Categories:

Context Functions (Session Object)

IS_ROLE_IN_SESSION

Returns TRUE if the role name passed in the argument is one of the activated roles in the session (i.e. the role returned by the CURRENT_ROLE function inherits the privileges of the specified role).

The activated roles can be any of the roles in the CURRENT_ROLE hierarchy. For more information on role hierarchy, see Overview of Access Control.

TRUE

If IS_ROLE_IN_SESSION('ANALYST') is TRUE, then the user’s CURRENT_ROLE inherits the ANALYST custom role privileges. Therefore, the user’s CURRENT_ROLE is a higher privilege role than the ANALYST custom role in the same role hierarchy.

FALSE

If IS_ROLE_IN_SESSION('ANALYST') is FALSE, then the user’s CURRENT_ROLE does not inherit the ANALYST custom role privileges. Therefore, the user’s CURRENT_ROLE is either a lower privilege role than the ANALYST custom role, or the user’s CURRENT_ROLE and ANALYST custom role are in different role hierarchies.

See also:

IS_OBJECT, Advanced Column-level Security Topics

Syntax

is_role_in_session( '<string_literal>' )

Arguments

'string_literal'

The name of the role.

Usage Notes

  • Only one role name can be passed as an argument.

Example

Verify if a given role is activated in a session:

select is_role_in_session('ANALYST');

------------------------------+
IS_ROLE_IN_SESSION('ANALYST') |
------------------------------+
            TRUE              |
------------------------------+

Using the function in a masking policy:

case
  when is_role_in_session('ANALYST') then val
  else '*******'
end;