CREATE ROLE (Enterprise)

On this page Carat arrow pointing down
Warning:
CockroachDB v2.1 is no longer supported as of April 30, 2020. For more details, refer to the Release Support Policy.

The CREATE ROLE statement creates SQL roles, which are groups containing any number of roles and users as members. You can assign privileges to roles, and all members of the role (regardless of whether if they are direct or indirect members) will inherit the role's privileges.

Note:
CREATE ROLE is an enterprise-only feature.

Considerations

  • Role names:
    • Are case-insensitive
    • Must start with either a letter or underscore
    • Must contain only letters, numbers, or underscores
    • Must be between 1 and 63 characters.
  • After creating roles, you must grant them privileges to databases and tables.
  • Roles and users can be members of roles.
  • Roles and users share the same namespace and must be unique.
  • All privileges of a role are inherited by all of its members.
  • There is no limit to the number of members in a role.
  • Roles cannot log in. They do not have a password and cannot use certificates.
  • Membership loops are not allowed (direct: A is a member of B is a member of A or indirect: A is a member of B is a member of C ... is a member of A).

Required privileges

Roles can only be created by superusers, i.e., members of the admin role. The admin role exists by default with root as the member.

Synopsis

CREATE ROLE IF NOT EXISTS name

Parameters

Parameter Description
name The name of the role you want to create. Role names are case-insensitive; must start with either a letter or underscore; must contain only letters, numbers, or underscores; and must be between 1 and 63 characters.

Note that roles and users share the same namespace and must be unique.

Examples

icon/buttons/copy
> CREATE ROLE dev_ops;
CREATE ROLE 1

After creating roles, you can add users to the role and grant the role privileges.

See also


Yes No
On this page

Yes No