Categories:

User & Security DDL (Roles)

USE SECONDARY ROLES

Specifies the active/current secondary roles for the session. The currently-active secondary roles set the context that determines whether the current user has the necessary privileges to perform SQL actions.

Note that authorization to execute CREATE <object> statements to create objects is provided by the primary role.

For more information, see Access Control in Snowflake.

See also:

USE ROLE

Syntax

USE SECONDARY ROLES { ALL | NONE }

Parameters

ALL:

All roles that have been granted to the user in addition to the current active primary role.

Note that the set of roles is reevaluated when each SQL statement executes. If additional roles are granted to the user, and that user executes a new SQL statement, the newly granted roles are active secondary roles for the new SQL statement. The same logic applies to roles that are revoked from a user.

NONE:

Disables secondary roles. The authorization for all SQL actions is provided via the primary role.

Usage Notes

  • To use a role, the role must have been granted to the user.

  • The USE command cannot be used to change the session context in a Snowsight worksheet. To select (or change) the current role for the user session, click the session context dropdown in the upper-right corner of Snowsight, and choose the desired role.

    Note that you cannot select multiple roles in the context dropdown. The context dropdown does not support secondary roles.

Back to top