- Categories:
Context Functions (Session Object)
IS_GRANTED_TO_INVOKER_ROLE¶
Returns TRUE if the role returned by the INVOKER_ROLE function inherits the privileges of the specified role in the argument.
The INVOKER_ROLE function only identifies and returns the account role of the object executing a SQL statement. Database roles are not supported.
For more information on role hierarchy, see:
- TRUE
If
IS_GRANTED_TO_INVOKER_ROLE('ANALYST')
is TRUE, then the role returned by the INVOKER_ROLE function inherits the ANALYST custom role privileges. Therefore, the role returned by the INVOKER_ROLE function is a higher privilege role than the ANALYST custom role in the same role hierarchy.- FALSE
If
IS_GRANTED_TO_INVOKER_ROLE('ANALYST')
is FALSE, then the role returned by the INVOKER_ROLE function does not inherit the ANALYST custom role privileges. Therefore, the role returned by the INVOKER_ROLE function is either a lower privilege role than the ANALYST custom role, or the INVOKER_ROLE and ANALYST custom roles are in different role hierarchies.
Syntax¶
is_granted_to_invoker_role( '<string_literal>' )
Arguments¶
'string_literal'
The name of the role.
Usage Notes¶
If using the IS_GRANTED_TO_INVOKER_ROLE function with masking policy, verify that your Snowflake account is Enterprise Edition or higher.
Only one role name can be passed as an argument.
Example¶
case
when is_granted_to_invoker_role('ANALYST') then val
else '*******'
end;