GRANT SERVICE ROLE

Assigns a service role to an account role, application role, or database role. For more information, see Managing access to service endpoints.

See also:

REVOKE SERVICE ROLE, SHOW ROLES IN SERVICE, SHOW GRANTS

Syntax

GRANT SERVICE ROLE <name> TO
{
  ROLE <role_name>                     |
  APPLICATION ROLE <application_role_name>  |
  DATABASE ROLE <database_role_name>
}
Copy

Parameters

name

Specifies the identifier for the service role to grant. If the identifier contains spaces or special characters, the entire string must be enclosed in double quotes. Identifiers enclosed in double quotes are also case-sensitive.

Specify the service role name in the following format:

service-name!service-role-name

For example, echo_service!echoendpoint_role.

ROLE role_name

Name of the account role to grant the service role to.

APPLICATION ROLE application_role_name

Name of the application role to grant the service role to.

DATABASE ROLE database_role_name

Name of the database role to grant the service role to.

Access control requirements

A role used to execute this SQL command must have the following privileges at a minimum:

Privilege or role

Object

Notes

OWNERSHIP

Service

Only the service owner can grant the service role.

For instructions on creating a custom role with a specified set of privileges, see Creating custom roles.

For general information about roles and privilege grants for performing SQL actions on securable objects, see Overview of Access Control.

Examples

The following command grants the echoendpoint_role service role defined in the echo_service service specification to the service_function_user_role role.

GRANT SERVICE ROLE echo_service!echoendpoint_role TO ROLE service_function_user_role;
Copy