Categories:

User & Security DDL (Roles)

ALTER ROLE

Modifies the properties for an existing custom role. Currently, the only supported operations are renaming a role or adding/overwriting/removing a comment for a role.

See also:

CREATE ROLE , DROP ROLE , SHOW ROLES

Syntax

ALTER ROLE [ IF EXISTS ] <name> RENAME TO <new_name>

ALTER ROLE [ IF EXISTS ] <name> SET COMMENT = '<string_literal>'

ALTER ROLE [ IF EXISTS ] <name> UNSET COMMENT

ALTER ROLE [ IF EXISTS ] <name> SET TAG <tag_name> = '<tag_value>' [ , <tag_name> = '<tag_value>' ... ]

ALTER ROLE [ IF EXISTS ] <name> UNSET TAG <tag_name> [ , <tag_name> ... ]

Parameters

name

Specifies the identifier for the role to alter. If the identifier contains spaces or special characters, the entire string must be enclosed in double quotes. Identifiers enclosed in double quotes are also case-sensitive.

RENAME TO new_name

Specifies the new identifier for the role; must be unique for your account.

For more details, see Identifier Requirements.

SET ...

Specifies the properties to set for the role:

TAG tag_name = 'tag_value' [ , tag_name = 'tag_value' , ... ]

Specifies the tag name and the tag string value.

The tag value is always a string, and the maximum number of characters for the tag value is 256. The maximum number of unique tags that can be set on an object is 20. For more information, see Tag Quotas for Objects/Columns.

A single ALTER statement can set or unset a maximum of 5 tags on an object.

COMMENT = 'string_literal'

Adds a comment or overwrites an existing comment for the role.

UNSET ...

Specifies the properties to unset for the role, which resets them to the defaults.

  • TAG tag_name [ , tag_name ... ]

  • COMMENT

Usage Notes

  • Only the role owner (i.e. the role with the OWNERSHIP privilege on the role), or a higher role, can execute this command.

  • To rename a role (using the RENAME TO new_name parameter) the role that executes this command must also have the global CREATE ROLE privilege.

  • Regarding metadata:

    Attention

    Customers should ensure that no personal data (other than for a User object), sensitive data, export-controlled data, or other regulated data is entered as metadata when using the Snowflake service. For more information, see Metadata Fields in Snowflake.

Examples

Rename role role1 to role2:

ALTER ROLE role1 RENAME TO role2;

Add a comment for role myrole:

ALTER ROLE myrole SET COMMENT = 'New comment for role';
Back to top