open a database session for database administrator MONA and use the CREATE ROLE statement to create a role.

 

CREATE ROLE role_1

//

CREATE ROLE role_2

//

CREATE ROLE role_3

The roles ROLE_1, ROLE_2, and ROLE_3 are created.

 

See also:

CREATE ROLE Statement (create_role_statement)

 

Assigning Privileges

Open a database session for database administrator MONA and use the GRANT statement to grant privileges.

 

GRANT SELECT, UPDATE, INSERT ON city TO role_1

Database user MONA manages the city table. He or she decides that ROLE_1 is to be assigned the SELECT, UPDATE, and INSERT authorizations for the city table.

 

GRANT DELETE ON city TO role_2

ROLE_2 is assigned DELETE authorization for the city table.

 

GRANT DELETE, ALTER ON city TO role_3

ROLE_3 is assigned DELETE and ALTER authorizations for the city table.

 

See also:

GRANT Statement (grant_statement)

 

Assigning a Role

Open a database session for database administrator MONA and use the GRANT statement to assign the required roles to a different database user.

 

GRANT role_1 TO david

//

GRANT role_2 TO david

The roles ROLE_1 and ROLE_2 are assigned to database user DAVID.

 

Specifying Which Role Is to Be Used

Open a database session for database administrator MONA. Use the ALTER USER statement to specify which of the roles assigned to a database user is to be used when a database session is opened.

 

ALTER USER david DEFAULT ROLE role_1

The role ROLE_1 is to be activated for database user DAVID when a database session is opened.

See also:

ALTER USER Statement (alter_user_statement)

 

You can use the SET statement to activate further roles assigned to a database user during a database session.

Open a database session for database user DAVID.

 

SET ROLE ALL

All of the roles (ROLE_1 and ROLE_2) are to be activated.

See also:

SET Statement (set_statement)

 

Revoking Privileges

Open a database session for database administrator MONA and use the REVOKE statement to revoke privileges.

 

REVOKE DELETE ON city FROM ROLE_3

The DELETE privilege is revoked from ROLE_3.

See also:

REVOKE Statement (revoke_statement)

 

Deleting Roles

Open a database session for database administrator MONA and use the DROP ROLE statement to delete roles.

 

DROP ROLE ROLE_3

ROLE_3 is deleted.

See also:

DROP ROLE Statement (drop_role_statement)

 

Leaving content frame