Categories:

Context Functions (Session Object)

IS_ROLE_IN_SESSION

Returns TRUE if the user’s current role in the session (i.e. the role returned by CURRENT_ROLE) inherits the privileges of the specified role. The specified role can be the current role or any role lower in the role hierarchy.

Returns FALSE if the specified role is either higher in the role hierarchy of the current role or is not in the role hierarchy at all.

See also:

IS_OBJECT, Advanced Column-level Security Topics

Syntax

is_role_in_session( '<string_literal>' )

Arguments

'string_literal'

The name of the role.

Usage Notes

  • If using the IS_ROLE_IN_SESSION function with Column-level Security, verify that your Snowflake account is Enterprise Edition or higher.

  • Only one role name can be passed as an argument.

Example

Verify if the privileges granted to a specified role are inherited by the current role in the session:

select is_role_in_session('ANALYST');

+-------------------------------+
| IS_ROLE_IN_SESSION('ANALYST') |
|-------------------------------|
| True                          |
+-------------------------------+

Use the function in a masking policy:

case
  when is_role_in_session('ANALYST') then val
  else '*******'
end;