DROP ROLE¶
Removes the specified role from the system.
- See also:
Syntax¶
DROP ROLE [ IF EXISTS ] <name>
Parameters¶
name
Specifies the identifier for the role to drop. If the identifier contains spaces or special characters, the entire string must be enclosed in double quotes. Identifiers enclosed in double quotes are also case-sensitive.
Usage notes¶
Dropped roles cannot be recovered; they must be recreated.
A role cannot be dropped if it has the OWNERSHIP privilege on a shared database. Use the GRANT OWNERSHIP command to transfer the OWNERSHIP privilege on the shared database first, and then drop the role.
Ownership of any objects owned by the dropped role is transferred to the role that executes the DROP ROLE command. To transfer ownership of each of these objects to a different role, use GRANT OWNERSHIP … COPY CURRENT GRANTS.
If a role has a future privilege as a grantor or grantee, the role can only be dropped by a user with a role that has the MANAGE GRANTS privilege.
All current and future grants that name the role as either the grantor or the grantee are revoked when the role is dropped.
Query the GRANTS_TO_ROLES Account Usage view to retrieve the privilege grants that name a specified role as the grantor or grantee:
SELECT * FROM snowflake.account_usage.grants_to_roles WHERE grantee_name = upper('<role_name>') OR granted_by = upper('<role_name>');
The following example retrieves the grants where
myrole
is the grantor or grantee:SELECT * FROM snowflake.account_usage.grants_to_roles WHERE grantee_name = upper('myrole') OR granted_by = upper('myrole');
If a role is a grantor of roles to users, dropping the role revokes these grants automatically.
Revoking grants happens as the DROP ROLE command executes. If there are thousands or millions of grants to revoke, the DROP ROLE command might time out. It is safe to rerun the command to continue execution where the previous invocation stopped.
Examples¶
DROP ROLE myrole;