Entering content frame

Role Name (role_name) Locate the document in its SAP Library structure

A role name (role_name) identifies a role.

Syntax

<role_name> ::= <identifier>

An error message is displayed if the name has more than 32 characters.

Explanation

       1.      The CREATE ROLE statement creates a role. Initially, the new role is empty. Only database administrators can create roles. The name of a new role cannot be the same as the name of an existing role, user, or user group.

       2.      You use the GRANT statement to assign privileges to a role. You use the REVOKE statement to revoke privileges from a role.

       3.      You can also use the GRANT statement together with the role name to assign a role to database users, user groups or other roles.

       4.      You use the ALTER USER or ALTER USERGROUP statement to specify which roles (assigned to a user or a user group) are used when opening a database session.

       5.      During a database session, you can use the SET statement to activate other roles assigned to the user or user group.
If a role is activated in a session, the current user of the session has all the privileges assigned to the role.

If a password has been defined for a role, users assigned to this role can only activate it by specifying the password in the SET statement.

The existence and properties of a role are registered in the database catalog as metadata. A user who creates a role becomes the owner of this role.

Any roles assigned to the user or user group with the ALTER USER or ALTER USERGROUP statements are activated when the database session is opened.

Note

All roles are inactive for the current database session while data definition statements are being executed.

SQL statement for defining a role

CREATE ROLE statement

SQL statement to assign privileges to a role

GRANT statement

SQL statement for granting a role

GRANT statement

SQL statements for activating a role

ALTER USER statement

ALTER USERGROUP statement

SET statement

SQL statement for dropping a role

DROP ROLE statement

 

Leaving content frame