Categories:

Context Functions (Session Object)

IS_ROLE_IN_SESSION

Returns TRUE if the current user’s active primary role or secondary roles in the session inherit the privileges of the specified role.

The specified role can be the current primary role or secondary role (i.e. the roles returned by CURRENT_ROLE or CURRENT_SECONDARY_ROLES, respectively) or any role lower in the role hierarchy.

When the DEFAULT_SECONDARY_ROLES value is ALL, the function returns TRUE if any role granted to the user inherits the privileges of the specified role.

Returns FALSE if the specified role is either higher in the role hierarchy of the current primary or secondary roles or is not in the role hierarchy at all.

See also:

IS_OBJECT, Advanced Column-level Security Topics

Syntax

is_role_in_session( '<string_literal>' )

Arguments

'string_literal'

The name of the role.

Usage Notes

  • If using the IS_ROLE_IN_SESSION function with Column-level Security, verify that your Snowflake account is Enterprise Edition or higher.

  • When using this function to access a secure UDF or secure view from the data sharing consumer account, such as a condition in a masking policy, this function always returns a NULL value. This behavior prevents exposing the role hierarchy in a data sharing consumer account.

  • Only one role name can be passed as an argument.

Example

Verify if the privileges granted to a specified role are inherited by the current role in the session:

select is_role_in_session('ANALYST');

+-------------------------------+
| IS_ROLE_IN_SESSION('ANALYST') |
|-------------------------------|
| True                          |
+-------------------------------+

Use the function in a masking policy:

case
  when is_role_in_session('ANALYST') then val
  else '*******'
end;
Back to top