Categories:

Context Functions (Session Object)

IS_GRANTED_TO_INVOKER_ROLE

Returns TRUE if the role returned by the INVOKER_ROLE function inherits the privileges of the specified role in the argument.

The INVOKER_ROLE function only identifies and returns the account role of the object executing a SQL statement. Database roles are not supported.

For more information on role hierarchy, see:

TRUE

If IS_GRANTED_TO_INVOKER_ROLE('ANALYST') is TRUE, then the role returned by the INVOKER_ROLE function inherits the ANALYST custom role privileges. Therefore, the role returned by the INVOKER_ROLE function is a higher privilege role than the ANALYST custom role in the same role hierarchy.

FALSE

If IS_GRANTED_TO_INVOKER_ROLE('ANALYST') is FALSE, then the role returned by the INVOKER_ROLE function does not inherit the ANALYST custom role privileges. Therefore, the role returned by the INVOKER_ROLE function is either a lower privilege role than the ANALYST custom role, or the INVOKER_ROLE and ANALYST custom roles are in different role hierarchies.

See also:

IS_OBJECT, Advanced Column-level Security Topics

Syntax

is_granted_to_invoker_role( '<string_literal>' )
Copy

Arguments

'string_literal'

The name of the role.

Usage Notes

  • If using the IS_GRANTED_TO_INVOKER_ROLE function with masking policy, verify that your Snowflake account is Enterprise Edition or higher.

  • Only one role name can be passed as an argument.

Example

case
  when is_granted_to_invoker_role('ANALYST') then val
  else '*******'
end;
Copy