Categories:

User & Security DDL (Roles)

USE SECONDARY ROLES

Specifies the active/current secondary roles for the session. The currently-active secondary roles set the context that determines whether the current user has the necessary privileges to perform SQL actions.

Note that authorization to execute CREATE <object> statements to create objects is provided by the primary role.

Note

This command is not available if the session was created using External OAuth.

For more information, see Access Control in Snowflake.

See also:

USE ROLE

Syntax

USE SECONDARY ROLES [ ALL | NONE ];

Parameters

ALL:

All roles that have been granted to the user in addition to the current active primary role.

Note that the set of roles is reevaluated when each SQL statement executes. If additional roles are granted to the user, and that user executes a new SQL statement, the newly granted roles are active secondary roles for the new SQL statement. The same logic applies to roles that are revoked from a user.

NONE:

Disables secondary roles. The authorization for all SQL actions is provided via the primary role.

Usage Notes

  • To use a role, the role must have been granted to the user.

  • Only a single role can be active at a time for a user session.