CREATE APPLICATION ROLE¶
Creates a new application role or replaces an existing application role within an application created using the Native Apps Framework.
After creating an application role, you can grant object privileges to the application role and then grant the application role to other application roles or individual users to enable access control security for objects in an application.
Within an installed application, you can grant an application role to other application roles or you can grant privileges on other objects within the application or objects owned by the application in the consumer account.
Application roles are implicitly granted to the application owner WITH GRANT OPTION. The application owner may grant these roles to account level roles, providing access to the objects that are owned by the application.
- See also:
CREATE [ OR REPLACE ] APPLICATION ROLE [ IF NOT EXISTS ] <name> [ COMMENT = '<string_literal>' ]
Specifies the identifier (i.e. name) for the application role; must be unique in the application in which the role is created.
The identifier must start with an alphabetic character and cannot contain spaces or special characters unless the entire identifier string is enclosed in double quotes (e.g.
"My object"). Identifiers enclosed in double quotes are also case-sensitive.
If the identifier is not fully qualified, in the form of
application_name.application_role_name, the command creates the application role in the current application for the session.
For more details, see Identifier requirements.
COMMENT = 'string_literal'
Specifies a comment for the application role.
Default: No value
The maximum upper limit of active application roles per application is 20.
CREATE APPLICATION ROLE APP_ROLE COMMENT = 'Application role for the Hello Snowflake application.';