Defines a new database role.

Syntax

CREATE ROLE name [IDENTIFIED BY password [REPLACE old_password]]

Description

The CREATE ROLE command can add a role to a PolarDB-O database cluster. A role is an entity that owns database objects and is authorized to manage the database. A role can be considered as a user, group, or combination of a user and a group based on the usage method. A new role does not have the LOGIN privilege and cannot be used to start a session. You can run the ALTER ROLE command to grant the LOGIN privilege to the role. To run the CREATE ROLE command, you must be a database superuser or have the CREATEROLE privilege.

If you specify the IDENTIFIED BY clause, the CREATE ROLE command also creates a schema. This schema is owned by the new created role and has the same name as the new role.

Note Roles are defined at the database cluster level and are valid in all the databases in a cluster.

Parameters

Parameter Description
name The name of the new role.
IDENTIFIED BY password The password of the role. A password is used for roles who have only the LOGIN privilege. However, you can also define a password for roles who do not have this privilege. If you do not plan to use password verification, you can leave this parameter empty.

Considerations

You can run the ALTER ROLE command to modify the attributes of a role, and run the DROP ROLE command to delete a role. You can run the ALTER ROLE command to modify the attributes that are specified by the CREATE ROLE command.

You can run the GRANT and REVOKE commands to add and remove role members when roles are used as groups.

A role name or a password can be up to 63 characters in length.

Examples

Execute the following statement to create the role named admins that has a password and create a schema named admins:

CREATE ROLE admins IDENTIFIED BY Rt498zb;