GRANT DATABASE ROLE … TO SHARE¶
Preview Feature — Open
Available to all accounts.
Grants a database role to a share. Granting a database role effectively adds privileges on a single database to the share, which can then be shared with one or more consumer accounts.
After consumers create a database from the share, they can grant the shared database roles to roles in their account to allow users with those roles to access database objects in the share.
For more details, see Introduction to Secure Data Sharing and Working with Shares.
- See also:
Syntax¶
GRANT DATABASE ROLE <name>
TO SHARE <share_name>
Parameters¶
name
Specifies the identifier (i.e. name) for the database role; must be unique in the database in which the role is created.
The identifier must start with an alphabetic character and cannot contain spaces or special characters unless the entire identifier string is enclosed in double quotes (e.g.
"My object"
). Identifiers enclosed in double quotes are also case-sensitive.If the identifier is not fully qualified (in the form of
db_name.database_role_name
, the command looks for the database role in the current database for the session.share_name
Specifies the identifier for the share from which the specified database role is granted.
Usage Notes¶
Granting a database role to a share fails if any DDL or other restricted privilege was granted to the database role. A database role can only grant permissions for read-only activity on a database and its objects.
Examples¶
Grant the database role dr1
in database d1
to share share1
:
GRANT DATABASE ROLE d1.dr1 TO SHARE share1;Copy