Skip to main content

CREATE ROLE

Introduced or updated: v1.2.703

Creates a new role for access control. Roles are used to group privileges and can be assigned to users or other roles, providing a flexible way to manage permissions in Databend.

Syntax

CREATE ROLE [ IF NOT EXISTS ] <name>

Parameters:

  • IF NOT EXISTS: Create the role only if it doesn't exist (recommended to avoid errors)
  • <name>: Role name (cannot contain single quotes, double quotes, backspace, or form feed characters)

Examples

-- Create a basic role
CREATE ROLE analyst;

-- Create role only if it doesn't exist (recommended)
CREATE ROLE IF NOT EXISTS data_viewer;

Common Usage Patterns

Read-Only Analyst Role

Create a role for data analysts who need read access to sales data:

-- Create the analyst role
CREATE ROLE sales_analyst;

-- Grant read permissions
GRANT SELECT ON sales_db.* TO ROLE sales_analyst;

-- Assign to users
GRANT ROLE sales_analyst TO 'alice';
GRANT ROLE sales_analyst TO 'bob';

Database Administrator Role

Create a role for administrators who need full control:

-- Create the admin role
CREATE ROLE sales_admin;

-- Grant full permissions on the database
GRANT ALL ON sales_db.* TO ROLE sales_admin;

-- Grant user management permissions
GRANT CREATE USER, CREATE ROLE ON *.* TO ROLE sales_admin;

-- Assign to admin users
GRANT ROLE sales_admin TO 'admin_user';

Verification

-- Check what each role can do
SHOW GRANTS FOR ROLE sales_analyst;
SHOW GRANTS FOR ROLE sales_admin;

-- Check user permissions
SHOW GRANTS FOR 'alice';
SHOW GRANTS FOR 'admin_user';

See Also

Explore Databend Cloud for FREE
Low-cost
Fast Analytics
Easy Data Ingestion
Elastic Scaling
Try it today