Defines a new database role.


CREATE ROLE name [IDENTIFIED BY password [REPLACE old_password]]


You can use the CREATE ROLE command to create a role for a PolarDB database cluster. A role is an entity that owns database objects and is authorized to manage the database. A role can be considered a user, group, or combination of both based on usage. A new role does not have the LOGIN privilege and cannot be used to start a session. You can use the ALTER ROLE command to grant the LOGIN privilege to the role. To use the CREATE ROLE command, you must be a database superuser or have the CREATEROLE privilege.

If you specify the IDENTIFIED BY clause when using the CREATE ROLE command, a schema that is owned by and has the same name as the new role is created.

Note Roles are defined at the database cluster level and are valid in all databases in a cluster.


Parameter Description
name The name of the new role.
IDENTIFIED BY password Specifies the password of the role. A password is only used for roles who have the LOGIN privilege. However, you can also define a password for roles who do not have this privilege. If you do not want to use password verification, you can leave this parameter empty.


You can use the ALTER ROLE command to modify the parameters of a role, and the DROP ROLE command to delete a role. You can use the ALTER ROLE command to modify the parameters that are specified by the CREATE ROLE command.

You can use the GRANT and REVOKE command to add and remove role members when roles are used as groups.

A role name or password can be up to 63 characters in length.


Create a role named admins and a schema, and specify a password: