- Categories:
Context Functions (Session Object)
IS_ROLE_IN_SESSION¶
Returns TRUE if the role name passed in the argument is one of the activated roles in the session (i.e. the role returned by the CURRENT_ROLE function inherits the privileges of the specified role).
The activated roles can be any of the roles in the CURRENT_ROLE hierarchy. For more information on role hierarchy, see Overview of Access Control.
- TRUE
If
IS_ROLE_IN_SESSION('ANALYST')is TRUE, then the user’s CURRENT_ROLE inherits the ANALYST custom role privileges. Therefore, the user’s CURRENT_ROLE is a higher privilege role than the ANALYST custom role in the same role hierarchy.- FALSE
If
IS_ROLE_IN_SESSION('ANALYST')is FALSE, then the user’s CURRENT_ROLE does not inherit the ANALYST custom role privileges. Therefore, the user’s CURRENT_ROLE is either a lower privilege role than the ANALYST custom role, or the user’s CURRENT_ROLE and ANALYST custom role are in different role hierarchies.
Syntax¶
is_role_in_session( '<string_literal>' )
Arguments¶
'string_literal'The name of the role.
Usage Notes¶
Only one role name can be passed as an argument.
Example¶
Verify if a given role is activated in a session:
select is_role_in_session('ANALYST'); ------------------------------+ IS_ROLE_IN_SESSION('ANALYST') | ------------------------------+ TRUE | ------------------------------+
Using the function in a masking policy:
case when is_role_in_session('ANALYST') then val else '*******' end;