Categories:

User & Security DDL (Access Control)

GRANT ROLE

Assigns a role to a user or another role:

  • Granting a role to another role creates a “parent-child” relationship between the roles (also referred to as a role hierarchy).

  • Granting a role to a user enables the user to perform all operations allowed by the role (through the access privileges granted to the role).

For more details, see Access Control in Snowflake.

See also:

REVOKE ROLE

GRANT <privileges> … TO ROLE

Syntax

GRANT ROLE <name> TO { ROLE <parent_role_name> | USER <user_name> }

Parameters

name

Specifies the identifier for the role to grant. If the identifier contains spaces or special characters, the entire string must be enclosed in double quotes. Identifiers enclosed in double quotes are also case-sensitive.

ROLE parent_role_name

Grants the role to the specified role.

USER user_name

Grants the role to the specified user.

Access Control Requirements

A role used to execute this SQL command must have the following privileges at a minimum:

Privilege

Object

Notes

OWNERSHIP

Role

Role that is granted to a user or another role.

Alternatively, use a role with the global MANAGE GRANTS privilege. Only the SECURITYADMIN role, or a higher role, has this privilege by default. The privilege can be granted to additional roles as needed.

Note that operating on any object in a schema also requires the USAGE privilege on the parent database and schema.

For instructions on creating a custom role with a specified set of privileges, see Creating Custom Roles.

For general information about roles and privilege grants for performing SQL actions on securable objects, see Access Control in Snowflake.

Usage Notes

  • The system-defined roles, including PUBLIC, do not need to be granted to other roles because the role hierarchy for these roles is defined and maintained by Snowflake.

Examples

GRANT ROLE analyst TO ROLE SYSADMIN;
GRANT ROLE analyst TO USER user1;
Back to top